* d/control, d/rules: Disable rbd and zfs on riscv64 where they are
unavailable (LP: #1872952)
* d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
(LP: #1871354)
* d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
-on-rea.patch: avoid DOS through read only connections
CVE-2020-10701
* d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
and binary autodetection in general (LP: #1867460)
* d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
fixes (LP: #1868539)
* d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
modern types on kernels with recent security fixes (LP: #1853200)
* d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
(LP: #1868528)
* d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP: #1847361)
* d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
qemuDomainSetTimeAgent (LP: #1865425)
* rebuild against libxen-dev 4.11.3 (no change needed)
* d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
allow emulation of smartcard via host certificates
* d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
types (LP: #1861125)
* d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
block vhost-user-gpu usage
[ Christian Ehrhardt ]
* Bring back the ubuntu default URI handling. While no more needed for xen
its removal made libvirt fallback further to the upstream default
qemu:///session while Ubuntu forever had and for now wants to keep
qemu:///system (LP: #1861693)
- revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
was optional for use on xen hosts'
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile
[added back former delta]
[ Andrea Bolognani ]
* Merge further fixes from debian/experimental
- Install virt-login-shell-helper
- Install augeas lenses for all drivers
- Remove all mentions of Devhelp
- not-installed: Remove obsolete entries
- not-installed: List all split daemons files
* Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
Among many other new features and fixes this includes fixes for:
- LP: #1859253 - rbd driver fails to create a new volume
- LP: #1858341 - rbd driver does not list all volumes in pool
- LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
- LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
- LP: #1848229 - enable ppc64el to use ccf-assist feature
- LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
- LP: #1853317 - CCW IPL support to boot from ECKD DASDs
- LP: #1859506 - security: AppArmor profile fixes for swtpm
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped changes (in Debian)
- d/libvirt0.symbols: bump symbol versions for 5.4.0
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
+ d/libvirt-daemon-system.virtlogd.init: removed sysV init file
+ d/libvirt-daemon-system.libvirtd.init: removed sysV init file
+ debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
+ d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
[ we now have split packages for sysv and systemd support ]
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- Refreshed to match new upstream
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
* Dropped changes (now upstream)
- d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
are still need fixups to work well LP: 1841066)
- SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
CVE-2019-10167 and CVE-2019-10168
- d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
avoid issues with remote screen connections like virt-manager due to
apparmor changes in libvirt 5.1 (LP 1833040)
- 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
- update to v5.4.0
* Dropped changes (Xen demoted to universe)
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
* Dropped changes (no more needed)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
[ finally works in v6.0.0 ]
- d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
[ focal has iptables 1.8.3 ]
- d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
[ focal has iptables 1.8.3 ]
* Added Changes:
- refreshed patches for libvirt v6.0.0
- d/control: bump build dep to python3
- d/control: VCS links to use generic Ubuntu launchpad git URLs
- d/control: add python3-docutils as build dependency
- d/control: add libzfslinux-dev to build-deps
- d/rules: set enable-dependency-tracking to avoid FTBFS
- d/rules: drop the no more existing phyp option
- d/rules: drop the no more existing xen configure option
- d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
optional for use on xen hosts
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- minimize patches generated by autoreconf
- fix build on Debian/Ubuntu in qemuhotplugtest
- d/libvirt-doc.doc: install rendered docs
- d/libvirt-daemon-system.examples: drop old examples that are now active
- d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
- d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
- d/libnss-libvirt.lintian-overrides: accept having two nss so files
- d/rules: don't ship split daemons just yet
- d/rules: install /etc/default/* files that are shared between sysv and
systemd packages
- d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
libvirt-daemon-system-sysv
- d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
profiles (LP: #1655111)
* [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
to separate package that allows people to experiment with alternative init
systems while avoiding the problems that mixed init scripts and systemd
units have in the current packaging.
Thanks to Christian Ehrhardt for all the input regarding upgrade
problems seen in Ubuntu and possible solutions.
(Closes: #887911, #905772)
* [c19d230] autopkg tests: Use isolation-machine.
This avoids running under debian ci since libvirt-lxc in lxc
doesn't work there. (Closes: #947006)
* Team upload.
[ Christian Ehrhardt ]
* Move qemu, lxc, uml, vbox and xen connection drivers into separate
packages. This reduces the dependencies pulled into default installations.
(Closes: #901940)
* d/copyright: Update
[ Guido Günther ]
* [362bec6] autopkgtest: Adjust to new path
* Team upload.
* [4dcbe93] Revert "Disable libvirtd socket activation" (Closes: #935883)
* [b464de1] Add libvirtd sockets handling
* Team upload.
[ Guido Günther ]
* [fb43676] d/control: Drop dh-autoreconf build-dep
* [81d21d5] d/not-installed: Use multi-arch dirs
* [07d5669] New upstream version 5.6.0
Fixes CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091,
CVE-2019-10132
(Closes: #915107, #931243, #929334)
* [9f38a9e] apparmor: Allow run pygrub
(Closes: #931768)
* Acknowledge NMU. Thanks Jonathan Wiltshire
[ Christian Ehrhardt ]
* [c28c3b3] d/libvirt0.install: install translations
* [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
* [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
* [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
* [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
(Closes: #919484)
* [483e44a] d/libvirt-doc.docs: fix whitespace issue
* [4f4751f] d/libvirt-doc.docs: install new doc elements
* [781e22e] d/not-installed: ignore documentation already being installed
* [eda89b2] d/no-installed, d/libvirt-doc.docs: do not install fonts
* [ab67a28] d/copyright: add license for docs/fonts/
* [2e222a2] d/rules: strip symbolic-functions linker option
* [39b658c] Revert "d/libvirt-daemon-system.install: ship
libxl-sanlock.conf"
* [ce46360] d/rules: install libxl-sanlock.conf dependent on xen being
enabled
[ Andrea Bolognani ]
* [6a2eae3] Simplify and improve watch file
* [82a1edc] Bump symbol versions
* [73fccd9] Specify --doc-main-package for dh_installdocs
* [d48fdf6] Rediff patches
* [3b16c86] Bump symbol versions
* [48c9b75] Drop Avahi support
* [a49de91] Fix AppArmor profile for virt-aa-helper
* [b8e92da] Disable libvirtd socket activation
* [73d1e8c] Install kbase articles
* No-change upload with strops.h and sys/strops.h removed in glibc.
* d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
are still need fixups to work well LP: 1841066)
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
read-only connection
- debian/patches/CVE-2019-10166.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10166
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
* SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
connection
- debian/patches/CVE-2019-10168.patch: add checks to
src/libvirt-host.c.
- CVE-2019-10168
* d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
avoid issues with remote screen connections like virt-manager due to
apparmor changes in libvirt 5.1 (LP: #1833040)
* Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
Among many other new features and fixes this includes fixes for:
LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Xen related
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
+ 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- d/rules: enable build time self tests on all architectures
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/control: drop libnetcf from Build-Depends.
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
- d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
- d/libvirt-daemon-system.virtlogd.init: removed sysV init file
- d/libvirt-daemon-system.libvirtd.init: removed sysV init file
- debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
- d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
- d/t/smoke-lxc: use systemd instead of sysV to restart the service
* Added Changes:
- Refreshed patches to match new upstream
- d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
- d/p/ubuntu/ubuntu_machine_type.patch
- d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
This can be dropped once >=1.8.1
- d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
This can be dropped once >=1.8.1
- d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
nat-network-mtu
- revert [c3c4cd4] drop in helper for firewalld as it is disabled on
Ubuntu [can be squashed with the disabling of firewalld on next merge]
- d/libvirt0.symbols: bump symbol versions for 5.4.0
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
* Dropped Changes (upstream)
- d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
for the ease use of mdev and gl devices (LP: 1804766)
- d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
(LP: 1771662)
- d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
the never functional osxsave and ospke features (LP: 1825195).
- d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
- SECURITY UPDATE: Add support for md-clear functionality
+ debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
src/cpu_map/x86_features.xml.
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- Implement further apparmor rules for usage of gl enabled
graphics (LP: 1815452)
+ d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
+ d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
- Implement further apparmor rules for usage of gl enabled
graphics with nvidia cards (LP: 1817943)
+ d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
+ d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
* Dropped Changes (in Debian)
- d/rules: strip -Bsymbolic-functions from linker flags as it breaks
libvirt tests
** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
[ Guido Günther ]
* [fb43676] d/control: Drop dh-autoreconf build-dep.
Not needed for dh compat > 10.
* [81d21d5] d/not-installed: Use multi-arch dirs.
Files moved during the dh12 switch.
* [428ad14] New upstream version 5.3.0~rc2
* [641e532] New upstream version 5.3.0
[ Christian Ehrhardt ]
* [c28c3b3] d/libvirt0.install: install translations
* [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
* [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
* [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
* [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
(Closes: #919484)
[ Andrea Bolognani ]
* [6a2eae3] Simplify and improve watch file.
[ Guido Günther ]
* [1ec90c0] d/compat: Switch to debhelper level 12
* [fb6dd18] d/rules: s/no-restart-on-upgrade/no-stop-on-upgrade/
* [3764b71] d/rules: --prallel not needed anymore
* [1d92095] d/control: Add ${misc:Pre-Depends} for
libvirt-daemon-system. This makes sure we pull in recent enough
init-system-helpers
* [02a155b] d/rules: Switch to dh_installsystemd
dh_systemd_start is no longer used.
* [bcad111] d/control: Fix typo
* [8609192] d/control: Drop Debian revision on iptables build-dep. Any
version greater than 1.8.1 will do.
* [447dd58] libnss-libvirt: Install libnss_libvirt-guest as well
(Closes: #910288)
* [4fb7d11] d/control: Build-depend on libglusterfs-dev.
Since this is a recent addition we can drop the versioned dependency.
(Closes: #919663)
* [7b4ffeb] d/rules: Newer debhelper puts the libs into multi arch dirs.
There's no need to move them manually anymore.
[ Andrea Bolognani ]
* [dd9cdaa] Use HTTPS for all URLs.
This gets rid of the debian-watch-uses-insecure-uri informational Lintian
tag, and then some.
* [faaec12] Minimize upstream's signing key.
This gets rid of the public-upstream-key-not-minimal informational Lintian
tag.
* [8a0e6f1] Remove Priority field from binary packages.
This gets rid of the binary-control-field-duplicates-source informational
Lintian tag.
[ Christian Ehrhardt ]
* [08f3a23] d/libvirt-clients.manpages: add virkeycode and virkeyname man
pages.
* [0f359de] d/rules: mv logrotate files to silence dh_missing
* [f36ca33] dh_missing: ignore warning on libtool .la file
* Team upload.
[ Christian Ehrhardt ]
* [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
/etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
libvirt 5.0 (Closes: #920574)
* [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
example (Closes: #921713)
[ Guido Günther ]
* [dd9d74f] New upstream version 5.2.0
* [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
agent. Apply upstream patches
remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
api-disallow-virDomainGetHostname-for-read-only-connectio.patch
(Closes: #926418)
[ Andrea Bolognani ]
* [453f85d] Rediff patches. The patches
security-aa-helper-allow-virt-aa-helper-to-read-dev-dri.patch
security-aa-helper-generate-more-rules-for-gl-devices.patch
security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
security-aa-helper-nvidia-rules-for-gl-devices.patch
virt-aa-helper-generate-rules-for-gl-enabled-graphics-dev.patch
are included in libvirt 5.2.0 and have thus been dropped.
* [a4294ef] Bump symbol versions.
* [68394f6] Add tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch
[ Laurent Bigonville ]
* [76e2cb7] Don't recommend ebtables.
It's part of the iptables package now. (Closes: #918472)
[ Guido Günther ]
* [5814c89] New upstream version 5.1.0
* [55d063d] Rediff patches
* [1102dae] d/gbp.conf: Switch to experimental
* [cdf3787] d/rules: Adjust to now versioned wireshark module path
* [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
connections.
- CVE-2019-10161:
CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch
- CVE-2019-10166:
api-disallow-virDomainManagedSaveDefineXML-on-read-only-c.patch
- CVE-2019-10167:
api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
- CVE-2019-10168:
api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
* Include /etc/pki/qemu in apparmor (Closes: #930100)
[ Guido Günther ]
* [6bc6e60] CVE-2019-10132: Fix vir{lock,log}d socket access.
All patches were cherry-picked from upstream's v5.0-maint branch.
(Closes: #929334)
* [09016dd] d/patches: Move security fixes into security/
[ Joachim Falk ]
* [5d96699] lxc: Fix killing of lxc containers if cgroup backend v2 is
unavailable.
(Closes: #926999)
* [ea7a491] lxc: Fix container shutdown and host reboot
(Closes: #927310, #897394)
* Non-maintainer upload.
[ Guido Günther ]
* [3a9c65c] d/control: Fix typo
* [b9935e5] d/control: Drop Debian revision on iptables build-dep.
Any version greater than 1.8.1 will do.
[ Salvatore Bonaccorso ]
* [b811e38] cpu_map: Define md-clear CPUID bit (CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
(Closes: #929154)
[ Laurent Bigonville ]
* [76e2cb7] Don't recommend ebtables. It's part of the iptables package now.
(Closes: #918472)
[ intrigeri ]
* [d7a7218] Fix virtio-gpu + virgl support by cherry-picking upstream
commits virt-manager in current sid still creates new VMs with QXL
graphics by default, so this bug only affects users who opt in for
virtio-gpu 3D acceleration. Still, the option for virtio-gpu + 3D
acceleration is offered in the virt-manager GUI, so having it broken by
default is an important problem.
(Closes: #916587)
[ Christian Ehrhardt ]
* [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
/etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
libvirt 5.0 (Closes: #920574)
* [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
example (Closes: #921713)
[ Guido Günther ]
* [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
agent. Apply upstream patches
remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
api-disallow-virDomainGetHostname-for-read-only-connectio.patch
(Closes: #926418)
* d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
the never functional osxsave and ospke features (LP: #1825195).
* d/p/series: reorder ubuntu Delta
* d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
* d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
src/cpu_map/x86_features.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* Implement further apparmor rules for usage of gl enabled
graphics (LP: #1815452)
- d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
- d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
* Implement further apparmor rules for usage of gl enabled
graphics with nvidia cards (LP: #1817943)
- d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
- d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
* d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
version (no functional change, LP: 1804766)
* Merged with Debian unstable
Among many other new features and fixes this includes fixes for:
LP: #1754871 - 1799446 zPCI passthrough support for KVM
LP: #1811198 - remove arbitrary limit on socket_id/core_id
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Xen related
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
+ 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
- d/rules: enable build time self tests on all architectures
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/control: drop libnetcf from Build-Depends.
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
- d/libvirt-daemon-system.virtlogd.init: removed sysV init file
- d/libvirt-daemon-system.libvirtd.init: removed sysV init file
- debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
- d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
- d/t/smoke-lxc: use systemd instead of sysV to restart the service
* Added Changes:
- Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
- d/rules: also check build time self test results on all architectures
- d/rules: strip -Bsymbolic-functions from linker flags as it breaks
libvirt tests
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
for the ease use of mdev and gl devices (LP: #1804766)
- refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
- d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
- d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
- d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
(LP: #1771662)
* Dropped Changes (upstream)
- debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: 1787405)
- d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
fix libvirt bridge handling in unprivileged containers (LP: 1802906)
- d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
avoid issues with newer kernels >=4.18 (LP: 1788603)
- Fix an issue where guests with plenty of hostdevs attached where detected
as not shut down due to the kernel needing more time to free up
resources (LP: 1788226)
- d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
- d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
- 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
- 0040-apparmor-add-mediation-rules-for-unconfined.patch:
apparmor: add mediation rules for unconfined guests
- d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
don't want blanket access. We only allow enumerating the base dir and
reading owned files. Further features needing /tmp have to add local
overrides, examples are qemu-smb and some modes of local snapshots.
(LP: 1365261) Can be dropped >=libvirt 4.7
- d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
preserve /dev mountpoints in qemu namespaces (LP: 1786168)
Can be dropped >=libvirt 4.7
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice. Upstream completely dropped
alternative types and kvm-spice is a symlink for quite some time.
Builtin expected binaries work, so drop this delta.
* Dropped Changes (in Debian)
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
* [7346f30] New upstream version 5.0.0
* [1c46a4c] Drop sheepdog support (Closes: #908071)
* [b88175f] Bump symbol versions
* [c13a8da] Rediff patches
[ Marcin Juszkiewicz ]
* [d143d3c] update Vcs-git tags to point to salsa.debian.org
* [96995c1] Fix versions in *.NEWS files
* [8e8286d] Don't mark bash completion as executable
* [72f8ed3] Use multiarch layout.
Based on the on what Ubuntu does (Closes: #813062)
* [9b52c21] Use dpkg-buildflags on configure
to e.g. get the proper hardening flags.
[ Andrea Bolognani ]
* [684bb89] Move data files from libvirt-daemon to libvirt0.
These files are used internally by the library, so they
should be shipped along with it rather than with the daemon.
This is consistent with the upstream libvirt.spec file.
The pattern is partially expanded in the libvirt0.install
file to avoid having to remove a specific subset of data
files later on as part of debian/rules.
[ Guido Günther ]
* [a6cbf92] cpu_map is now a directory.
It used to be a single XML file
* [0cde44d] Remove bridge-utils from recommends. We don't use brctl since
ages. Thanks to Andreas Henriksson
* [3c22e06] Drop debian/remove-RHism.diff.patch.
Debian has /usr/bin/service since quiet some time now.
Thanks to Andrea Bolognani
* [54a5cdb] New upstream version 4.10.0
* [87f075c] Rediff patches
* [f798585] Bump symbol versions
* [3bfd881] Depend on sensible-utils
* [8ff38ac] New upstream version 4.7.0
(Closes: #908341)
* [afdd147] Bump symbol versions
* [41fa8f5] Rediff patches.
Drop all jansson related patches. Fixed ustream.
* No-change rebuild for readline soname change.
* d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
-with-vf.patch: fix handling of non PCI vfio display propery (part
of LP: #1787405)
* debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: #1787405)
* d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
fix libvirt bridge handling in unprivileged containers (LP: #1802906)
* d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
avoid issues with newer kernels >=4.18 (LP: #1788603)
* Fix an issue where guests with plenty of hostdevs attached where detected
as not shut down due to the kernel needing more time to free up
resources (LP: #1788226)
- d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
- d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
* Merged with Debian unstable (LP: #1786957).
Among many other new features and fixes this includes fixes
for (LP: #1754871), Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- Xen related
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
+ 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
Can be dropped >=libvirt 4.7
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 & LP 1680384).
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0040-apparmor-add-mediation-rules-for-unconfined.patch:
apparmor: add mediation rules for unconfined guests
Can be dropped >=libvirt 4.7
- d/rules: enable build time self tests on all architectures
- run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/control: drop libnetcf from Build-Depends.
- ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
* Added Changes
- 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
updated to take care of no more silencing and thereby hiding denials
(LP 1719579 is an example)
- 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
updated to also allow the optionally placed ceph asok file (LP: #1779674)
- 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
profile for usrmerge (LP: #1784023)
- Finalize the libvirt-bin -> libvirt-* transition in the apport
package-hook.
- d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: #1786019)
- d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
don't want blanket access. We only allow enumerating the base dir and
reading owned files. Further features needing /tmp have to add local
overrides, examples are qemu-smb and some modes of local snapshots.
(LP: #1365261) Can be dropped >=libvirt 4.7
- d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
preserve /dev mountpoints in qemu namespaces (LP: #1786168)
Can be dropped >=libvirt 4.7
- avoid service dependency issues on upgrade (LP: #1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
- d/libvirt-daemon-system.virtlogd.init: removed sysV init file
- d/libvirt-daemon-system.libvirtd.init: removed sysV init file
- debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
- d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
- d/t/smoke-lxc: use systemd instead of sysV to restart the service
* Dropped Changes (upstream)
- d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
of memory slots and other extended features without breaking
virt-aa-helper (LP: 1746431).
- d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
- d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
- d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
- d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
- d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
- d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
- d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
- d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
- d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
- d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
- d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
- d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
- d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
- d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
- d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
- d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
- d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
- d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
- d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
- d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
- d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
- d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
- d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
- d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
- d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
- d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
- d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
- d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
- d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
- d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
- d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
- d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
- d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
- d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
- d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
- d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
- d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
- d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
- d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
avoid hanging on shutdown (LP: 1688508)
- d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
- d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
ensure symlinks are resolved to get valid rules if interim parts of a path
are a symlink (LP: 1752361)
- d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
avoid issues shutting down more guests than configured for parallel
shutdown (LP: 1688508)
- d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
using devices that are symlinks (LP: 1756394)
- Fix nvdimm memory and passthrough input devices for hotplug via
domain security callbacks backporting upstream commits (LP: 1755153).
+ d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
+ d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
- Fix nvdimm memory and passthrough input devices in initial guest
description via virt-aa-helper (LP: 1757085).
+ d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
+ d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
- Fix clean shut down of guests on system shutdown (LP: 1764668)
+ d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
+ d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
- SECURITY UPDATE: QEMU monitor DoS
+ debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
+ CVE-2018-1064
- SECURITY UPDATE: Speculative Store Bypass
+ debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
+ debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
+ CVE-2018-3639
- d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
hotplug use cases where the initial guest had no hostdev at all and
therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: 1758037)
- SECURITY UPDATE: code injection via libnss_dns.so
+ debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
+ debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
+ debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
+ CVE-2018-6764
* Dropped Changes (no upgrade path left that needs those)
- Backwards compatible handling of group rename (can be dropped >18.04).
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- d/libvirt-daemon-system.maintscript: remove the now dropped conffile
/etc/cron.daily/libvirt-daemon-system
* Dropped Changes (cleanups)
- d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
one issue and the other is solved in libvirt by ensuring to move to the
right cgroups.)
- remove no more used libvirt-dnsmasq user (this was redundant since
4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
- Disable selinux (now in main)
* [c33faee] Drop dwarves dependency.
Unmaintained and only used in the test suite. (Closes: #905700)
* [43da5ad] Don't use jansson for JSON encoding.
It has borken integer parsing. This adds new patches:
Revert-m4-Introduce-STABLE_ORDERING_JANSSON.patch
Revert-Remove-virJSONValueNewStringLen.patch
Revert-build-undef-WITH_JANSSON-for-SETUID_RPC_CLIENT.patch
Revert-tests-qemucapsprobe-Fix-output-after-switching-to-.patch
Revert-build-require-Jansson-if-QEMU-driver-is-enabled.patch
Revert-util-jsoncompat-Stub-out-virJSONInitialize-when-co.patch
Revert-Switch-from-yajl-to-Jansson.patch
Revert-remote-daemon-Make-sure-that-JSON-symbols-are-prop.patch
Revert-build-remove-references-to-WITH_YAJL-for-SETUID_RP.patch
Revert-build-add-with-jansson.patch
Revert-Remove-functions-using-yajl.patch
Revert-build-switch-with-qemu-default-from-yes-to-check.patch
Revert-tests-also-skip-qemuagenttest-with-old-jansson.patch
Revert-util-avoid-symbol-clash-between-json-libraries.patch
(Closes: #906116)
* [afd5e39] d/control: Fix typo in libnss-libvirt's short description.
Thanks to Salvatore Bonaccorso (Closes: #904738)
* [f2f7871] New upstream version 4.6.0
* [a81e098] Drop apparmor-Fix-forgotten-comma-at-EOL.patch applied upstream
* [d53b4b1] Use jansson instead of yajl. The later is no longer supported
upstream
* [bf99d36] Bump symbol versions
* [c2b3afc] New upstream version 4.5.0
* [50aa257] Drop patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
not needed with QEMU since at least stretch.
* [7698a4e] Build-dep on libwiretap-dev for the wireshark dissector
* [2390909] examples: adjust to libvirtd code move
* [64e5530] Bump symbol versions
* [a89e652] l-d-s: suggest open-iscsi (Closes: #903262)
* [882c646] Install bash completion (Closes: #902450)
* [8d79673] apparmor: Fix forgotten comma at EOL
* [0a9cb25] Install storage-file drivers
* [84269a2] Warn about uninstalled files
* [8730a15] New upstream version 4.3.0
* [1272efc] Drop patches due to upstream code removal.
Allow-xen-toolstack-to-find-it-s-binaries.patch
debian/fix-Debian-specific-path-to-hvm-loader.patch
* [20eb594] Bump symbol versions
* [78872cc] Ship logrotate snippets again (Closes: #895709)
* [c859ce5] Prefer /sbin over /usr/sbin.
If libvirt is built in a chroot with merged /usr it will otherwise break
on non /usr merged systems. (Closes: #895145)
[ Laurent Bigonville ]
* [8d62a8c] Start admin sockets on installation (Closes: #893484)
[ Guido Günther ]
* [417534b] New upstream version 4.2.0 (Closes: #894985)
* [9d7fa44] Bump symbol versions
* [c23ed3d] Rediff patches.
Applied upstream:
lockd-fix-typo-in-virtlockd-admin.socket.patch
CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
* [0b6cf2f] lockd: fix typo in virtlockd-admin.socket
(Closes: #893330)
* [3cbbfa5] New upstream version 4.1.0
* [0e596b3] Bump symbol versions
* [e886044] Drop patches applied upstream
- apparmor-allow-libvirt-to-send-term-signal-to-unconfined.patch
- virlog-determine-the-hostname-on-startup-CVE-2018-6764.patch
* [097d74c] CVE-2018-1064: qemu: avoid denial of service reading from QEMU
guest agent
* [4339f02] CVE-2018-6764: virlog: determine the hostname on startup
Closes: #889839
* ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
* d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
hotplug use cases where the initial guest had no hostdev at all and
therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
* debian/rules: disable the netcf backend. (LP: #1764314)
* debian/control: drop libnetcf from Build-Depends.
* Fix clean shut down of guests on system shutdown (LP: #1764668)
- d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
- d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
* Fix nvdimm memory and passthrough input devices for hotplug via
domain security callbacks backporting upstream commits (LP: #1755153).
- d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
- d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
* Fix nvdimm memory and passthrough input devices in initial guest
description via virt-aa-helper (LP: #1757085).
- d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
- d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
* Backport from recent upstream to stabilize libvirt (LP: #1756915)
- d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
- d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
- d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
- d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
- d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
- d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
* d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
avoid issues shutting down more guests than configured for parallel
shutdown (LP: #1688508)
* d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
using devices that are symlinks (LP: #1756394)
* run dnsmasq as libvirt-dnsmasq (LP: #1743718)
- d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
- d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
purge
- d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
libvirt-dnsmasq and adapt the self tests to expect that config
- d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
* Backport from recent upstream to stabilize libvirt (LP: #1754352)
- d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
- d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
- d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
- d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
- d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
- d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
- d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
- d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
- d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
* d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
* d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
ensure symlinks are resolved to get valid rules if interim parts of a path
are a symlink (LP: #1752361)
* d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
avoid hanging on shutdown (LP: #1688508)
[ Christian Ehrhardt ]
* Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
- d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
- d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
- d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
- d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
- d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
- d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
- d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
- d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
- d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
- d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
- d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
- d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
- d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
- d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
- d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
- d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
- d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
- d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
- d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
- d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
- d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
- d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
- d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
* d/rules: enable build time self tests on all architectures
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764
* d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
- refreshed 0032 and 0040 to match the new context.
* d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
of memory slots and other extended features without breaking
virt-aa-helper (LP: #1746431).
* Merged with Debian unstable (4.0)
This closes several bugs:
- Error generating apparmor profile when hostname contains spaces
(LP: #799997)
- qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
- libvirt usb passthrough throws apparmor denials related to
/run/udev/data/+usb (LP: #1727311)
- AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
- iohelper improvements to let bypass-cache work without opening up the
apparmor isolation (LP: #1719579)
- nodeinfo on s390x to contain more CPU info (LP: #1733688)
- Upgrade libvirt >= 4.0 (LP: #1745934)
* Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ autostart the default network by default
+ do not autostart if subnet is already taken (e.g. in guests).
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/test/smoke-lxc workaround for debbug 848317/867379
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
* Dropped Changes (Upstream):
- d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
- d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
- d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
- d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
- d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
- d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
- d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
- d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
- d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
- d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
- d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
- d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
- d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP 1690140)
- d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for disk files (LP 1709818)
- d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for loader/nvram (LP 1710960)
- d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
files (LP 1726804)
- d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
fix path generation for USB host devices (LP 1552241)
- d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
generate valid rules on usb passthrough (LP 1686324)
- d/p/avoid-double-locking.patch: fix a deadlock that could occur when
libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
- d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
fix FTBFS with glibc 2.26 (LP 1718668)
- Extended handling of apparmor profiles - clear lost profiles via cron
(now cleared by virt-aa-helper on domain stop)
- nat only on some ports <port start='1024' end='65535'/> (upstream
default now if nothing is specified, actually dropped last cycle)
* Dropped Changes (In Debian or no more important):
- d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
- d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap (LP 522845).
- d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
- d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
- d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
- d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
guest if needed).
- d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
- Disable sheepdog (was for universe dependency, but is now only a suggest)
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
* Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
these were never released, but important to mention for the bug references:
- libnss-libvirt once enabled causes apt to call getdents
avoid this being an issue by dropping a apt conf that allows
this in seccomp (LP: #1732030).
- d/libvirt-daemon-system.postrm: clean up more libvirt directories on
purge
- d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
apparmor: allow unix stream for p2p migrations
- d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
this replaces the hugepage rules and fixes many more formerly missing
- d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
allowing to have path wildcards on labels set by domain callbacks
- d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
apparmor implementation of security callback
- d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
this is now covered by chardev label callbacks
* Added Changes:
- Revert Debian change "Drop libvirt-bin upgrade handling"
This is needed in Ubuntu one last time (drop >18.04)
- Revert Debian change "Drop maintscript helpers for versions predating
jessie and wheezy-backports". This is needed in Ubuntu one last
time (drop >18.04)
- Refreshed d/p/* to match new version (only fuzz, no semantic change)
- d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
to avoid error messages on purge
- remove no more used libvirt-dnsmasq user (drop >18.04)
- d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
apparmor: add mediation rules for unconfined guests
- d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
.patch: backport upstream cahnge to expose already used chardev calls.
- d/libvirt-daemon-system.postrm: Remove the default.xml network link
set up by postinst.
- d/libvirt-daemon-system.maintscript: remove the now dropped conffile
/etc/cron.daily/libvirt-daemon-system
- d/libvirt-daemon-system.postinst: fixups for autostart default network
- use modern shell syntax
- try more default networks before giving up to enable by default
- d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
add multipass image path and mark as ubuntu only change.
- d/rules: install virtlockd correctly with defaults file (LP: #1729516)
- extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
the slightly changed behavior of libvirt 4.0 (LP: #1741617)
- d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
just a suggest to have 3rd party relying on rbd out of the box working.
This is deprecated and users of rbd backend should start depending on
this package for it will be dropped to a suggest in future releases.
* [5936904] New upstream version 4.0.0
* [bcb7ca3] Drop patches applied upstream.
Allow-libvirt-to-kill-unconfined-domains.patch
Drop qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch
* [8dd2f5b] Don't manage /etc/apparmor.d/local as conf files
(Closes: #887612)
* [0819e5a] apparmor: allow libvirt to send term signal to unconfined
* [b1ecc1a] New upstream version 4.0.0~rc2
* [7406ae5] CVE-2018-5748: qemu: avoid denial of service reading from QEMU
monitor (Closes: #887700)
* [564e232] Bump symbol versions
* [0a274c0] d/control: use priority optional instead of extra
[ Guido Günther ]
* [a225d2b] New upstream version 4.0.0~rc1
(Closes: #881293, #846534)
* [2270343] Rediff patches
[ intrigeri ]
* [89b8ab4] Allow libvirt to kill unconfined domains
[ Christian Ehrhardt ]
* [b2ce106] Clear more directories on purge
(Closes: #884828)
* [0cd10ab] Avoid apt seccomp issues due to libnss-libvirt
(LP: #1732030)
* [0d103b6] Bump standards version
* [3eca017] Add russian debconf translation.
Thanks to Lev Lamberov (Closes: #883109)
* [04da2ca] New upstream version 3.10.0
* [f311e52] Drop
AppArmor-add-rules-needed-with-additional-mediation-featu.patch - fixed
upstream
* [0c7f363] Bump symbol versions
* [cbe1699] Use recent debhelper instead of dh-systemd
* [c757791] apparmor: Allow virt-aa-helper to access the name service switch.
Thanks to Martin Pitt (Closes: #882979)
* [eef697c] New upstream version 3.9.0
* Upload to experimental
* [23e28a0] New upstream version 3.9.0~rc1
* [b19f9f8] Bump symbol versions
* [83a3ff3] Drop patches applied upstream
apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch
virt-host-validate-require-fuse-for-LXC-if-compiled-in.patch
qemu-ensure-TLS-clients-always-verify-the-server-certific.patch
* [e834771] AppArmor: add rules needed with additional mediation features
brought by Linux 4.14. Thanks: intrigeri
(Closes: #879772)
* [e0e0a42] virt-host-validate: require fuse for LXC if compiled in.
This should make us skip the lxc test properly on debci.
* [d16ae50] Drop libvirt-bin upgrade handling
libvirt-bin was dropped before Jessie
* [3f18a26] CVE-2017-1000256: qemu: ensure TLS clients always verify the
server certificate (Closes: #878799)
* Upload to unstable
Closes: #878153
* [646a20f] apparmor: add dnsmasq ptrace rule to libvirtd profile
* [842dee5] Add id-length to gbp.conf
* [6cf2527] New upstream version 3.8.0
* apparmor: add attach_disconnected
* apparmor: cater for new AAVMF image location
* Don't ship apparmor profiles in the doc package too.
This is just confusing since things are installed in
libvirt-daemon-system.
* Drpo maintscript helpers for versions predating jessie and wheezy-backports
* New upstream version 3.8.0~rc1
* New upstream version 3.8.0~rc1
* Rediff patches
apparmor-cater-for-new-AAVMF-image-location.patch
apparmor-delete-profile-on-VM-shutdown.patch
apparmor-add-attach_disconnected.patch
* Bump symbol versions
* Pass-GPG_TTY-env-var-to-the-ssh-binary.patch: sanitize commit message
* apparmor: add attach_disconnected (Closes: #876071)
* apparmor: cater for new AAVMF image location
* apparmor: delete profile on VM shutdown
* Move glusterfs, rbd, sheepdog and zfs storage drivers into separate
packages. This reduces the dependencies pulled into default
installations.
(Closes: #875834)
* Update copyright file
* New upstream version 3.7.0 (Closes: #874323)
* Rediff patches
* Bump symbol versions
* Also pass $TERM to ssh so pinentry works
Thanks to Guilhem Moulin (Closes: #843863)
* Enable Gluster support (Closes: #755545)
* Enable wireshark dissector (Closes: #862989)
* d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
files (LP: #1726804)
* d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
fix path generation for USB host devices (LP: #1552241)
* d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
generate valid rules on usb passthrough (LP: #1686324)
* d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
fix FTBFS with glibc 2.26 (LP: #1718668)
* d/p/avoid-double-locking.patch: fix a deadlock that could occur when
libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
* No change rebuild for Qemu 2.10 and Xen 4.9
* d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for loader/nvram (LP: #1710960)
* Merged with Debian unstable (3.6)
This closes several bugs:
- aarch64: improved chardev handling (LP: #1697610)
- Forbid locking memory without memtune (LP: #1708305)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/test/smoke-lxc workaround for debbug 848317/867379
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP 1690140)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
* Dropped Changes (Upstream):
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
- d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
Fix to be able to follow BackinStorage chains when creating per
guest apparmor rules.
* Dropped Changes (In Debian):
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
* Added Changes:
- d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for disk files (LP: #1709818)
* [ece8d56] New upstream version 3.6.0 (Closes: #870626)
* [f807f7e] Move debianization patches to front of pq since these are
unlikely to go away
* [a06e5a6] Don't build nss on non-linux since it depends on network support
which is not available on non-linux.
Thanks to Pino Toscano (Closes: #867393)
* [6982266] Enable esx support (Closes: #602807)
* [2c29499] Bump symbol versions
* [f974bd9] d/control: fix typo.
Thanks to lintian
* [d4f1521] Bump standards version to 4.0.0
* Refresh changes to match they way they were accepted upstream
- d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
reference now that it is in git.
- d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
name this is now fixed by relaxing the schema.
* d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
Fix to be able to follow BackinStorage chains when creating per
guest apparmor rules.
* Merged with Debian unstable (3.5)
This closes several bugs:
- improved handling of host-model since libvirt 3.2 (LP: #1673467)
- Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ (28 is a new patch, listed in added changes)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
- remaining but updated to match the latest release
+ d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
+ d/p/debian/apparmor_profiles_local_include.patch Include local
apparmor profile (Debian change)
+ d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
+ d/test/smoke-lxc workaround for debbug 848317/867379
* Dropped Changes (Upstream):
- Add missing apparmor rule for debug-threads feature (LP 1615550).
- Add new block device types to virt-aa-helpers profile (LP 1641618)
- d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
for storage dirs like /var/lib/libvirt/images.
- d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
to support huge systems.
- d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
in libvirtd.service (-d not allowed to be specified, everything else
upstream so drop delta; LP 1574566).
- d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP 1697729).
- d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
Always fall back to the old command if domain caps fail (LP 1674298)
- d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
it was possible to have <script path=''/> which now fails - fix to match
the old behavior (LP 1665698)
- Reworked apparmor Delta and started upstreaming, listing related
changes dropped:
+ Apparmor feature parsing to depend on new apparmor features which
appear in different versions across distributions (no more needed
>=Xenial, allows to now separate changes and upstream more easily).
+ d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
guarantee disk spec is following the defined regex (LP 1665410).
+ d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
virt-aa-helper rule allowing all private channel access.
+ d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
virt-aa-helper to allow access to aarch64 UEFI images.
+ d/rules, apparmor: include and install local apparmor profiles (This
is now done by dh_apparmor automatically)
+ add local apparmor override templates (provided by dh_apparmor now)
+ Fix name resolution calls from virt-aa-helper profile (LP 1546674).
+ virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
+ virt-aa-helper: Generalize test for firmware paths
+ apparmor, virt-aa-helper: Allow aarch64 UEFI.
+ apparmor, libvirt-qemu: Add ppc64el related changes
+ apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
+ apparmor, libvirt-qemu: Allow access to ceph config
+ apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
+ apparmor, virt-aa-helper: Explicit denies for host devices
+ apparmor, virt-aa-helper: Allow access to libnl-3 config files
+ apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
* Dropped Changes (In Debian):
- d/rules: debhelper start virtlogd.socket
- d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
for Debian based systems.
- Additional debian/bug-presubj
- Extended handling of apparmor profiles - reload and remove in maintainer
scripts (dh_apparmor* now generate these snippets)
* Dropped Changes (no SysV anymore):
- Add sysvinit script for virtlockd
- Wait on socket in sysvinit script
- d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
debhelper"
- d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
virtlockd.init for Debian based systems.
* Dropped Changes (other reasons):
- d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
This used group libvirt instead of nobody which makes it worse; Needs
to be fixed upstream (LP: #1690729).
+ d/p/ubuntu/disable-network-test.patch: disable test failing due to
dnsmasq changes.
- Add .gitignore for .pc
- we keep lxc support as Debian does, but stop adding delta. It feels
somewhat less maintained than e.g. libvirt for qemu. Also for secure
and comfortable container management lxd is clearly preferred. The
delta caused more issues than it solved so deliver libvirt-lxc as-is
and drop the related delta.
+ d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
containers by default.
+ d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
for libvirt-lxc.
- The following xen changes are no more required with current versions
+ d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
xen paths (LP 1459603)
+ d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section about compat to the very old qemu-dm name is no more needed.
+ d/p/ubuntu/libxl-fix-test-data.patch and
d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
former one + also updated the maintainer notes to ease updating.
+ d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
device-model
* Added Changes:
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP: #1690140)
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
[ Guido Günther ]
* [116cb98] New upstream version 3.5.0
* [22f685c] Explicitly enable directory based storage backend. We do so for
the other storage backends as well.
* [1619c0f] Ship storage backends
* [b0f6946] New upstream version 3.5.0-rc2
* [e0507a8] New upstream version 3.1.0
* [603e376] New upstream version 3.1.0-rc2
* [172bcdf,21aa1f3,0d45d3b] Bump symbol versions
* [9c4dfe3] Dropped Disable-use-of-namespaces-by-default.patch: not needed,
namespaces are now enabled
* [7cb82a1] Add pt debconf translation.
Thanks to Rui Branco (Closes: #858742)
* [fcd509f] Remove defaults file on clean
* [6b9ffbb] Build depend on libparted-dev to ease cross building
Thanks to Helmut Grohne (Closes: #864671)
* [849c8e2] Rediff patches.
Dropped patches for things fixed upstream:
CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patchupstream
virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
Allow-access-to-libnl-3-config-files.patch
Dropped qemu-skip-QMP-probing-of-CPU-definitions-when-missing.patch
* [a0cd0f0] Update key for upstream tarball verification
[ Christian Ehrhardt ]
* [8fa2c4f] Ship libvirt-admin.conf
* [dd2991f] Ship default file for virtlockd
* [aef2f3c] Ship libvirt-admin.conf (Closes: #863649)
* [c3b6ff2] Ship default file for virtlockd (Closes: #863648)
* [2a23b23] qemu: skip QMP probing of CPU definitions when missing.
Don't probe CPU definitions if we lack the monitor command. This
unbreaks e.g. mips based VMs. (Closes: #85412)
* [21bc332] apprarmor: unbreak lbvirt invoking qemu-bridge-helpers
This makes VM creation in gnome-boxes work with apparmor enabled.
* [62ad289] Debianize virtlogd
* [cb216b5] CVE-2017-2635: qemu: Don't update physical storage size of empty drives
(Closes: #856313)
* Upload to unstable
* [8ce689d] Add pt_BR debconf translation.
Thanks to Adriano Rafael Gomes (Closes: #852446)
* [bf2fdf7] New upstream version 3.0.0
* [95b1359] New upstream version 3.0.0-rc1
* [57baa73] lxc smoketest: drop emulator path
so it's simpler to reuse this on other distros to reproduce test
failures.
Thanks to Cedric Bosdonnat
* [5be8cad] lxc: ensure libvirt_lxc and qemu-nbd move into systemd machine
slice (Closes: #848317)
* [5c36b50] nl debconf translation.
Thanks to Frans Spiesschaert (Closes: #850737)
* [458b927] Add Danish debconf translation.
Thanks to Joe Dalton (Closes: #850872)
* [cbe5cd0] Add fr debconf translation.
Thanks to Alban VIDAL (Closes: #850938)
* [7c3b026] Rediff patches.
Dropped patches fixed upstream
apparmor-pass-attach_disconnected.patch
lxc-ensure-libvirt_lxc-and-qemu-nbd-move-into-systemd-mac.patch
AppArmor-policy-support-merged-usr.patch
* [baf4b1f] Bump symbol versions
* [80ef821] Add de translation.
Thanks to Markus Hiereth for the initial draft
* [2be70b3] Work around lack of /dev/ptmx access in pbuilder
test-posix_openpt-don-t-fail-on-EPERM.patch
openpty-Skip-test-if-no-pty-is-available.patch
* [43e4ddc] Disable use of qemu mount namespaces by default. The
code is not complete yet.
* d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
directory, enabling use of the libvirt deb from the nova-hypervisor
snap (LP: #1644507).
* d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
* fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP: #1694159)
- d/libvirt-daemon-system.maintscript: revert to Debian content
- d/libvirt-bin.maintscript: add missing rm_conffile related to
dropping upstart.
- d/libvirt-bin.maintscript: add missing rm of conffiles due
to re-aligning with debian package names since yakkety.
- d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
custom changes.
- d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
the (now duplicate) conffiles, but retain custom changes in backups if
they exist
- d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
retaining changes and upgrade-abort handling.
- d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
possible before yakkety.
- d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
the package is upgrading from pre yakkety.
- d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
if unmodified.
* debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
colon (LP: #1686621).
* Add missing apparmor profile entries (LP: #1680384)
- debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
for vf (hot) attach
- debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
extra tools executed by kvm.powerpc
- debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
parse cmdline of the pid that send the shutdown signal
* d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
Always fall back to the old command if domain caps fail (LP: #1674298)
* d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
it was possible to have <script path=''/> which now fails - fix to match
the old behavior (LP: #1665698)
[ Christian Ehrhardt ]
* d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
guarantee disk spec is following the defined regex (LP: #1665410).
[ Bryan Quigley ]
* d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
* No-change rebuild to build against Xen-4.8 libs.
* Merged with Debian unstable
- this picks up a fix for migrations using NFS mounts (LP: #1637601).
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Enable esx support
- Add build-dep to libcurl4-gnutls-dev (required for esx)
- Set qemu-group to kvm (for compat with older ubuntu)
- Added changes to use the upstream apparmor profiles with added
delta (configurable via apparmor profiles version).
* d/p/u/000[1-6]-apparmor-*
- Regularly clear AppArmor profiles for vms that no longer exist
- Fix name resolution calls from virt-aa-helper profile (LP 1546674).
- Add missing apparmor rule for debug-threads feature (LP 1615550).
- Add new block device types to virt-aa-helpers profile (LP 1641618)
- Additional apport package-hook
- d/rules: debhelper start virtlogd.socket
- Add sysvinit script for virtlockd
- Additional debian/bug-presubj
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped after 18.04).
- d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
libvirt-bin name.
- d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
libvirt-bin name.
- Wait on socket in sysvinit script
- Backwards compatible handling of groups (can be dropped after 18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
- nat only on some ports <port start='1024' end='65535'/>
- autostart the default network by default
- do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
- d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
- d/p/ubuntu/disable-network-test.patch: disable test failing due to
dnsmasq changes.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
for storage dirs like /var/lib/libvirt/images.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
containers by default.
- d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
libvirt-lxc.
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
Debian/Ubuntu Xen packaging.
- d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
xen paths (LP 1459603)
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
device-model
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- fixup tests to match packaging of Xen (mostly different paths)
- d/p/ubuntu/libxl-fix-test-data.patch
- d/p/ubuntu/fix-xen-xml-in-tests.patch
- d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
for Debian based systems.
- d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
virtlockd.init for Debian based systems.
- d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
options.
- d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
- d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
no deny rule for readonly disk elements.
- d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
rule allowing all private channel access
- d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
to support huge systems.
- d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
virt-aa-helper to allow access to aarch64 UEFI images.
- d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
in libvirtd.service (LP 1574566).
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Add libxl log directory
- Enable some additional features on ppc64el and s390x (for arch parity)
- systemtap, zfs, numa and numad on s390x.
- systemtap on ppc64el.
* Dropped Changes:
- Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
in any release left)
- Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
- Ignore newlines in guest list (upstream in libvirt 2.4)
- Avoid migration postcopy issues by ensuring valid commands (upstream in
libvirt 2.5)
- Enable numa for arm64 (in Debian)
- Fix libvirt start failure when security_driver set (upstream in libvirt
2.2)
- virt-aa-helper: Fix upstream implementation of no explicit deny rule
(upstream in libvirt 2.3)
- Some useless whitespace damage and no more applicable comments
- The following patches were part of the Delta but not the series file.
So they had no effect and can be dropped now:
- ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
- ubuntu/Disable-failing-virnetsockettest.patch
- ubuntu/dont-include-non-migrateable-features-in-host-model
- ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
- See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
pre-merge drops
- Add build-dep to libxml-libxml-perl (no more needed)
- apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
- apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
- apparmor moving /bin/bash rmix in profile (drop non functional delta)
- follow Debians style of block-*.so rules for block-extra (drop our
functionally equivalent adding/moving of rules)
- follow Debians style of lib/lib64 rules (drop a lot of our functional
functionally equivalent adding/moving of rules)
- accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
(stop removing the two rules without an associated bug to reduce delta)
- Disabling dep8 smoke tests
* Added Changes:
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (in discussed with Debian in debbug
848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
Debian in debbug 848317)
* [ba9fcb8] Invoke db_stop.
Thanks to Raphaël Halimi (Closes: #849201)
[ Guido Günther ]
* Upload to unstable
* [14eee94] Make debconf template translatable
* [13afd29] Adjust doc-base due to new upstream doc layouer
* [fd7c2bb] Skip any debconf prompting if user and group are already there
to not interfere with existing intallations
* [1afd876] Depend on iptables of firewalld (Closes: #846321)
* autopkgtests cleanups. Thanks to Christian Ehrhardt
(Closes: #848247)
[ intrigeri ]
* [d64731a] Apparmor fixes for merged /usr
[ Mauricio Faria de Oliveira ]
* [f4b33d0] Use a fixed uid/gid for libvirt-qemu usr to avoid permission
issues on network filesystems like NFS. On new installations warn via
debconf if uid/gid are already taken.
(Closes: #844339)
* [691e163] New upstream version 2.5.0
* [49e8842] Bump symbol versions
* [babd7e4] Rediff patches. Dropped:
Unbreak-rebuilding-docs-with-release-tarballs.patch: applied upstream
configure-Prefer-usr-bin-over-bin-for-numad.patch: fixed upstream
* [9eda310] Depend on lsb-base
* [c76b178] Make test failure fail the tests again on amd64.
Thanks to Christian Ehrhardt for spotting this (Closes: #844511)
* [f964983] Unbreak rebuilding docs with release tarballs (Closes: #842452)
* [488910d] Enable numad support.
Thanks to Guilhem Moulin (Closes: #843863)
* [f792cd7] Pass GPG_TTY env var to the ssh binary.
Thanks to Guilhem Moulin (Closes: #843863)
* [abba3b7] New upstream version 2.4.0
* [fccbb3e] New upstream version 2.4.0~rc2
* [eee8467] New upstream version 2.4.0~rc1
* [a790aa0] autopkgtests: check capabilities
* [ec65bfb] autopkgtests: libvirt-lxc needs libvirt-daemon-system while
smoke does not
* [8785b7c] autopkgtests: check daemon restart and virtlogd
* [a7f386a] Bump symbol versions
* [9c2333a] README.source: use gbp's boilerplate
* [fd9aac5] Rediff patches.
Dropped libvirt-guests-use-wants-instead-of-requires.patch: fixed upstream
* [c77d29d] autopkgtests: add missing dependency on libvirt-clients
* [48f7eb0] libvirt-guests: use wants instead of requires to prevent
libvirtd restarts affecting libvirt-guests
* [512ba55] New upstream version 2.3.0
* [dc7e4d4] New upstream version 2.3.0~rc2
[ Riku Voipio ]
* [439afb5] Run testsuite on arm architectures
(Closes: #837995)
[ Guido Günther ]
* [6858d33] New upstream version 2.3.0~rc1
(Closes: #835563)
* [6c294c5] Bump symbol versions
* [d7e6337] Rediff patches
* [f9ce70a] Build with numctl on arm64.
Thanks to dann frazier (Closes: #838949)
* [4ab7ff4] build-test: add missing dep on pkg-config
* [7772549] New upstream version 2.2.0~rc1
* [915ae31] Dropped qemu-Fix-the-command-line-generation-... applied
upstream
* [fa79b1f] Bump symbol versions
* [4e31006] New upstream version 2.2.0
* [297be03] Reload virtlogd on updates (Closes: #833745)
* [ee7cd36] Enable zfs pool support (Closes: #827245)
* [52ce8c2] Demote pm-utils to suggests. We still need to port over the
code to allow one to use systemd for the same functionality.
(Closes: #748205)
* [746e1cc] qemu: Fix the command line generation for rbd auth using aes
secrets (Closes: #827164)
* Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
dropped as intended.
* Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
transiently occurs on LP builds (real trigger not yet identified, so it
can't be upstreamed).
* Cleanup Ubuntu Delta prior to next libvirt merge
- drop obsolte patches:
d/p/ubuntu/cgroups-ignore-systemd-failure,
d/p/ubuntu/ubuntu-skip-virstoragetest,
d/p/ubuntu/9021-fix-uint64_t.patch,
ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
d/p/ubuntu/ubuntu-xend-probe.patch
- clarify dep3 headers to be more useful:
d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
d/p/ubuntu/daemon-augeas-fix-expected.patch,
d/p/ubuntu/enable-kvm-spice.patch,
d/p/ubuntu/dnsmasq-as-priv-user,
d/p/ubuntu/disable-network-test.patch
- split patch containing unrelated changes into two patches, so parts of
d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
d/p/ubuntu/storage-disable-gluster-test
* d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
on the apparmor nameservice abstraction to be future proof (LP: #1546674).
* d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
virt-aa-helpers profile (LP: #1641618)
* d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
accepted solution (LP: #1633207).
* drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
in gnutls has been reverted (LP: #1641615)
* Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
migrated
* d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
gnutls that affected the ordering on certificate DN entries (LP: #1641615)
* Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
was not the right solution.
* Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
[Simon Déziel]
* d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
resolution to virt-aa-helper Apparmor profile (LP: #1546674).
* d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
feature that is now default enabled to Apparmor profile (LP: #1615550).
[Christian Ehrhardt]
* d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
apparmor security labels (LP: #1633207).
* Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
[ Christian Ehrhardt ]
* avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
- d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
postcopy-after-precopy migration.
- d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
[ Stefan Bader ]
* Fix Xenial to Yakkety migration from libvirt-bin.service to
libvirtd.service (LP: #1627969).
* Update Vcs-Git and Vcs-Browser fields to point to launchpad
(LP: #1629210)
[ Dann Frazier ]
* Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
* Enable NUMA support in arm64 builds (LP: #1627926).
* No-change rebuild for readline soname change.
[ Jon Grimm ]
* Fix libvirt start failure when security_driver set (LP: #1618592)
- qemu: fix qemu.conf security_driver
* Enable systemtap, zfs, numa on s390x.
* Enable systemtap on ppc64el.
* Really fix the ADT regression and not only the changelog due
to somehow ending up on the wrong git branch.
* Fix ADT build-test regression(s)
* Merged with Debian testing. Remaining changes:
- Added changes to use the upstream apparmor profiles with added
delta (configurable via apparmor profiles version).
* d/p/u/0001-apparmor-add-feature-parsing.patch
* d/p/u/0002-apparmor-apply-ubuntu-delta.patch
* d/p/u/0003-apparmor-debian-ubuntu-delta.patch
* d/p/u/0004-apparmor-ubuntu-delta.patch
- Avoiding dependency on sheepdog
- Additional apport package-hook
- Additional dnsmasq configuration
- Additional profile.d script to set default URI
- Additional debian/bug-presubj
- d/rules: debhelper start virtlogd.socket not virtlockd.service
- Modifications to adapt for our delayed switch away from libvirt-bin.
- Wait on socket in sysvinit script
- Backwards compatible handling of groups and default bridged network
creation.
- Extended handling of apparmor profiles
- Convert libvirt0 and libvirt-dev to multi-arch.
- Added a fix for the upstream version of adding better write denials
handling to virt-aa-helper.
- Convert libnss_libvirt to multi-arch and fix up source location that
changed when making libvirt0 multi-arch.
- Dropped
* upstart script for libvirtd
* d/p/lp1588841-000[123]-* (upstream)
* d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
* d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
* d/p/u/docs-remove-xpath.patch (xpath removed upstream)
* d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
* d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
* Upload to unstable
* [f7ed747] New upstream version 2.1.0
* [8efff86] Ship virt-admin
* [8e2f085] Ship libvirt nss plugin build for IP resolution of virtual
machines
* [ad4f7ff] New upstream version 2.1.0~rc1
* [86c9db9] Rediff patches
* [72d0ef5] Bump symbol versions
* [8fe8522] Build-Depend on libnuma-dev for ppc64 as well. Thanks to Andrea
Bolognani
* [17113e4] gbp.conf: Use upstream/latest as upstream branch name as
suggested by DEP14
* [3364f65] New upstream version 2.0.0 (fixes CVE-2016-5008)
* [36968cf] Require build-essential for build-essential since we want to
build some C code
* [726a029] watch: Also look for xz compressed tarballs
* [4df5501] New upstream version 2.0.0~rc1 (Closes: #827178)
* [d868829] New upstream version 2.0.0~rc2
* [ff61cde] Bump symbol versions
* [e7e9ca8] Rediff patches.
Dropped apparmor-Don-t-scrub-environment-of-virtlogd-process.patch:
applied upstram
Dropped debian/libsystemd.patch: libsystemd-dev is not used anymore
* [903cbca] Switch b-d from libystemd to libdbus.
It was only used for sd_notify which is now open coded in libvirt itself.
* [7cdb8a8] Rediff patches
* [afaf26b] Add qemu:///session smoke test
* [90ec8ff] Add lxc:/// smoke test
* [411c4c9] apparmor: Don't scrub environment of virtlogd process
to fix qemu:///session
* [ca01064] New upstream version 1.3.5
* [6a96655] Rediff patches
* [ac3021d] Include libnuma-dev as a build-dep for ppc64el. Thanks to
Fernando Seiti Furusato (Closes: #823516)
* [d0b310e] New upstream version 1.3.5~rc1
* [4218770] Rediff patches
* [048b740] Bump symbol versions
* [864b24a] Bump standards version - no source changes
* [12c4356] control: Remove superfluous testuite field
* Fix libvirtd crashing on libxl domain restore (LP: #1588841).
Patches cherry-picked from upsream libvirt git tree.
- libxl: switch to using libxl_domain_create_restore from v4.4 API
- libxl: support Xen migration stream V2 in save/restore
- libxl: support migration stream V2 in migration
* Update the correct apparmor profiles to allow AAVMF and qemu-efi
firmware for aarch64 (1538882)
* Clean up / refresh various patches to finalize switch from libvirt-bin
to libvirtd as service name.
Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
d/p/ubuntu/libvirtd-service-nolimit.patch
Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
* Change default profile used by libvirtd.service to /etc/default/libvirtd.
Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
* Drop virtlockd.service from dh_systemd_start in debian/rules as
the service is socket activated (LP: #1588006).
* Fix failure to enable libvirtd.service due to lingering libvirt-bin
alias. This could happen when the upgrade from a version prior 1.3.3-2
happened before 1.3.4-1ubuntu3 (LP: #1588004).
* Re-enable the upstart job by renaming the file.
* Include patchby @guessi to continally wait for libvirtd to start when
using sysvinit or upstart. (LP: #1571209)
[ dann frazier ]
* d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
was specified for an ARM virt guest, choose a GIC version supported
by the host. (LP: #1566564)
[ Serge Hallyn ]
* libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
service file for the Alias - /etc/systemd/system/libvirtd.service.
(LP: #1579922)
* Include installing virtlogd.socket. (LP: #1583009)
* Merge 1.3.4-1 from Debian unstable
* Drop upstream-applied patches:
- conf-also-mark-implicit-video-as-primary.patch
- libvirt-socket-fix-group
* Remaining changes
- keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
upgrades)
- keep (redundant) libvirtd group if it existed on upgrade - until 18.10
(for lts-to-lts upgrades)
- keep ubuntu-specific patches
- ship apport and dnsmasq files
- enable virbr0
- ship apparmor from debian/*. We should push changes upstrema, but
cannot sync with debian as apparmor profiles must be processed in
debian/rules for cloud archive.
- debian/control
- enable zfs
- disable libssh2 and sheepdog
- add libxml-libxml-perl and libcurl4-gnutls-dev
- enable libnuma-dev on ppc64el (pushed to Debian)
- update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
- debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
upgrades.
- Multi-arch-ify.
- debian/rules: disable selinux and firewalld; use 'kvm' group; disable
ssh2, enable zfs and esx; process apparmor files for older releases;
copy dnsmasq configuration.
- debian/tests/control: add extra depends
* d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
included twice leading to build failures - drop it temporarily.
* Upload to unstable
* [92f6d72] New upstream version 1.3.4
* [ac464fb] Link to the compressed README.Debian (Closes: #822581)
* [8ad2900] Enable numactl ppc64el suggested by Serge Hallyn
* [6e52231] New upstream version 1.3.4~rc2
* Upload to experimental
* [1dad4b5] New upstream version 1.3.4~rc1
* [2caeb97] Rediff patches.
Dropped
Link-xen-driver-against-libxl.patch: Applied upstream
qemu-support-virt-2.6-machine-type-on-arm.patch: Fixed upstream
* [b683ac4] Bump symbol versions
* [d33c384] Use https vcs-git URL
* [a2be7db] Bump standards version, no source changes
* debian/rules: fix paths when removing files which should not end up
in libvirt-daemon package.
* Merge 1.3.3-2 from Debian unstable
* Merge new packaging layout
- debian/control
* add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
libfuse-dev, augeas-tools to Build-Depends.
* Drop libcgmanager-dev from Build-Depends.
* Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
packages which replace the now-virtual libvirt-bin package.
* Drop libvirt0-dbg (is this intential in Debian?)
* Add libvirt-sanlock package (this should be in universe)
* Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
on upgrade. Keep libvirtd group name on upgrade in case any
site scripts use it.
* Enable dtrace
* Add Debian policy-kit configuration
* drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
'libvirt'
* Drop obsolete migration scripts:
- libvirt-migrate-xend-managed-domains
- libvirt-migrate-qemu-disks
- libvirt-migrate-qemu-machinetype
* Remaining changes:
- keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
upgrades)
- keep (redundant) libvirtd group if it existed on upgrade - until 18.10
(for lts-to-lts upgrades)
- keep ubuntu-specific patches
- ship apport and dnsmasq files
- enable virbr0
- ship apparmor from debian/*. We should push changes upstrema, but
cannot sync with debian as apparmor profiles must be processed in
debian/rules for cloud archive.
- debian/control
- enable zfs
- disable libssh2 and sheepdog
- add libxml-libxml-perl and libcurl4-gnutls-dev
- enable libnuma-dev on ppc64el (pushed to Debian)
- update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
- debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
upgrades.
- Multi-arch-ify.
- debian/rules: disable selinux and firewalld; use 'kvm' group; disable
ssh2, enable zfs and esx; process apparmor files for older releases;
copy dnsmasq configuration.
- debian/tests/control: add depends
* d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
to fix failure to start vms with video not explicitly marked as 'primary'
* Upload to unstable
* [64b60db] qemu: support virt-2.6 machine type on arm (Closes: #820952)
* [c0f0178] New upstream version 1.3.3
* [96c6ccb] Link-xen-driver-against-libxl.patch: use version applied
upstream
* [ee7a90c] Dropped apparmor-monitor-socket-moved.patch: fixed upstream
* [b6de71c] Make sure the cgroup update notice is also shown in backports
* [aec93e0] New upstream version 1.3.3~rc2
[ Philipp Hahn ]
* [efe13a0] docs: Forward port qemu-bridge-helper docs from Jessie
[ Guido Günther ]
* [51c7ba3] New upstream version 1.3.3~rc1
* [0ca24ff] Add script to bump symbol versions
* [d028e7a] Bump symbol versions
* [ecc2a6b] Rediff patches
* [fb2298c] Link xen driver against libxl to avoid test failure
* [c972ddb] Drop debug package in favour of the autogenerated dbgsym
packages
* [4e4d9ba] apparmor: qemu monitor socket moved so allow this path too
[ Pino Toscano ]
* [110db68] Enable policykit and qemu for all architectures (Closes: #819298)
* [d455289] Move bug-presbj to libvirt-daemon-system since libvirt-bin will
go away
* [961c93d] Drop libvirt-bin transitional package
[ Stefan Bader ]
* Add alias for libvirtd.service into libvirt-bin.service
[ Serge Hallyn ]
* d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
libvirt-bin systemd service file. (LP: #1574566)
* d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
(LP: #1538882)
* Remove the tasks limit on libvirt-bin service (LP: #1567381)
This should be un-done when it is properly fixed in the code so
that virtual machines are started in their own pids cgroup.
* d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
the qemu guest agent problem for rhel7 vms for me. (LP: #1393842)
Also drop the mknod rule which isn't needed.
* d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
/var/run. This is needed for some openvswitch info. (LP: #1513367)
* zfs support (LP: #1553023)
- Cherrypick upstream patches to support zfs
- debian/rules: build with zfs support
- debian/control: add zfs as build-dep
* d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
readonly files with an explicity deny only because the xml marks it
as reasonly. (LP: #1554031)
* fix typo in virt-aa-helper helptext
* fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
not overwrite const memory.
* d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
(LP: #1554761)
* d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
capability if there is a qemu guest agent. (LP: #1393842)
* Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
* Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
URI detection when running in a Xen control domain. Also change the
default config to do parallel shutdown requests (max. 10) and reduce the
timeout to 2 minutes.
* d/libvirt-bin.virtlockd.init: Replace by the version I had already
prepared and was tested (LP: #1547208).
* d/libvirt-bin.virtlogd.init: Fix up some left-over references to
libvirtd.
* d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
* d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
as upstream provided version is not compatible with Ubuntu/Debian.
* No-change rebuild for gnutls transition.
* Merge from Debian unstable. Remaining changes:
- debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
usr.sbin.libvirtd} Add apparmor profiles.
- Add debian/libvirt-bin.virtlockd.init based on the upstream version
src/locking/virtlockd.init.in. This does not seem to get processed
by the build.
- debian/control:
* Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
* Add ppc64el to libnuma-dev arches
* Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
* Remove python, sheepdog, librados-dev, libfuse-dev
* Remove libssh2-1-dev, qemu-system-common, augeas-tools
* Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
* Keep multiarch changes.
- Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
- Keep change d/libvirt0.install and d/libvirt-dev.install that
adds multi-arch wildcard.
- d/libvirt-daemon-system.libvirtd.default ->
d/libvirt-bin.libvirt-bin.default
- d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
* Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
* Add /etc/cron.daily
* Add /usr/share/apport/package-hooks
* Add /var/log/libvirt/libxl
* Add /etc/dnsmasq.d-available
* Remove /usr/share/polkit-1/rules.d/
* Remove /var/lib/polkit-1/localauthority/10-vendor.d/
- Keep debian/libvirt-bin.dnsmasq
- d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
* Remove debian/build/daemon/libvirtd.policy
* Drop debian/libvirt-suspendonreboot
- d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
* Add provides libvirt-bin
* Change /etc/default/libvirtd into /etc/default/libvirt-bin
* Add wait_on_sockfile() and call it during start
- d/libvirt-daemon-system.install -> d/libvirt-bin.install
* Add usr/bin/*
* Add usr/sbin/*
* Add etc/apparmor.d/*
* Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
(since with the clients included there are many more config files)
* Add usr/share/polkit-1
* Add usr/lib/libvirt/*
* Add usr/share/augeas/*
* Add usr/share/libvirt/*
* Add usr/share/man/man8/*
* Add usr/share/apport/package-hooks/source_libvirt.py
* Add etc/dnsmasq.d-available/libvirt-bin
* Add etc/profile.d/libvirt-uri.sh
* Add usr/lib/libvirt
- d/libvirt-daemon-system.links -> d/libvirt-bin.links
* Replace libvirt-daemon-system with libvirt-bin for libvirt0
* Remove libvirt-daemon line
- Remove d/libvirt-bin.maintscript
- d/libvirt-clients.manpages -> d/libvirt-bin.manpages
* Add debian/libvirt-migrate-qemu-disks.1
* Add debian/libvirt-migrate-qemu-machinetype.1
* Add debian/libvirt-migrate-xend-managed-domains.1
- Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
d/libvirt-bin.NEWS
- Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
be freshly derived from libvirt-daemon counterparts.
* Added removal of qemu capability cache (found in Debian) to postinst
* Added reload of virtlogd in postinst (following example of virtlockd)
- Replace d/libvirt-bin.preinst
- Add d/libvirt-bin.upstart
- d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
- Remove d/libvirt-clients.install
- Remove d/libvirt-clients.links
- Remove d/libvirt-daemon.install
- Remove d/libvirt-daemon.links
- d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
* Replaced access control section
* Appended apparmor profile section
* Appended disk migration section
* Appended qemu/kvm machine type migration section
- Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
- Keep libvirt-migrate-qemu-disks (and manpage)
- Keep libvirt-migrate-qemu-machinetype (and manpage)
- Keep libvirt-migrate-xend-managed-domains (and manpage)
- Remove d/libvirt-sanlock.{cron.weekly,links,install}
- Drop d/libvirt-stop-guests
- Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
- Keep d/libvirt-uri.sh
- Remove d/polkit/60-libvirt.pkla (and polkit directory)
- d/tests/control
- Add build-essential and pkg-config dependencies to build-test
- debian/rules:
* Add autoconf stuff (not sure what still really gets used).
* Use qemu-group kvm instead of libvirt-qemu
* Add SHEEPDOGCLI environment variable to dh_auto_configure
override (instead of an DEB_DH_... make variable which no
longer takes effect).
* Drop --with-secdriver-apparmor --with-apparmor-profiles from
WITH_APPARMOR config.
* Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
* Change WITH_DTRACE setting to disabled.
* Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
needed after dropping cdbs.
* Add to override_dh_install section
- Install apparmor files (and post-processing)
- Install apport hooks.
- Install migration tools.
- Install profile script to autoset URI.
- Replace package name libvirt-daemon-system with libvirt-bin.
- Debian now copies libvirt-guests.{init,default} and
virtlogd.default from upstream source. Copy virtlockd.default
as well.
- Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
- Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
services are supposed to be started by using the sockets.
- Move libs and pkgconfig under multiarch directory.
* Modify override_dh_auto_clean
- Replace package name libvirt-daemon-system with libvirt-bin
- Delete upstream files which were copied into debian/.
* Add override_dh_gencontrol section which conditionally adds
conflicts on apparmor.
* Add override_dh_makeshlibs section to pass version info for
libvirt0.
* Dropped patches:
- ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
restricted_rw)
* Refreshed patches:
- refreshed d/p/ubuntu/9034-complete-9p-support
* New patches
- d/ubuntu/libvirt-guests-exclude-dom0.patch
- d/ubuntu/libxl-no-dm-check.patch
- d/ubuntu/libxl-fix-test-data.patch
- d/ubuntu/Debianize-virtlogd-service.patch
- d/ubuntu/Debianize-virtlockd-init.patch
- d/ubuntu/switch-service-files-to-libvirt-bin.patch
- d/ubuntu/libvirt-socket-fix-group.patch
[ Guido Günther ]
* [4f04c2c] New upstream version 1.3.1
[ Simon McVittie ]
* [a0b3e59] Add a patch to make virt-aa-helper allow reading the new location of OVMF firmware
(Closes: #812069)
* [229fb59] New upstream version 1.3.1~rc2
* [cdf443a] Rediff patches
* [369ed73] New upstream version 1.3.1~rc1
* [30da6b1] Drop patches applied upstream.
CVE-2015-5313-storage-don-t-allow-in-filesystem-volume-na.patch
test-qemuxml2argv-Mock-virMemoryMaxValue-to-remove-32-64-.patch
* [2580afb] Bump symbol versions
* [d7010ed] Use canonical VCS URL.
Thanks Lintian
* [836190e] Avoid duplicates in package descriptions. Thanks lintian
* [9f29e58] Remove unused pycompat
* [e89c059] test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit
difference to fix the testsuite on i386
* Upload to unstable
* [15df303] New upstream version 1.3.0
* [4fb53c7] CVE-2015-5313: storage: don't allow '/' in filesystem volume names
* [6854045] New upstream version 1.3.0~rc2
* [ae8211f] New upstream version 1.3.0~rc1
* [2721bee] Run build-tests with libvirt-dev only to make sure we have
everything in the dev packages
* [f4cbf4a] Drop patches applied upstream:
Disable-service-timeout-for-libvirt-guests.patch
qemu-Handle-default-IDE-controller-on-other-machine-types.patch
* [bf1a167] Bump symbol versions
* [f8eb83b] Create dir for doc generation and depend on xsltproc for it
* [9d46b57] Don't ship virt-admin yet, it's still in development upstream
* [71d0f8b] Ship virtlogd
* [02cd930] Override dh_install-arch instead of dh_install (Closes: #806064)
* Multiarchify the library packages.
* debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
We already call it explicitly with the right options, calling it again
with the default options stops libvirt-guests during upgrades.
(LP: #1533839)
* d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
versions of libvirt will include dom0 in the list of running domains
(with libxl). This special domain must be ignored.
* d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
mountpoint has moved (LP: #1529319)
* d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
paramater (LP: #1531564)
* SECURITY UPDATE: ACL bypass using storage pool directory traversal
- debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
src/storage/storage_backend_fs.c.
- CVE-2015-5313
* Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
systemd source so we want libsystemd-dev.
* Fix build-test autopkgtest: it now expects to run with the current
directory set to the root of the unpacked source package, writes to
$ADTTMP rather than to the source package, and declares dependencies on
build-essential and pkg-config.
* d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
path. (LP: #1524737)
* Merge from Debian unstable. Remaining changes:
- debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
usr.sbin.libvirtd} Add apparmor profiles.
- debian/bug-presubj: removed
- debian/control:
- add cdbs, dh-autoreconf, libcurl4-gnutls-dev
- add libxml-libxml-perl, libhal-dev
- swap open-iscsi to open-iscsi-utils
- Enable numa support on ppc64el.
- remove libsanlock-dev, libselinux1-dev
- use libsystemd-daemon-dev instead of libsystemd-dev
- remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
- remove libssh2-1, augeas-tools
- add libcgmanager-dev, xsltproc
- remove Vcs-Git
- adjust X-Python-Version > 2.7
- don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
- keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
- debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
- add upstart script for libvirt-bin
- debian/*.{links,maintscript} files not added
- keep ubuntu maintscript modifications
- debian/libvirt-sanlock* not merged
- debian/libvirt-clients* not merged
- keep debian/{libvirt-migrate-qemu-disks.*,
libvirt-migrate-qemu-machinetype.*,
libvirt-migrate-xend-managed-domains.*}
- keep debian/libvirt-suspendonreboot
- keep debian/libvirt-uri.sh
- debian/polkit/* not added
- debian/README.Debian:
- add 'Apparmor Profile' section
- add 'Disk migration' section
- debian/rules:
- add cdbs and autoconf stuff
- don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
WITH_SELINUX
- use qemu-group kvm instead of libvirt-qemu
- set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
- remove auto_test section
- add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
- use clean:: instead of dh_*clean
- Move ubuntu specific patches to 'debian/patches/ubuntu'
* Dropped patches:
- drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
- drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
- drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
- drop CVE-2014-3633.patch (upstream 3e745e8f)
- drop CVE-2014-3657.patch (upstream fc22b2e7)
- drop CVE-2014-7823.patch (upstream b1674ad5)
- drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
- drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
bdbe723f, 5e4f49ab)
- drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
- storage-allow-zero-capacity-with-non-backing-file-to.patch,
tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
(upstream 0bcda653, b8cc0cc5)
- ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
Allow-xen-toolstack-to-find-it-s-binaries.patch
- drop ubuntu-libxl-Implement-basic-video-device-selection.patch
(upstream 1298daca)
- remove dont-include-non-migrateable-features-in-host-model
(upstream and not included in series)
- remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
(upstream and not included in series)
* [014a0c7] Add a build test to verify that the we can link against libvirt
* [37efced] Disable service timeout for libvirt-guests (Closes: #803714)
* [ae65b71] qemu: Handle default IDE controller on other machine types as well
(Closes: #805189)
* [6e075d2] New upstream version 1.2.21
* Upload to experimental
* [42946f7] New upstream version 1.2.21~rc1
* [6b46089] Update Vcs-Browser URL
* [789630d] Bump symbol versions
* [af1af23] Rediff patches
* [6eb4fb6] Don't use current user, hostname and build time but parse
debian/changelog instead to work towards reproducibility.
Thanks to Ben Hutchings for pointing this out
* [3c9129d] Drop Disable-tests-affected-by-broken-libxml2.patch we have a
fixed libxml2 in unstable again.
* [96ec9e5] Use daemon log facility for journald (Closes: #799633)
* [a4989de] New upstream version 1.2.20
* [8109247] Bump symbol versions
* [c0ad561] Rediff patches.
* [8264435] New upstream version 1.2.19
* [0061284] Rediff patches
* [4dcd1f0] Drop apparmor-Adjust-path-to-domain-monitor-socket.patch applied
upstream
* [ec4de6a] Move README.Debian to libvirt-daemon
libvirt-bin is a transitional package.
* [6b88e35] New upstream version 1.2.19~rc1
* [f525b78] Remove doc generation workaround introduced in
659882f5a236a901fdb090a88af20eed4b2642c7. We fixed this properly upstream.
* [a94f6c2] Use qemu-bridge-helper autodetection that we implemented
upstream instead of hardcoding it.
* [6fe9265] Don't hardcode private libvirt-admin symbols but use the
autogeneration we implemented upstream.
* [761db17] Rediff patches.
Dropped virNetSocketCheckProtocols-handle-EAI_NONAME-as-IPv6.patch:
applied upstram
* [4569b2a] Bump symbol versions
* [ac3f8d3] Disable tests affected by broken libxml2
* [08f2ffa] apparmor: Adjust path to domain monitor socket
* [54daa55] Add Breaks for older systemd.
These make us end up in the wrong parts of the cgroup hierarchy so we
won't find our lxc instances after restart. This could likely be fixed
in libvirt but forcing the newer version at least makes us not break
running containers. (Closes: #774237)
* [2caf1bb] Fix path to qemu-bridge-helper (Closes: #790935)
* [77dcc1a] README.Debian: remove xend bits were using libxl now
* [1b01f3f] Enable xen on armhf and amd64. Based on a patch by Yann
Soubeyrand (Closes: #795516)
[ Guido Günther ]
* [18ffe0c] New upstream version 1.2.18
* [56eac6e] New upstream version 1.2.17~rc1
* [c656180,af739f0] Bump symbol versions
* [dd37716,88466c7] Rediff patches
* [9135e2e] Use upstreams polkit rule.
As of 1.2.16 upstream ships a Polkit rule like Debian does.
* [9958a7f] Use systemctl is-active to check if virtlockd is running.
This is less heavyweight as status.
Thanks to Michael Biebl <biebl@debian.org> (Closes: #787973)
* [6620081] Drop Don-t-fail-if-we-can-t-setup-avahi.patch
not needed anymore
* [aa77bd8] Allow access to libnl-3 config files (Closes: #786650)
* [fda50ec] Use dh-autoreconf
* [659882f] Create dir for doc generation and depend on xsltproc for it
* [e894ae7] virNetSocketCheckProtocols: handle EAI_NONAME as IPv6 unavailable.
* [b1467e1] Add libvirt-admin shared library
[ Felix Geyer ]
* [2f59533] Use dh-apparmor.
This makes sure we load the profiles after installing the package
(Closes: #792426)
[ Michael Biebl ]
* [5409dc1] Transition to libsystemd (Closes: #779775)
* debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
architecture binaries. (LP: #1519030)
* debian/control: switch ebtables from Recommends to Depends or default
configuration network doesn't get created. (LP: #1505576)
* virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
* Fix the preinst and postinst: the check for whether libvirt-bin was
running was wrong for upstart systems, but we don't need to do that
anyway - just stop libvirt-bin unconditionally. (LP: #1499199)
* libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
* Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
* Add upstream patches implementing a '--migrate-disks' option to virsh
migrate to specify block devices to migrate. (LP: #1398999)
* Support OVMF images in virt-aa-helper. (LP: #1483071)
* Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
from 1.2.16-2ubuntu7.
* Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
restart at postinst. (This can be removed after 16.04 release)
* Commonize stopping of vms in upstart/systemd.
* Add systemd units and libvirt-stop-guests script to stop VMs before
a host completes shutdown (LP: #1480440)
* debian/control changes:
- Replace module-init-tools with kmod
* debian/tests:
- add autopkgtests from Debian
* d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch,
tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address
(LP: #1459748). Allow zero capacity storage creation with non-backing file.
* debian/apparmor/libvirt-qemu:
allow serial console backed by pts chardev (LP: #1342083)
[ Chris J Arges ]
* Merge from Debian unstable. Remaining changes:
- debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
usr.sbin.libvirtd} Add apparmor profiles.
- debian/bug-presubj: removed
- debian/control:
- add cdbs, dh-autoreconf, libcurl4-gnutls-dev
- add libxml-libxml-perl, libhal-dev
- swap open-iscsi to open-iscsi-utils
- Enable numa support on ppc64 and ppc64el.
- remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev
- remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
- remove libssh2-1, augeas-tools
- add libcgmanager-dev, xsltproc
- remove Vcs-Git
- adjust X-Python-Version > 2.7
- don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
* keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
* debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
* add upstart script for libvirt-bin
* debian/*.links files not added
* debian/libvirt-sanlock* not merged
* debian/libvirt-clients* not merged
* debian smoke tests not merged
* keep debian/{libvirt-migrate-qemu-disks.*,
libvirt-migrate-qemu-machinetype.*,
libvirt-migrate-xend-managed-domains.*}
* keep debian/libvirt-suspendonreboot
* keep debian/libvirt-uri.sh
* Don't apply the following patches:
- d/p/Debianize-libvirt-guests.patch
- d/p/Debianize-systemd-service-files.patch
- d/p/debian/Debianize-virtlockd.patch
- d/p/fix-Debian-specific-path-to-hvm-loader.patch
- d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
- d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
* debian/polkit/* not added
* debian/README.Debian:
- add 'Apparmor Profile' section
- add 'Disk migration' section
* debian/rules:
- add cdbs and autoconf stuff
- don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
WITH_SELINUX
- use qemu-group kvm instead of libvirt-qemu
- set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
- remove auto_test section
- add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
- use clean:: instead of dh_*clean
[ Chuck Short ]
+ Rediffed:
- debian/patches/storage-default-permission-mode-to-0711
- debian/patches/ubuntu_machine_type.patch
* debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572)
[ Serge Hallyn ]
* 9040-virt-aa-helper-add-unix-channels.patch: add support for unix
sockets for serials. (LP: #1015154)
* [0266267] Build-Depend and suggest nfs-common
for showmount
Thanks to Laurent Bigonville (Closes: #787783)
* [a48c783] Build depend on libpolkit-gobject-1-dev
to properly detect uid support in pkcheck.
Thanks to Laurent Bigonville (Closes: #787782)
* [3d0fe35] Enable firewalld support.
Thanks to Laurent Bigonville (Closes: #714372)
* Upload to unstabl
* [50e9055] New upstream version 1.2.16
* [6d22215] Fix one more libxl leftover
* [132348d] Only install libxl configuratin on hosts that support XEN
* [540f826] New upstream version 1.2.16~rc2
* [d17b3cb] Add libxl configuration files
* [24520fd] Update gbp.conf for experimental
* [29c488b] New upstream version 1.2.16~rc1
* [281585c] Rediff patches.
Dropped patches fixed upstream:
caps-Fix-regression-defaulting-to-host-arch.patch
* [5e4d9b7] Bump symbol versions
* Upload to unstable
* [2b23d7f] Add missing "Testsuite: autopkgtest"
* [57a9e63] caps: Fix regression defaulting to host arch
* [bf201a6] New upstream version 1.2.15
* [84ae1fc] Switch gbp.conf to sid
* Add post-start to upstart (/etc/init/libvirt-bin.conf) and
sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock
created before up (LP: #1455608)
* d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary
for new configs and convert old configs using qemu-dm.
(LP: #1459600)
* d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query
at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does
not provide a xenlight.pc file. Use that directory to update existing
configs.
(LP: #1459603)
* debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer
qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and
/sys/devices/system/node/node[0-9]*/meminfo
* New upstream release:
+ Dropped patches:
- d/p/add-cgmanager-support.patch
- d/p/cgmanager-mutex
- d/p/cgm-ignore-machined-failure
- d/p/9020-lp545795.patch
- d/pa/ubuntu-libxl-qemu-nopath.patch
- d/p/ubuntu-libxl-migrate-dm.patch
- d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch
* [852e3c3] New upstream version 1.2.15~rc2
* [a544fac] New upstream version 1.2.15~rc1
* [a40d4d3] Bump symbol versions
* [7d4f947] Rediff patches
* [39deec1] Update gbp.conf for experimental
* Upload to unstable
* [51ba06c] Allow testsuite to output to stderr
since we run the script with -x.
* [0a436be] New upstream version 1.2.14
* [46cb100] New upstream version 1.2.14-rc2
* [e4fcc35] Bump symbol versions
* [e55a86f] Rediff patches
* [5a5a046] New upstream version 1.2.13
* [6c65940] Bump symbol versions
* [5755363] Rediff patches
This reverts commit 35a256363958bd452cafdfcadec9626b2ce6df45.
* [06f42f7] New upstream version 1.2.12
* [26b55b3] Rediff patches
* Add profile script to automatically set the default URI based on
the currently running hyperisor (Xen or KVM/Qemu).
(LP: #1334749)
* create /var/lib/libvirt/qemu/channel/target (LP: #1393842)
- libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target
- libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so
qemu can create the unix sockets.
* Fix previous patch to ignore any abstract unix domain sockets
* Update the cgmanager patch so that container start and stop work under
systemd. (LP: #1438730) In 15.10 we will drop the cgmanager patch(es).
* 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow
libvirt domains to start when using qemu guest agent. (LP: #1393842)
* silence denial of attempted reads of lttng files (LP: #1432644)
* No-change rebuild to pull in libxen-dev 4.5
* Fix xml validation for Xen by allowing non-absolute path values
in loader and bootloader elements (LP: #1425497).
* Fix up Xen emulator in old configurations and for new definitions to
point to /usr/bin/qemu-system-i386 (LP: #1425497).
* Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the
qemu-system-ppcle symlink in qemu-system-ppc package.
* libvirt-qemu: allow kvm script on ppc to execute uname
* Apply patch from smoser to make libvirt on ppc64le functional.
(LP: #1418221)
* debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl.
* debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath.
* New upstream release
* Rediffed patches:
- debian/patches/9030-create-socket-dir
- debian/patches/add-cgmanager-support.patch
- debian/patches/cgroups-ignore-systemd-failure
* Dropped patches:
- debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch
- debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch
- debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch
- debian/patches/-CVE-2014-3633.patch
- debian/patches/dont-include-non-migrateable-features-in-host-model
- debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch
- debian/patches/CVE-2014-3657.patch
- debian/patches/CVE-2014-7823.patch
- debian/patches/add-ppc64le-support.patch
- debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
* debian/control: Add libxml-xpath-perl and xsltproc to dependencies
* debian/patches/skip-vircgrouptest.patch: Skip cgroup tests.
* debian/patches/disable-network-test.patch: Skip network tests
* [67f2b22] New upstream version 1.2.12~rc2
(Closes: #776065)
* [994d31d] Bump standards version to 3.9.6
no changes required
* [7b59a26] New upstream version 1.2.12~rc1
* [0a755e3] Dropped patches applied upstram.
lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
lxc-Move-setting-ifname_guest_actual-to-virLXCSetupI.patch
Rediff remaining patches.
* [9511acf] Document surprises on CPU microcode updates (Closes: #773706)
* [3e325df] Install lock drivers (Closes: #773706)
* [970de51] Bump symbol versions
* [1377d56] lxc: Fix crash when using interface type 'direct'
(Closes: #769600) Thanks to Bastian Blank for the patch
* [88f9426] Adjust gbp.conf for experimental
* [0b196d9] New upstream version 1.2.11
* [113b58b] Rediff patches
* [8c5ba09] Rediff patches.
Dropped
allow-libxl-to-find-default-path-to-pygrub.patch: fixed upstram
CVE-2014-7823-dumpxml-security-....patch: fixed upstream
util-Prepare-URI-formatting-for-libxml2-2.9.2.patch: fixed upstream
* [bdb5692] Bump symbol versions
* [87bcfc8] New upstream version 1.2.10
* [214d446] CVE-2014-7823: dumpxml: security hole with migratable flag
(Closes: #769149)
* [7e3dbba] New upstream version 1.2.10~rc2
* [a0832bc] Check if the directories exist before removing them. rmdir
returns nonzero otherwise and this is more strict than just using || true.
(Closes: #767672)
* Upload to experimental
* [360da79] New upstream version 1.2.10-rc1
* [aba073c] Rediff patches.
Dropped Use-sensible-editor-...patch: Configurable now
Dropped qemu-use-systemd-s-TerminateMachine-...patch: Applied upstream
* [f739a80] Configure use of sensible-editor via ./configure
* [4f5511b] Update symbols
* [f5e46fb] postinst: Use '--' for all adduser options
* [a8fee3f] Don't validata filesystem target type. Since 'virsh' validates
XML this can lead to uneditable (but perfectly valid) configs.
* [4c14b83] qemu: Don't try to parse -help for new QEMU.
Closes: #777138, #775773
Thanks to Mathieu Malaterre for the debugging
* [1addae5] Force capability refresh on upgrades. This makes sure we
refresh the capabilities at least once when upgrading from Wheezy.
(Closes: #731815)
* [885f33d] Fix CVE-2015-0236.
Patches cherry-picked from upstream (Closes: #776065)
* [d7df883] CVE-2014-8131: Fix possible deadlock and segfault in
qemuConnectGetAllDomainStats()
(Closes: #773858)
* [d0085e0] qemu: bulk stats: Fix logic in monitor handling
* [b5e081c] CVE-2014-8135: storage: fix crash caused by no check return
before set close
(Closes: #773855)
* [a5452de] CVE-2014-8136: qemu: migration: Unlock vm on failed ACL check in
protocol v2 APIs
(Closes: #773856)
* [5aaafc9] qemu: Fix crash in tunnelled migration (Closes: #773503)
* [87b3713] lxc: Fix crash when using interface type 'direct'
Thanks to Bastian Blank for the patch (Closes: #769600)
* [17807c0] Document surprises on CPU microcode updates (Closes: #773706)
* [66a3ca6] Install lock drivers (Closes: #773706)
* [f6ffda7] vbox: fix a bug in _machineStateInactive (Closes: #770202)
* [9779548] Add a python build-dependency for the docs build
(Closes: #770775)
[ Guido Günther ]
* [5c47e64] Pre-Depend on init-system-helpers.
Thanks to intrigeri and Bastien ROUCARIES (Closes: #769551, #766362)
* [9aa75f7] util: Prepare URI formatting for libxml2 >= 2.9.2
(Closes: #769653)
[ Ian Campbell ]
* [bfe835f] Specify "pygrub" by default for libxl backend guests.
Using an absolute path prevents libxl from providing the correct
default. (Closes: #770485)
* [4cdad47] Allow backported versions of dh-systemd
* [fb4bf47] Add suggests to libvirt-daemon-system to libvirt-daemon
(Closes: #767343)
* [e4f03ca] Check if the directories exist before removing them
rmdir returns nonzero otherwise and this is more strict than just using
|| true. (Closes: #767672)
* [030fd97] CVE-2014-7823: dumpxml: security hole with migratable flag
(Closes: #769149)
* [28dd361] Remove obsolete conffiles in libvirt-bin too. Depending on the
upgrade path they can belong to either libvirt-bin or
libvirt-daemon-system. (Closes: #764679)
* [de9dcf9] Move polkit rule to /u/s/polkit-1/rules.d/
since /e/polkit-1 is for admin changes (Closes: #764826)
* [114d777] Remove unused python files. We split out libvirt-python ages
ago.
* [3a06d85] Add rules for older policy kit (as in jessie/sid).
Thanks to Török Edwin, Wolodja Wentland and Michael Biebl
(Closes: #765346)
* Upload to unstable
* [2d120a7] New upstream version 1.2.9
* [0f86acd] Rediff patches
* [8707039] New upstream version 1.2.9~rc2
* [79ae3d2] Rework patches.
Dropped
qemu-remove-capabilities.....patch: applied upstream
* [c64dc81] qemu: use systemd's TerminateMachine to kill all processes
(Closes: #761521)
* [063cc84] New upstream version 1.2.9~rc1
* [42079a5] Rework patches.
Dropped
security/CVE-2014-3633-....patch: applied upstream
* [d72bb99] Bump symbol versions
* [7359fcb] Add simple smoke test using the test:///default driver
* [da11813] Use polkit instead of socket permissions. As before membership
in the libvirt group gives r/w access to all VMs.
* [98cdfca] Allow for libvirt's socket activation. Now that we're using
polkit by default having the rw socket mode 0777 is fine.
* [9e3d695] Don't ship the socket activation file until we switched to
polkit and we can therefore ignore socket permissions. (Closes: #762606)
* [a32e72e,4eb67f4] Clean up capabilities and possibly empty dirs
(Closes: #761131)
* [7b0894e] Debianize virtlockd unit file
* [2c522fd] Tag Debian specific patches as such
* [e1e734b] CVE-2014-3633: qemu: blkiotune: Use correct definition when
looking up disk. Thanks to Peter Krempa (Closes: #762203)
* [e55688b] New upstream version 1.2.8
(Closes: #760510)
* [daa5c92] New upstream version 1.2.8~rc2
* [7f85d5e] Bump symbol versions
* [ea29953] Rediff patches.
Drop patches appplied upstream:
Don-t-fail-qemu-driver-intialization-if-we-can-t-det.patch
Include-param.h-on-kFreeBSD.patch
Make-uri-command-a-bit-more-prominent.patch
* [4633967] Verify tarball signature
* d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648)
* debian/rules:
- use --with-esx (LP: #565771)
- specify restart-after-upgrade (LP: #1215617)
* debian/control: add libcurl4-gnutls-dev for esx support
* apparmor libvirt-qemu template: allow reading charm-specific ceph config
and silence denials for /tmp/**. (LP: #1403648)
* mutex cgmanager actions (Thanks to Don Bowman for finding the cause)
(LP: #1397130) (LP: #1367702)
* d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch:
Allow libxl to figure out the path to pygrub. (LP: #1396942)
* debian/patches/add-ppc64le-support.patch: Added patches needed
for ppc64le support. (LP: #1396070)
* libvirt-qemu: add r to sgabios.bin (LP: #1393548)
[ Serge Hallyn ]
* 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
libxml 2.9.2 (LP: #1390637)
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via virConnectListAllDomains
- debian/patches/CVE-2014-3657.patch: fix domain deadlock in
src/conf/domain_conf.c.
- CVE-2014-3657
* SECURITY UPDATE: xml information leak with read-only connections
- debian/patches/CVE-2014-7823.patch: check for migratable flag in
src/libvirt.c, src/remote/remote_protocol.x.
- CVE-2014-7823
* cull too-new apparmor rules depending on target host (LP: #1387251)
* add mising apparmor permissions for slof (LP: #1374554)
* complete the 9p support: (LP: #1378434)
- libvirt-qemu: add fowner and fsetid
- virt-aa-helper: add 'l' to 9p file options
* dont-include-non-migrateable-features-in-host-model (LP: #1386503)
[ Felix Geyer ]
* d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346).
* libvirt-bin.upstart: delay start until rc finished
This give hypervisors more time to finish their setup (LP: #1377900).
* libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960)
* libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
(LP: #1374554)
* libvirt-bin.postinst: fix syntax error (s/if/fi/)
* libvirt-bin.postinst: check for confiles whichhave been removed rather
than fail package install (LP: #1375910)
* SECURITY UPDATE: denial of service or information disclosure via
virDomainGetBlockIoTune
- debian/patches/CVE-2014-3633.patch: use correct definition when
looking up disk in src/qemu/qemu_driver.c.
- CVE-2014-3633
* debian/apparmor/libvirt-lxc (sync with container-base with lxc):
- remove bare 'signal' and 'ptrace' rules (base abstraction covers most
of what we need)
- allow signal (receive) peer=/usr/sbin/libvirtd
- allow ptrace peer=@{profile_name}
- deny mount options=(ro, remount, silent) -> /
- allow mount fstype=hugetlbfs
- shuffle a couple of rules around to make it easier to diff with lxc
policy
* debian/apparmor/TEMPLATE.lxc (sync with lxc-default):
- use attach_disconnected and mediate_deleted
- deny mount fstype=devpts,
* debian/apparmor/usr.sbin.libvirtd: allow 'network netlink'
* 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start
KVM vms.
* d/p/ubuntu-xend-probe.patch:
Update patch correctly and re-enable it. It seems like it only was
half updated and then disabled without reasons.
* d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch:
Re-activate adapted patch. Some pieces made it into upstream as a
bug fix. The rest is still needed to allow selecing an alternate
graphics device for Xen HVM guests.
* d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch:
Re-activate unchanged patch (for some reason dropped when moving
to 1.2.6).
This one is a bit of a work-around mainly for virt-manager which sets
gfx memory to values below the minimum requirement for Xen. And the
UI does not allow to change that. This patch just goes for the minimum
in that case.
[ Chuck Short ]
* New upstream release: (LP: #1367422)
+ Dropped:
- debian/patches/ovs-delete-port-if-exists-while-adding-new-one
+ Refreshed:
- debian/patches/add-cgmanager-support.patch
- debian/patches/storage-default-permission-mode-to-0711
[ Serge Hallyn ]
* d/apparmor
- install TEMPLATE.qemu and TEMPLATE.lxc
- add libvirt-lxc abstraction, add permissions to it needed for
a ubuntu container to start.
- libvirt-qemu - add qemu-bridge-helper policy from upstream
- libvirt-qemu - add qemu-microblaze allows from upstream
- edit lxc.conf to enable apparmor by default (LP: #914716)
(LP: #1008393) (LP: #1088295)
* d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
for systemd case. (LP: #1365163)
* d/p/9030-create-socket-dir - create session socket dir if
needed (Should be replaced eventually by the upstream fix)
* d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
driver is not available (else the qa-regression-tests fail with
skip_apparmor)
* [6534478] Check status in a systemd 208 compatible way
systemd 204 returned 0 when trying to reload a not running service but
208 changed behaviour. So use status instead of is-enabled.
Thanks to Neutron Soutmun for his feedback (Closes: #758688)
* [d319f15] Only reexec virtlockd if enabled (Closes: #758688)
* [1c2c5ee] Don't let dh_systemd_start guess the package to act on
(Closes: #758552)
* [ab79901] Don't restart libvirt-guests when using systemd so it's
consistent with sysvinit. We'd restart VMs on package upgrads otherwise.
* [d98aa3b] Fix wrong relation in preinst.
Thanks to Laurent Bigonville (Closes: #758136)
* [42dbd16] Skip more linux specific stuff on kFreeBSD
* [a2ff23f] Don't restart virtlockd on upgrade virtlockd must be reloaded so
it reexecs itself. (Closes: #757453)
* [4914adc] Use symlinks for upstream changelog. This safes 1.9M per
package
* [3583f4b] Don't fail qemu driver intialization if we can't determine
hugepage size. Thanks to a lot to Jamie Heilman for testing it
(Closes: #757609)
* [3b23724] Make 'uri' command a bit more prominent. (Closes: #688778)
* [63e7e51] Also stop libvirt-bin in libvirt-bin's preinst.
When libvirt-daemon-system's preinst runs the new libvirt-bin might
already be unpacked and therefore the libvirt-bin service file already
gone. So additionally stop libvirt-bin in libvirt-bin's preinst.
(Closes: #757952)
* [5e39138] Don't provide libvirt-bin via LSB headers.
This avoids a conflict when /e/i/libvirt-bin and /e/i/libvirtd
are around at the same time during dpkg's configure phase and
both init scripts Provide: libvirt-bin.
(Closes: #757330)
* [06d457c] Bump comparison version so this applies to current failed
upgrades too.
* [bdae16d] Remove another obsolete conffile (Closes: #757332)
* [2f486c5] Don't try to stop libvirt-bin if it's already gone
(Closes: #757407)
* [a9643a0] Remove another obsolete conffile (Closes: #757332)
* [5e71896] Move networking configuration to libvirt-daemon-system too
* [32eea48] Remove left over empty directory
* [b3a2735] Also purge libvirt-bin.service on new installations.
The old service file was in libvirt-bin so we need to remove it when
libvirt-daemon-service is first installed (as we did before when
the whole code was in the postinst).
Thanks to Laurent Bigonville for the analysis (Closes: #757293)
* Upload to unstable
* [f634d53] Don't try to install qemu configuration on kFreeBSD.
QEMU support on kFreeBSD support is currently disabled due to test
failures.
* [ebfec9b] Don't try to install lxc.conf on kFreeBSD.
Another kFreeBSD build fix
* [65e69d3] New upstream version 1.2.7
* [d615910] Don't try to install virt-login-shell on non-linux.
It's LXC only. This fixes the build failure on kFreeBSD.
[ Guido Günther ]
* [16575d9] New upstream version 1.2.7~rc2
* [bc785a7] Drop left over libvirt-bin references.
Fixes more leftovers of #730604.
* [ca64c62] Rediff patches
* [998e7d4] Update symbols file
* [06cf7b4] Make sure libvirt-bin versioned dependencies are recent enough
[ Laurent Bigonville ]
* [daf46fe] Stop the daemon in the preinst script instead of the postinst
one when renaming the .service file as it now contains the
"Restart=on-failure" option and blindly killing the daemon is not working
anymore. This completes the fix for #730604
* [501afad] Update copyright information
[ Laurent Bigonville ]
* [4c4977e,87fc2db] Rename libvirt-bin.service back to libvirtd.service
and use symlink or Alias= instead. This is what upstream uses.
(Closes: #730604)
[ Guido Günther ]
* Upload to experimental
* [9321997] Drop build-dep on hal-dev too (Closes: #710195)
* [899c1d3] New upstream version 1.2.5
* [34d54b9] Refresh patches.
Dropped, fixed upstream:
LSN-2014-0003-Don-t-expand-entities-when-parsing-XML.patch
* [12e5468] Update symbols file
* [8ae2cf5] Depend on gnutls/gcrypt explicitly (Closes: #753121)
* [8881fe5] Recommend iproute2 instead of iproute (Closes: #753713)
* [ab710a4] New upstream version 1.2.6
* [a23d7fc] Rediff patches
* [e6c037b] Bump symbol versions
* [7ca6a8a] Split out daemon configuration (Closes: #679074)
* [60ec538] Cleanup old conffile (Closes: #748720)
* [cc59dd4] Provide build and packager information (Closes: #753306)
* [74baa7e] Use sensible-editor as fallback.
Based on a patch by Dmitry Smirnov (Closes: #594444)
* debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation
(LP: #1362199)
* debian/apparmor/libvirt-qemu: allow 'r' on @{PROC}/sys/kernel/cap_last_cap
* debian/control: Suggests apparmor >= 2.8.96~2541-0ubuntu4~
* cgroups-ignore-systemd-failure - fix incoming migration failures when
systemd-shim is installed.
* ovs-delete-port-if-exists-while-adding-new-one - cherrypick commit 33445ce
from upstream (LP: #1343262)
* No change rebuild against gnutls28.
* debian/apparmor/usr.sbin.libvirtd - add cap-sys-resource to fully
fix (LP: #1276719)
* Rebuild against libparted2.
* New upstream release:
+ Dropped:
- debian/patches/virt-aa-helper-vhost.patch
- debian/patches/libxl-Implement-basic-video-device-selection.patch
- debian/patches/libxl-Fix-up-VRAM-to-minimum-requirements.patch
+ debian/rules: Include packaging version in the log file. (LP: #1335221)
* libxl: Refresh patch(es) to allow the choice between Cirrus and
VGA for Xen HVM guests.
- d/p/libxl-Implement-basic-video-device-selection.patch [v4]
- d/p/libxl-Fix-up-VRAM-to-minimum-requirements.patch
* debian/apparmor/usr.sbin.libvirtd: allow libvirtd to run
libxl-save-helper (required for save restore through libxl).
(LP: #1334195)
* debian/apparmor/usr.sbin.libvirtd: allow pygrub to be run
(LP: #1326003)
* d/p/virt-aa-helper-vhost.patch: allow access to /dev/vhost-net if domain
needs it (LP: #1322568)
* implement cgmanager support (LP: #1322677)
- debian/control: build-dep on libcgmanager-dev, depend on cgmanager
- d/p/add-cgmanager-support.patch
[ Chuck Short ]
* New upstream version:
+ Rediffed:
- d/p/ubuntu-xend-probe.patch
+ Dropped:
- d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
- d/p/libxl-do-not-use-virdomain-id.patch
- d/p/libxl-set-disk-format-for-cdrom.patch
- d/p/libxl-set-vfb0-data-in-build-config.patch
- d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch
- d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
- d/p/accomodate-new-qemu-migration-status-setup.patch
- d/p/9025-apparmor-allow-access-to-filesystem-mounts
- d/p/add-a-mutex-to-serialize-updates-to-fw.patch
- d/p/arm-cpu-baseline.patch
+ debian/control: Add ebtables, iptables, and qemu-utils as a build dependency.
[ Serge Hallyn ]
* d/p/ubuntu-skip-virstoragetest: skip a test that hangs in buildds.
* d/apparmor/TEMPLATE: replace libvirt-qemu with libvirt-driver to match
upstream commit 43c030f.
* [b0b7359] Don't pretend kFreeBSD supports linux only features. So far we
worked around missing kFreeBSD features by creating empty dirs this looks
bad on the target systems and makes us maintain things in debian rules and
*.install. Explicitly invoke dh_install in debian/rules instead.
Closes: #747658
* [8bcbf97] Only linux has apparmor (Closes: #747565)
* [0fa7624] Disable tests requiring filesystem attributes since they seem to
fail on the buildd (Closes: #747565)
* [b38846c] New upstream version 1.2.4
* [f8d48c5] Drop.
tests-Only-use-privileged-mode-if-Qemu-user-and-grou.patch
applied upstream
* [8388a28] Disable hal on all architectures (Closes: #710195)
* [726b0bb] LSN-2014-0003: Don't expand entities when parsing XML
* [1190eb8] New upstream version 1.2.4~rc2
* [382f71a] Bump symbol versions
* [278d3b6] Rebase patches.
Dropped
libvirt-guests-avoid-bashism.patch
tests-Don-t-crash-when-creating-the-config-object-fa.patch
fixed upstream
Modified:
tests-Only-use-privileged-mode-if-Qemu-user-and-grou.patch
to better suite upstream.
* [057fc1d] Add more build-deps so we can run more test during "make check"
* [7f310c8] More verbose test output
* [5be4d5e] Include bug-presubj to request some more data on bug reports.
* [6bd3b3e] Stab at a build fix for kFreeBSD
* [aa5cd19] /etc/init.d/libvirt-guests: source /lib/lsb/init-function.
This make sure we redirect calls to systemctl correctly
Thanks to Laurent Bigonville (Closes: #739082)
* [9be0bf9] Remove old restart handling code from postinst.
This brings the dh_installinit calls in line with the dh_systemd_start
calls.
Thanks to Laurent Bigonville (Closes: #739096)
* [9c408f9] New upstream version 1.2.2. Fixes CVE-2013-6456
(Closes: #741276, #732394)
* [e2f0077] Bump symbols versions
* [c7bf776] Update patches.
Dropped
xen-fix-parsing-xend-http-response.patch - applied upstream
* [cca8c1e] New upstream version 1.2.3
* [11ad777] New patch Skip-vircgrouptest.patch.
Skip vircgrouptest since the sys emulating code isn't complete and fails
in our /sys free chroot.
* [448ab8c] Build-depend on libsystemd-daemon-dev on linux
* [66f2a93] Refresh patches
* [3038786] Fix test failures
* [bbed2fd] Depend on libattr1-dev for selinux tests
* [659fc63] Bump symbol versions
* [618b64f] Adjust systemd installation to upstream changes
* [1850e36] Bump standards version
* [e934847] libvirt-guests: avoid bashism
* debian/apparmor/libvirt-qemu: add device-tree access for ppc
(LP: #1321365)
* debian/control: change apparmor dependency into an inverse conflicts,
so that libvirt can continue to be used without apparmor. (LP: #1304167)
* Add a dependency on the new apparmor to make sure we have the new
parser around before we attempt to load a profile requiring the new
stanza support. (LP: #1304167)
* d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch:
Allow to use libvirt to convert xend guest configurations into
xml format.
* Add libvirt-migrate-xend-managed-domains migration script.
(LP: #1303886)
* Added breaks for xen-utils-4.(1|3) to ensure postinst order.
* debian/patches/recognize-trusty-machine-type.patch: Revert patch
since it was causing issues with virtio deivces. (LP: #1304107)
* d/p/recognize-trusty-machine-type.patch: handle "trusty" qemu machine type
(LP: #1294823)
[ Jamie Strandboge ]
* updates for AppArmor signals and ptrace mediation (LP: #1298611)
- debian/apparmor/libvirt-qemu: allow guests to receive signals from and
be tracedby libvirtd (additional signal and ptrace rules come from the
AppArmor base abstraction)
- debian/apparmor/usr.sbin.libvirtd:
+ grant bare signal and ptrace rule
+ grant dbus on the system bus (should have been added in 13.10)
* debian/apparmor/libvirt-qemu: Allow qemu-system-aarch64 to be used.
(LP: #1301516)
* d/p/libxl-Create-log-directory-earlier.patch:
Move creation of log directory inside function that tries to create
a log file inside of it. Fixes startup when the libxl log directory
has not been created, yet.
* d/p/libxl-do-not-use-virdomain-id.patch:
Replace usage of dom->id with vm->def-id inside the driver (as that
is not getting stale). Fixes guest creation and reboot through
virt-manager (apart from possibly other things).
* d/p/libxl-set-disk-format-for-cdrom.patch:
Set disk format, otherwise an empty virtual CDROM makes the guest
unstartable.
* d/p/libxl-set-vfb0-data-in-build-config.patch:
Actually set video and display data in the domain build info. Beside
of preventing disagreement about VNC ports, this allows to select
standard VGA graphics and more VRAM trhough libvirt.
* debian/libvirt-bin.dirs: Add /var/log/libvirt/libxl.
* Refreshed d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
to avoid logging an error when file is not present.
* debian/patches/arm-cpu-baseline.patch: Implement a stub cpuArchDriver.baseline()
handler for arm.
* d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch: Prevent
using the libxl driver when not running in dom0 but having xenfs mounted.
(LP: #1248025)
* d/p/add-a-mutex-to-serialize-updates-to-fw.patch: fix another deadlock
when starting a large number of VMs. (LP: #1228977)
* New upstream release:
- Rediffed patches:
- debian/patches/Allow-libvirt-group-to-access-the-socket.patch
- debian/patches/9004-libvirtd-group-name.patch
- debian/patches/dnsmasq-as-priv-user
- Dropped patches:
- debian/patches/9005-increase-unix-socket-timeout.patch: No longer
needed.
- debian/patches/rbd-storage-format.patch: No longer needed.
- debian/patches/9022-qemu-enable-host-passthrough-mode-for-aarch64:
No longer needed.
- debian/patches/9023-xen-fix-parsing-xend-http-response.patch:
No longer needed.
- debian/patches/
* [e936a7e] Document libvirt user capabilities
* [94096c9] xen: fix parsing xend http response. This unbreaks xen on
wheezy.
Thanks to Jim Fehlig
* [fb06860] Install virt-aa-helper for apparmor
* Upload to unstable
* [22e83d7] New upstream version 1.2.1.
Fixes CVE-2014-0028, CVE-2014-1447, CVE-2013-6457
(Closes: #735676)
* Pull patch from mailing list (merged with separate patch posted to the
bug) to fix 9p mounts. (LP: #1285995)
* Cherrypick 9024-qemu-implement-a-stub-baseline-handler-for-aarch64 from
upstream git.
* Add uvtool image path to virt-aa-helper AppArmor profile.
* debian/patches/nwfilter-locking.patch: Dropped causes ftbfs.
* debian/control: Move pm-utils from suggests to Recommends.
(LP: #1274772)
* debian/patches/patches/nwfilter-locking.patch: Fix nwfilter locking
causing libvirt to crash. (LP: #1228977)
* cherry-pick "xen: fix parsing xend http response" from upstream
git to fix connecting to xex in xm/xend mode (LP: #915954)
* cherrypick d/p/9022-qemu-enable-host-passthrough-mode-for-aarch64 from
upstream git.
* d/control: add nfs-common to build-deps (LP: #1264955)
* debian/patches/rbd-storage-format.patch: Make image format 2 the default
for RBD.
* New upstream release:
- Dropped patches:
+ debian/patches/0001-libxl-Fix-devid-init-in-libxlMakeNicList.patch:
No longer needed
+ debian/patches/0001-libxl-Fix-initialization-of-nictype-in-libxl_device_.patch:
No longer needed.
* [e559e92] libvirt-bin.init: Fix typo in path when checking for systemd
* [fef0f8f] New upstream version 1.2.1~rc2
* [caf3c45] Rediff patches
[ Laurent Bigonville ]
* [f6b0feb] Pass --with-selinux-mount=/sys/fs/selinux to ./configure.
The buildd are not running selinux and this make the auto-detection code
defaults to /selinux which is actually not existing anymore in sid.
This complete the fix for SELinux support.
[ Guido Günther ]
* Upload to experimental
* [20d9129] Enable parallel build support.
Thanks to Felix Geyer for pointing this out
* [0d0590e] New upstream version 1.2.1~rc1. Fixes CVE-2013-6458
(Closes: #734556)
* [a3f978b] Bump symbol versions
* [0a6a276] Rediff patches.
Dropped (fixed upstream):
security-fix-crash-in-lxcDomainGetMemoryParameters.patch
security-fix-crash-in-lxcDomainSetMemoryParameters.patch
* [3061b11] Build with apparmor support.
Note that this isn't enough to run with apparmor support since the
profiles will need more work but it makes testing this a lot simpler.
This is heavily based on a patch by Felix Geyer.
See: #725144
[ Guido Günther ]
* [949fae6] Suggest systemd since it improves thinks like e.g. cgroup
handling
* [96f9aae] Make mounted cgroups configurable via /etc/default/libvirt-bin
and check for memory cgroup on kernel command line. (Closes: #732666)
* [ce356fe] Really remove "memory" from default mount list. Thanks to phep
<phep-lists@teletopie.net>
[ Laurent Bigonville ]
* [13052e4] Enable selinux driver (Closes: #688179)
* [a00df46] Switch LSB dependencies to avahi-daemon since only the later
exists as native systemd service. (Closes: #731612)
* Upload to unstable
* [230609e] Depend on kmod instead of module-init-tools (Closes: #731451)
* [affb1ce] New upstream version 1.2.0
* [e9de7b2] Fix crashes in lxcDomain{S,G}etMemoryParameters.
This fixes CVE-2013-6436
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: add
/var/lib/nova/instances/snapshots/** r to allow virt-aa-helper to read
the snapshot directory to find images which VMs should be granted access
to. (LP: #1244694)
* Refresh/fix detection of xm/xl toolstack in use. The previous port
had two glitches, one of them causing the daemon to segfault.
* Cherry-pick "libxl: Fix initialization of nictype in libxl_device_nic"
from upstream to have the same default NIC choice with the libxl driver
as we had with the xen(d) driver (HVM guest uses a emulated rtl8139).
* Cherry-pick "libxl: Fix devid init in libxlMakeNicList" from upstream
to allow HVM guests to be brought up from the libxl driver.
* New upstream release:
- Refreshed patches:
+ debian/patches/storage-default-permission-mode-to-0711
- Dropped patches:
+ debian/patches/util_use_w_flag_when_calling_iptables.patch
* debian/control, debian/rules, debian/python.mk,
debian/python-libvirt.install: python libvirt bindings have been
split out into its own source called libvirt-python.
* debian/libvirt-dev.install: Install API files into dev package
* [8bfdc7f] New upstream version 1.2.0~rc2
* [56d17d0] Bump symbol versions
* [288778f] Drop atomic-pthread-link-fix. Fixed upstream.
* [c8151f5] Rediff patches
* [dd5ae42] Drop python-libvirt. Python bindings were split out of
libvirt's git into libvirt-python.
* [bafc3d6] Install API files into dev package. These are needed by the
python bindings
* [78cadf5] Rados storage backend needs --with-storage-rbd not
--with-storage-rados
* [a384975] Explicitly disable phyp support so we can enable libssh2 uri
support.
* [9d8f3c5] Check correct dirs for existence (Closes: #729331)
* [1ede11d] Document new cgroup rrequirements (Closes: #707201)
* Acknowledge NMU, Thanks Julien Cristau (Closes: #730345)
* Non-maintainer upload.
* Fix linking when using pthread atomic ops, such as on armel.
* Disable silent build rules.
* Upload to unstable
* [54c6758] New upstream version 1.1.4
* Build using dh-autoreconf.
* Enable numa support on ppc64 and ppc64el.
* debian/libvirt-dev.install: Add missing libvirt-lxc.so.
* d/p/accomodate-new-qemu-migration-status-setup.patch: work around
libvirt's not yet knowing of qemu's new migration state, 'setup'.
This can be removed when upstream libvirt has a proper patch. QRT
fails without this.
* debian/patches/9002-better_default_uri_virsh.patch: Update to fix the
FTBFS.
[ Chuck Short ]
* New upstream version:
- Rediffed patches:
+ d/p/Don-t-enable-default-network-on-boot.patch
+ d/p/ubuntu-xend-probe.patch
+ d/p/Don-t-fail-if-we-can-t-setup-avahi.patch
+ d/p/Disable-failing-virnetsockettest.patch
+ d/p/Don-t-enable-default-network-on-boot.patch
- Dropped patches:
+ d/p/v1.1.1-maint/0001-xen-fix-memory-corruption-in-legacy-driver.patch
+ d/p/v1.1.1-maint/0002-qemu_migration-Don-t-error-on-tunelled-migration-wit.patch
+ d/p/v1.1.1-maint/0003-build-fix-configure-detection-of-if_bridge.h-on-RHEL.patch
+ d/p/v1.1.1-maint/0004-remote-Fix-a-segfault-in-remoteDomainCreateWithFlags.patch
+ d/p/v1.1.1-maint/0005-Revert-build-fix-configure-detection-of-if_bridge.h-.patch
+ d/p/v1.1.1-maint/0006-build-more-workarounds-for-if_bridge.h.patch
+ d/p/v1.1.1-maint/0007-Fix-qemuProcessReadLog-with-non-zero-offset.patch
+ d/p/v1.1.1-maint/0008-Reverse-logic-allowing-partial-DHCP-host-XML.patch
+ d/p/v1.1.1-maint/0009-virsh-domain-Fix-memleak-in-cmdUndefine-with-storage.patch
+ d/p/v1.1.1-maint/0010-virsh-domain-Fix-memleak-in-cmdCPUBaseline.patch
+ d/p/v1.1.1-maint/0011-virbitmap-Refactor-virBitmapParse-to-avoid-access-be.patch
+ d/p/CVE-2013-4296.patch
+ d/p/CVE-2013-4311.patch
+ d/p/CVE-2013-4297.patch
+ d/p/fix-crash-in-libvirtd-when-events
+ d/p/security-provide-supplemental-groups
+ d/p/add-bounds-checking-on-virdomainmigrate
+ d/p/xen-use-internal-interfaces-in-xendomainusedcpus
+ d/p/fix-remote-client-segfault.patch
+ d/p/ubuntu-xend-xmlcreate-double-free.patch
+ d/p/9002-better_default_uri_virsh.patch
[ Serge Hallyn ]
* update and re-add d/p/9002-better_default_uri_virsh.patch. Also patch
new uri-precedence test, as we break it with this patch.
* add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322)
* debian/apparmor/libvirt-qemu: allow access to hugepages mounts
(LP: #1250216)
* debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251)
* [b56f727] Add option to mount cgroups during daemon start. The init
script can mount each control group to a different mount point during
prior to starting libvirt bin. This allows running qemu and lxc guests
together without using systemd.
Thanks to Manuel VIVES (Closes: #725261)
* [e044f56] New upstream version 1.1.4~rc2 (Closes: #727101)
* [d046906] Update symbols file
* [6a8cd2d] Update patches
* [ac24680] Lower policykit-1 build-dep since CVE-2013-4288 was fixed in
unstable by patching policykit instead of moving the new upstream version
from unstable.
* [63167cd] Enable libxl (Closes: #698093)
* [c7747b0] Enable rados block device support
* [6aa2998] Build against fuse for lxc fuse support
* [a2a1a74] Don't fail chmod/chdir if a file doesn't exist. We don't use -f
since we want to detect other errors (ro filesystem, etc.)
(Closes: #726203)
* [6ec841f] New upstream version 1.1.3
* [3721380] Drop Add-check-aclperms.pl.patch applied upstream
* [acc5263] Refresh patches
* [1894ff0] Use libvirt-qemu as group for qemu-kvm related directories since
this is the group we run the process with.
* [adf14d0] Make sure qemu guest agent related directories are
readable/writeable by the kvm process (Closes: #717406)
* [b7c1b69] Explicitly enable sheepdog support we already set the configure
params but didn't pass them on. Sheepdog support was enabled anyway due to
./configure autoprobing.
* [85436a4] No need for gawk. Awk isn't used in libvirt anymore and
virt-pki-validate can cope with mawk. (Closes: #703380)
* [20cacff] New upstream version 1.1.3~rc1
* [fe3ccca] Drop patches fixed upstream.
Fix-cgroups-when-all-are-mounted-on-sys-fs-cgroup.patch
Fix-launching-of-VMs-on-when-only-logind-part-of-sys.patch
Fix-make-check-not-finding-finding-the-libvirtd-lens.patch
Parse-AM_LDFLAGS-to-driver-modules-too.patch
virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
* [da60777] Rediff patches
* [d5e311a] Update symbols file
* [634a67a] Depend on newer polkit. We want a pkcheck that supports the uid
arg to address CVE-2013-4311
* [7c5e09d] Add check-aclperms.pl missing from the dist tarball
* [d7b6d7a] Cherry-pick cgroup related fixes from upstream trunk.
(a48838ad2e36c124229b6faaf6e24284810e3802 and
f0b6d8d472de3c1bf3ade24e07df7c6d02075b77).
Thanks to Laurent Biognville for chasing this and Daniel P. Berrange for
the actual fixes.
(Closes: #721979)
* [f5f3818] virFileNBDDeviceAssociate: Avoid use of uninitialized variable.
This fixes CVE-2013-4297.
Thanks to Michal Privoznik
* [1fb0a76] Parse AM_LDFLAGS to driver modules too got get a RO got
Thanks again lintian and lintian-maintainers!
* [921150d] Bump standards version to 0.9.4
* [7b8d517] New upstream version 1.1.2
* [4db5aa3] Remove unneeded systemd targets.
While it's nice to have them upstream for backward compat we can drop
them in Debian already.
* [b4a9eaf] New upstream version 1.1.2~rc2 (Closes: #721325)
* [a3b140a] New upstream version 1.1.2~rc1 (Closes: #719533)
* [6c162e3] Update patches:
Drop virGetGroupList-always-include-the-primary-group.patch applied
upstream.
* [e6c12ec] Update symbols
* [a3548ee] Drop versioned libaudit-dev dependency (Closes: #721172)
* [1562bb3] Fix "make check" not finding finding the libvirtd lense
* [58c2a29] New upstream version 1.1.1 (Closes: #15510, #715320)
* [0a06224] Move directory creation form dh_auto_build to dh_auto_install
since this isn't part of the building but the installing process.
* [a1c747a] Update symbols
* [90a1881] Update patches.
Dropped patches fixed upstream
CVE-2013-4153-qemu-Fix-double-free-of-returned-JSON-.patch
CVE-2013-4154-qemu-Prevent-crash-of-libvirtd-without.patch
Create-directory-for-lease-files-if-it-s-missing.patch
Fix-crash-when-multiple-event-callbacks-were-registe.patch
* [1308542] virGetGroupList: always include the primary group
otherwise we're lacking the group to access /dev/kvm
* debian/apparmor/usr.sbin.libvirtd: add audit_write capability
(LP: #1204616)
* SECURITY UPDATE: denial of service via invalid free in
virFileNBDDeviceAssociate.
- debian/patches/CVE-2013-4297.patch: properly initialize qemunbd in
src/util/virfile.c.
- CVE-2013-4297
* fix-crash-in-libvirtd-when-events: make sure to remove all event
callbacks when a client disconnects from libvirtd.
* SECURITY UPDATE: possible privilege escalation via pkcheck race.
- debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
configure.ac, daemon/remote.c, src/access/viraccessdriverpolkit.c,
src/rpc/virnetserverclient.c, src/util/viridentity.*.
- debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and
DEB_AUTO_UPDATE_AUTOHEADER.
- debian/control: specify version of policykit-1 security update, add
libpolkit-gobject-1-dev to Build-Depends.
- CVE-2013-4311
* SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
- debian/patches/CVE-2013-4296.patch: properly initialize stats in
daemon/remote.c.
- CVE-2013-4296
* add-bounds-checking-on-virdomainmigrate: upstream patch for CVE-2013-4292
* security-provide-supplemental-groups: upstream patch for CVE-2013-4291
* apply all patches from v1.1.1-maint
* cherrypick xen-use-internal-interfaces-in-xendomainusedcpus from upstream
git.
* debian/apparmor/usr.sbin.libvirtd: Include the system bus abstraction in
the libvirtd AppArmor profile as libvirtd connects to the D-Bus system bus
* debian/patches/fix-remote-client-segfault.patch: Fix segfault when
using a remote client.
[ Chuck Short ]
* New usptream version:
- Dropped:
+ debian/patches/CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters:
no longer needed.
+ debian/patches/ubuntu-xen-hypervisor-4.3.patch: no longer needed.
+ debian/patches/ubuntu-xen-fix-api-deadlocks.patch: no longer needed.
- Rediffed:
+ debian/patches/Don-t-enable-default-network-on-boot.patch
+ debian/patches/9005-increase-unix-socket-timeout.patch
[ Stefan Bader ]
* Add apparmor rights to call into /usr/lib/xen-common/bin/xen-toolstack
to figure out which one is active.
* debian/patches/ubuntu-xend-probe.patch: Fix failure to detect
whether Xen uses xm/xend toolstack or xl/libxl. Avoid running
"xend status" as we do not package that in a pbublic path.
* [22913a0] Skip tests on all architectures except for i386 and amd64 as we
did with cdbs
* [23a28f2] CVE-2013-4153: qemu: Fix double free of returned JSON array in
qemuAgentGetVCPUs() Thanks to Peter Krempa (Closes: #717354)
* [85b5fda] CVE-2013-4154: qemu: Prevent crash of libvirtd without guest
agent configuration. Thanks to Alex Jia (Closes: #717355)
* [3a2a899] Create directory for lease files if it's missing
(Closes: #715200)
* [000df64] Don't assume EXAMPLES_DIR exists as seen on the autobuilders
(Closes: #717059)
* [8369f65] Fix crash when multiple event callbacks were registered.
CVE-2013-2230. Thanks to Ján Tomko (Closes: #715559)
* [ac2fb88] Create /var/lib/libvirt/qemu/channel/target (Closes: #712179)
* [54deab3] Switch to dh
* [642e1f9] Set LD_PRELOAD empty (Closes: #714515)
[ Guido Günther ]
* [f0c8ed9] Remove now unused DM-Upload-Allowed
* [aff716e] Depend on newer libnetcf1 that has a proper symbols file so we
can drop the explicit libnetcf1 dependency in libvirt-bin
(Closes: #712073)
* [985164b] New upstream version 1.1.0. Addresses CVE-2013-2218.
(Closes: #714699)
* [390c5bd] Update symbols file
* [9854fa9] Rebase patches
* [9f9bb30] Move renaming of the service files prior to the dh_systemd_*
helpers so they pick up the right service name.
[ Michael Stapelberg ]
* [5978fc0] switch to dh-systemd for proper systemd maintscripts
(Closes: #714197)
* [d233204] Make sure qemu.conf isn't world readable by default
since the user might add passwords to it. (Closes: #710537)
* [3a2c75c] New upstream version 1.0.6
* [792d607] Update symbols
* [7921e44] Update patches:
Changed patches.
Debianize-libvirt-guests.patch adjuste to upstream changes
Dropped patches (applied upstream):
Add-sanitytest.py.patch
Fixup-rpcgen-code-on-kFreeBSD-too.patch
Make-detect_scsi_host_caps-a-function-on-all-archite.patch
daemon-fix-leak-after-listing-all-volumes.patch
virInitctlRequest-Don-t-hardcode-384-bytes-size.patch
virthreadpthread-don-t-try-to-cast-pthread_t-to-void.patch
* ubuntu-xen-fix-api-deadlocks.patch (LP: #1191782)
Fix the deadlocks in the xen driver when doing a dumpxml for active
domains.
* ubuntu-libxl-qemu-nopath.patch
Create libxl configurations without paths for qemu-dm and hvmloader.
The Xen toolstack can figure this out.
* ubuntu-xen-hypervisor-4.3.patch
Update the xen driver to handle the new sysctl and domctl versions
in Xen-4.3.
* Add apparmor definitions to execute scripts in /etc/xen/scrips as
the libxl driver calls out to them (with the xen/xm driver this was
done by the xen toolstack and communication with that was through
a socket).
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow owner read of
@{PROC}/[0-9]*/status
* Apply CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters.
* New upstream relase.
+ Dropped patches:
- debian/patches/vnc-socket.patch: Dropped no longer needed.
- debian/patches/Add-sanitytest.py.patch: Dropped no longer needed.
* debian/libvirt-bin.postinst: Make sure qemu.conf isn't world readable
by default.
* Upload to unstable (Closes: #709216, #705205)
* [037b674] daemon: fix leak after listing all volumes.
Thanks to Ján Tomko (Closes: #708647)
* [3686504] virInitctlRequest: Don't hardcode 384 bytes size
another kFreeBSD build fix
* [b47d706] Disable xen and vbox on all non-linux platforms
* [031648a] Fixup rpcgen code on kFreeBSD too
* [5154850] Make detect_scsi_host_caps a function on all architectures.
Another kFreeBSD build fix
* [c90d756] New upstream version 1.0.5
Fixes a kFreeBSD build failure
* [910e185] virthreadpthread: don't try to cast pthread_t to void*
Fixes another build failure on kFreeBSD
* [3f914e6] Add back sanitytest.py that got lost in the upstream tarball
* New upstream release:
+ Dropped patches:
- debian/patches/fix-virterror-namechange
- debian/patches/apparmor-use-apparmor-setfdlabel
- debian/patches/prevent-lxc-shutdown-host.patch
- debian/patches/apparmor-no-need-to-check-security-model
- debian/patches/nonblock-fix.patch
+ Refreshed patches:
- debian/patches/9002-better_default_uri_virsh.patch
- debian/patches/enable-kvm-spice.patch
- debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
* debian/patches/Add-sanitytest.py.patch: Add patch to fix missing sanitytest.py
when building the testsuite.
* debian/libvirt-dev.install: dont't ship files for static linking.
* [c2302f5] Dont' fail with aug-tools installed.
Thanks; Manuel VIVES (Closes: #705528)
* [60e9fd4] New upstream version 1.0.5~rc1
* [2625e81] Update patches. Dropped.
Add-sanitytest.py.patch
applied upstream.
* [f16f97d] Don't ship files for static linking
* [77362d6] Update symbols
* [ddd8c30] lxc: Init activeUsbHostdevs (Closes: #700267)
* [95adca0] New upstream version 1.0.4
* [237a6ca] Update symbols file
* [38c4d9a] New upstream version 1.0.3
* [4fa2cf2] Update patches.
Dropped (fixed upstream)
- Hook-log-the-exit-status-of-the-hook-not-256.patch
* [ab5c109] Add sanitytest.py missing from the upstream tarball
* [524cdb1] Properly remove libvirt-qemu group and user.
Thanks to Adam D. Barratt for noticing
* [5dbabe0] Use "getent passwd" instead of the non existing "getent user"
Thanks again to Adam D. Barratt
* [f59b09c] Only add libvirt-qemu user to libvirt-qemu group once when the
group gets created
* [9afb984] Enable systemd services
* [623674a] New upstream version 1.0.3~rc2
* [e0bccfc] Update symbols
* [7414d07] Refresh patches.
Drop
Fix-missing-error-constants-in-libvirt-python-module.patch
complete-virterror-virerror-name-change.patch
fixed upstream.
* [bae2f7b] Hook log the exit status of the hook not 256
(Closes: #701570)
* [6270001] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
instances. This makes sure we don't chown files to groups possibly used
by other programs. (Closes: #701649)
* [7e3ee2f] Cherry-pick upstream fixes for Python bindings (Closes: #700077)
* [7adf6b4] New upstream version 1.0.2
* [1156772] Drop Don-t-fail-the-build-without-libcurl-and-esx.patch
applied upstream
* [5d66d5a] Rediff patches
* debian/libvirt-bin.{dirs,install}: install dnsmasq.d-available/libvirt-bin
(LP: #1113821)
* debian/patches/nonblock-fix.patch: cherrypicked upstream patch to
not mark qemu migration fd non-blocking. This fixes tcp live
migration. (LP: #1157626)
* Add code to postinst to fix any double-migration of /etc/dnsmasq.
(LP: #1157332)
* debian/patches/prevent-lxc-shutdown-host.patch: Backport fix
from upstream to prevent lxc-containets shutting down the host.
* No-change rebuild against libudev1
* put libvirt-bin dnsmasq file into /etc/dnsmasq.d-available, and
create a symlink in /etc/dnsmasq.d, to avoid problems when removing
and re-installing libvirt-bin. (LP: #1113821)
* libvirt-bin.postinst: also put admin group members into the libvirtd
group, to support systems installed before precise. (LP: #1124127)
* libvirt-bin.postinst: use getent group instead of grep /etc/group
* rules: pass path to collie to enable sheepdog backend (LP: #1129107)
* control, rules: enable building against libaudit, which is in main.
* Really refresh debian/patches/fix-ubuntu-xen-qemu-dm-path.patch and
not only claim to and disable it.
* debian/apparmor/libvirt-qemu: allow qemu read access to
@{PROC}/sys/vm/overcommit_memory
* Update Readme.Debian
- we use libvirtd, not libvirt group (LP: #1095140)
- we add users from sudo, not admin group, to libvirtd.
* libvirt-bin.postinst: put users from sudo, not admin group, into group
libvirtd. (LP: #1124127)
* libvirt-bin.postrm: only remove /etc/dnsmasq.d/libvirt-bin during
remove. (LP: #1113821)
* debian/patches/fix-virterror-namechange: Include virterror otherwise
python-libvirt wont be able to find any error codes.
[ Chuck Short ]
* New upstream release:
+ Dropped patches:
- debian/patches/Add_RESUME_event_listener_to_qemu_monitor.patch
- debian/patches/build-work-around-broken-kernel-header.patch
- debian/patches/bridge-fix-persistent-networks.patch
- debian/patches/CVE-2013-0170.patch
- debian/patches/qemu-relax-hard-rss-limit.patch
- debian/patches/9003-better-default-arch.patch
+ Refreshed patches:
- debian/patches/fix-ubuntu-xen-qemu-dm-path.patch
- debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
- debian/patches/9021-fix-uint64_t.patch
- debian/patches/9020-lp545795.patch
- debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
+ debian/libvirt0.install: Add libvirt-lxc.so.*
[ Serge Hallyn ]
* debian/patches/fix-virterror-namechange: fix unfinished name change
causing errors in generated libvirt.py.
* [5ce607c] Make python-libvirt depend on the exact same libvirt0 version
(Closes: #697852)
* [9335bdd] New upstream version 1.0.2~rc1
* [8af24a9] Dropped patch
Define-SANLK_INQ_WAIT-if-missing-in-headers.patch - fixed upstream
* [be521af] Update symbols
* [47dbf6b] New patch Don-t-fail-the-build-without-libcurl-and-esx.patch
* [9e52c7b] Install libvirt-lxc.so
* [753d41c] Add epoch to libnetcf1 dependency (Closes: #697457)
* [11f91ea] Make sure we build against sid's libaudit since libaudit0 and
libaudit1 aren't coinstallable (see #697459).
* [0019ff9] Pass WITH_AUDIT to configure (Closes: #688177)
* [faf7972] Add epoch to libnetcf build dependency since both the usuable
and unusable verion carry an epoch now (Closes: #697303)
* [e722456] New upstream version 1.0.1
* [dccead7] Update patches
* [1384de7] Dropped patches.
* Define-SANLK_INQ_WAIT-if-missing-in-headers.patch - fixed upstream
* SECURITY UPDATE: denial of service and possible code execution via
uninitialized pointer
- debian/patches/CVE-2013-0170.patch: remove message from queue before
freeing in src/rpc/virnetserverclient.c.
- CVE-2013-0170
* debian/apparmor/libvirt-qemu: add /usr/share/ovmf/** r (LP: #1074207)
* add qemu-relax-hard-rss-limit.rss to avoid OOM kills (LP: #1102290)
* debian/rules: replace --without-vbox with --with-vbox (LP: #1103721)
* New upstream version. (LP: #1102487)
+ Dropped apparmor-allow-hugepages
+ update dnsmasq-as-priv-user, upstream now uses a configuration file.
+ swap Add_RESUME_event_listener_to_qemu_monitor.patch from git tree for
the backported handle_resume_1.0.0-0ubuntu4.patch.
+ rebuild debian/patches/build-work-around-broken-kernel-header
+ add bridge-fix-persistent-networks.patch from upstream to fix bug
where new networks are not marked persistent.
* [dca42fb] Rely on DBus activation for hal (Closes: #694020)
* [cbb8fd5] Disable firewalld since this would make us hard depend on DBus
* [751c235] New upstream version 1.0.1~rc1
* [f672206] Update patches
* [a6fae3d] Define SANLK_INQ_WAIT if missing in headers
* [50956c7] libvirt-guests init script moved
for better systemd integration
* [a05c9c7] Update symbols
* [f5c8dae] New upstream version 1.0.0
* handle_resume_1.0.0-0ubuntu4.patch: Add RESUME event listener to qemu
monitor (LP: #1097824)
* build-work-around-broken-kernel-header: work around FTBFS due to a
broken linux/if_bridge.h.
* debian/patches/apparmor-allow-hugepages: update apparmor policies to
allow use of hugepages. (LP: #646468)
* debian/patches/vnc-socket.patch: If a vnc socket is in use, add it's
path to the apparmor policy. (LP: #1069534)
* libvirt-bin.postinst: on first install, don't autostart virbr0 if
192.168.122.0 already is in use. On upgrade, always autostart
virbr0 if and only if it was autostarted before the upgrade.
* debian/patches/add-armhf-sysinfo-infomration.patch: Disable
to fix FTBFS on arm.
[ Chuck Short ]
* New upstream version:
+ droppped:
- debian/patches/CVE-2012-3445.patch
- debian/patches/fix-cve-2012-4423
- debian/patches/lp1039678.patch
- debian/patches/add-libvirt-highbank-support.patch
- debian/patches/add-armhf-cpuinfo-parser.patch
- debian/patches/fix-lxc-container-unmounting.patch
- debian/patches/libnl3-build-fix.patch
- debian/patches/Don-t-require-gawk-for-a-simple-print-expression.patch
- debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
- debian/patches/qemu-warn-on-pc-0.12.patch
- debian/patches/storage-default-pool-permission-mode-to-0755
- debian/patches/netcf-daemon-fix-wrong-macro-name
- debian/patches/xen_hypervisor-treat-missing-privcmd-file-as-temporary.patch
+ Re-diffed:
- debian/patches/9002-better_default_uri_virsh.patch
- debian/patches/dnsmasq-as-priv-user
- debian/patches/enable-kvm-spice.patch
+ debian/control, debian/rules: Turn on rbd pool storage.
[ Serge Hallyn ]
* Add patches to fix apparmor labeling issue at VM start:
- apparmor-no-need-to-check-security-model
- apparmor-use-apparmor-setfdlabel
* [d3d06ad] New upstream version 1.0.0~rc3
* [610ff5d] Drop Create-temporary-dir-for-socket.patch, applied upstream.
* [55ec399] Don't try to configure systemtap support on architectures
lacking support for it.
* [a2dd93d] Adjust systemtap build-dependency to architectures that actually
have it.
* [2b79e3d] New upstream version 1.0.0~rc2
* [79d2200] Add empty systemtap dir so dh_install doesn't fail on kFreeBSD
* [e68850a] Create temporary dir for socket to avoid ENAMETOOLONG
* [51182d6] New upstream version 1.0.0~rc1
* [a8b162b] Refresh patches.
Fixed upstream:
* Properly-parse-unsigned-long-long.patch
* storage-lvm-Don-t-overwrite-lvcreate-errors.patch
* storage-lvm-lvcreate-fails-with-allocation-0-don-t-d.patch
* [418be04] Update symbols
* [f3fdef3] Install systemtap tapsets on Linux
* [e18098f] Build require a netcf linked against libnl-3-dev
* [8acbd16] Adjust to changed policy file names
* [cb74dfd] Properly parse (unsigned) long long in the python bindings to
fix those on platforms where sizeof(long) != sizeof(long long).
This fixes virt-install's '--location='.
* [ce15a08] Build against libnl-3 on Linux systems (Closes: #688167)
* [19ec20b] Depend on a libnetcf1 that's build against libnl3 to avoid
pulling in libnl1 symbols.
* [20830ab] Mark sheepdog as linux-any since it's not available on kFreeBSD
* [be7423c] Allow xen toolstack to find it's binaries.
Thanks to George Dunlap for the patch. (Closes: #685749)
* [40e1704] Enable auditing on linux-any.
Thanks to Laurent Bigonville for testing. (Closes: 688177)
* [8d56723] New upstream version 0.10.2
* [312d8e6] Update symbols
* [cd7e695] Recommend pm-utils used for host power management.
* [2f928f7] Add missing "-d" to libvirt-bin's restart option otherwise
daemon restarts will just hang. Thanks to Laurent Bigonville.
(Closes: #688146)
* [aa3d87e] New upstream version 0.10.1
* [39ae471] Drop Revert-security-Add-DAC-to-security_drivers.patch: fixed
upstream.
* [b531061] Update symbol file
* [8d4f9dc] Enable sheepdog support
* Upload to unstable
* [dca42fb] Rely on DBus activation for hal (Closes: #694020)
* [cbb8fd5] Disable firewalld since this would make us hard depend on DBus
* [b3ae724] New upstream version 0.10.0
* [19618d9] Update symbols file
* Dropped patches, fixed upstream:
* security/CVE-2012-3445.patch
* virsh-Initialize-library-before-calling-virResetLast.patch
* Don-t-require-gawk-for-a-simple-print-expression.patch
* [2a5d5b7] Revert "security: Add DAC to security_drivers" to allow guest
start. Thanks to Peter Krempa and Marcelo Cerri for tracking this down.
* [6cf501c] New upstream version 0.9.13
* [8ff7077] Fix CVE-2012-3445 with upstream commit
6039a2cb49c8af4c68460d2faf365a7e1c686c7b. (Closes: #683483)
* Refresh fix-ubuntu-xen-qemu-dm-path.patch to only use executable
names and let the toolchain find out the right paths (LP: #914788).
Thanks George Dunlap.
* Refresh and re-activate xen_hypervisor-treat-missing-privcmd-file-
as-temporary.patch (LP: #922486)
* SECURITY UPDATE: denial of service via invalid RPC command
- debian/patches/CVE-2012-3445.patch: make sure nparams isn't set to
zero in daemon/remote.c.
- CVE-2012-3445
* apply fix-cve-2012-4423 from upstream to prevent potential daemon
segfaults with newer virsh.
- Fixes: CVE-2012-4423.
* debian/patches/lp1039678.patch: fix segfault in 'snapshot-list'
- LP: #1039678
* debian/libvirt-bin.apport: add filter on AppArmor profile names to
prevent false positives from denials originating in other packages.
* debian/apparmor/libvirt-qemu: allow owner read access to @{PROC}/*/auxv
* enable netcf support (LP: #520386)
- debian/control: build-dep on libnetcf-dev
- debian/rules: add --with-netcf to configure args
* add patch netcf-daemon-fix-wrong-macro-name from upstream so netcf support
can actually work.
* add patch Reduce-udevadm-settle-timeout-to-10-seconds.patch (copied from
Debian tree) to fix 3 minute hang during pool-refresh when using LVM
backed pools. (LP: #1027987)
* debian/control: add pm-utils to libvirt-bin Suggests. (LP: #994476)
* debian/patches/add-armhf-sysinfo-infomration.patch:
Provides cpuinfo for armhf cpus.
* debian/patches/add-armhf-cpuinfo-parser.patch:
Fixes compile time warning about armhf cpus.
* debian/apparmor/libvirt-qemu: add ceph.conf (LP: #1026404)
* debian/patches: re-add 9002-better_default_uri_virsh.patch (LP: #1026515)
* Apply upstream patch to switch default storage pool dir perms from 0700
to 0755. Then push our own patch to change that to 0711. We'll get the
upstream patch on 0.9.14 merge, but we'll want to keep our patch on top
of that.
* New upstream version:
* debian/rules: Remove .la files
* debian/control: Dropped debian vcs info.
* Dropped:
- debian/paches/9022-pass-the-virt-driver-name-into-security-drivers:
Already applied upstream.
- debian/patches/9023-dont-enable-apparmor-driver-with-lxc
Already applied upstream.
- debian/patches/9024-initialize-random-generator-in-lxc:
Already applied upstream.
* Re-diffed:
- debian/patches/9002-better_default_uri_virsh.patch
* Added:
- debian/patches/add-libvirt-highbank-support.patch: Add highbank
CPU detection support.
- debian/patches/fix-lxc-container-unmounting.patch: Fix container
mounting.
* [505f873] New upstream version 0.9.13~rc2
* [bd1c1e0] Rebase patches
* [628a05a] Add empty systemd dir on kFreeBSD to make dh_install pass
* [e5b4fbf] Remove -d from libvirtd_opts
so we can use the same options in the systemd unit file without having
to fork there too.
* [9deae39] New upstream version 0.9.13~rc1
* [487acd7] Drop Include-stdint.h-for-uint32_t.patch fixed upstream
* [ab7be10] Drop Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
applied upstream
* [385bac4] Rebase remaining patches
* [cb0d1f7] Update symbol versions
* [c2bd465] Remove *.la files generated for dynamically loaded modules
* [e4714b7] Add sanlock support.
Thanks to David Weber (Closes: #676345)
* [5f715ed] Install systemd init scripts on Linux
* Setting urgency to high since it's a security only fix
* [c0f4995] New patch security-Fix-libvirtd-crash-possibility.patch.
Fix libvirtd crash possibility (CVE-2012-4423)
Thanks to Martin Kletzander (Closes: #687598)
* [80ac2a6] Fix CVE-2012-3445 with upstream commit
6039a2cb49c8af4c68460d2faf365a7e1c686c7b (Closes: #683483)
* [6b610b6] Include stdint.h for uint32_t to fix the build on kFreeBSD
* Upload to unstable to fix CVE-2012-2693. Bumping urgency to medium.
(Closes: #677496)
* [9515e28] Only check for cluster fs if we're using a filesystem
(Closes: #676328)
* [202939f] Reduce udevadm settle timeout to 10 seconds
(Closes: #663931)
* [75e280b] New upstream version 0.9.12
* 9024-initialize-random-generator-in-lxc: invoke virRandomInitialize()
to prevent segfaults when lxc uses virRandomBits(). (LP: #1023205)
* 9022-pass-the-virt-driver-name-into-security-drivers and
9023-dont-enable-apparmor-driver-with-lxc: fix libvirt-lxc breakages
due to incomplete apparmor security driver for lxc.
* install apport hook as right name - libvirt-bin is the binary package,
the source package name is libvirt. (LP: #1007405)
* install /etc/dnsmasq.d/libvirt to configure system wide dnsmasq to not
listen on the libvirt bridge. (Following Stéphane's lxc example)
(LP: #928524) (LP: #231060)
- postinst: restart dnsmasq; postrm: remove dnsmasq.d/libvirt file and
restart dnsmasq; rules, libvirt-bin.dirs and libvirt-bin.install:
install new debian/libvirt-bin.dnsmasq file.
* Warn user about bad pc-0.12 machine type, and help user transition.
(LP: #1001625)
- qemu-warn-on-pc-0.12.patch: When defining or starting a VM which uses the
pc-0.12 machine type, warn in libvirtd.log.
- debian/libvirt-migrate-qemu-machinetype: automatically migrate QEMU VMs
to newest machine type. This is not done automatically as there will
be some users who have good reason to stay with pc-0.12.
* New upstream version:
* Synchronize with debian packaging:
- debian/control: Update build depends.
- debian/libvirt-bin.postrm: Cleanup /var/log/libvirt
on purge.
- Bump standards verson (no changes).
- debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch: Added
* Dropped patches:
- debian/patches/Debianize-libvirt-guests.patch
- debian/patches/rewrite-lxc-controller-eof-handling-yet-again
- debian/patches/ubuntu/libnl13.patch
- debian/patches/ubuntu/fix-lxc-startup-error.patch
- debian/patches/ubuntu/fix-bridge-fd.patch
- debian/patches/ubuntu/skip-labelling-network-disks.patch
- debian/patches/ubuntu/xen-xend-shutdown-detection.patch
- debian/patches/ubuntu/xen-config-no-vfb-for-hvm.patch
- debian/patches/debian/Disable-daemon-start-test.patch
- debian/patches/debian/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
- debian/patches/ubuntu/9006-default-config-test-case.patch
- debian/patches/fix-block-migration.patch
- debian/patches/ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch
- debian/patches/ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch
- debian/patches/ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch
- debian/patches/9025-qemu-change-rbd-auth_supported-separation-character-.patch
- debian/patches/ubuntu/arm-gcc-workaround.patch
* Rediffed:
- debian/patches/Allow-libvirt-group-to-access-the-socket.patch
- debian/patches/Disable-failing-virnetsockettest.patch
- debian/patches/dnsmasq-as-priv-user
- debian/patches/9002-better_default_uri_virsh.patch
* debian/control: Add libnl-route-3-dev ass a build depends.
* debian/patches/libnl3-build-fix.patch: Fix build with libnl3.
* [721a2d8] New upstream version 0.9.12~rc2
* [a469ff6] Update symbols
* [a483028] Daemon tests changed so update the patches
* [fbd9c12] Drop virURIParse-don-t-forget-to-copy-the-user-part applied
upstream
* [00931ed] Update gbp.conf for experimental
* [f254551] New upstream version 0.9.11.3
* [5362229] Drop virURIParse-don-t-forget-to-copy-the-user-part.patch.
Fixed upstream.
* [36ed9f0] Update symbols file
* [70dcb2e] Make module-init-tools a linux-any dependency
(Closes: #667477)
* [ea112f4] Depend on dwarves for checks requiring pdwtags
* [5152b85] virURIParse: don't forget to copy the user part
(Closes: #667636)
* Upload to unstable
* [34aa61b] New upstream version 0.9.11
* [649c570] Build-dependency on virtualbox-ose no longer needed.
Thanks to Jean-Baptiste Rouault (Closes: #663589)
* [8323080] We need gcrypt so build-depend on it although it's already being
pulled in by gnutls. Thanks to Serge Hallyn (Closes: #660018)
* [b8ad28b] Build-dependency on virtualbox-ose no longer needed.
Thanks to Jean-Baptiste Rouault (Closes: #663589)
* [049b63b] New upstream version 0.9.11~rc1
* [deacbc5] Update symbols file
* [697838f] Update Debianize-libvirt-guests.patch
with new config option PARALLEL_SHUTDOWN
* [ba62183] Bump standards version (no changes)
* [bece9d3] Install missing manpages
* Upload to unstable
* [63a7e8c] New upstream version 0.9.10
* Upload to experimental
* [8f97b0f] New upstream version 0.9.10~rc1
* [7636706] Update symbols
* [8d776a5] Drop xen-Don-t-crash-when-we-fail-to-init-caps.patch applied
upstream.
* Upload to unstable
* [367b47b] Enable netcf support (Closes: #567606)
* [97182f9] Don't fail if we can't setup avahi. We'd need to make this a
hard dependency otherwise.
* [bf94bbd] xen: Don't crash when we fail to init caps (Closes: #656075)
* [56f2dbc] Cleanup /var/log/libvirt on purge (Closes: #656460)
* [dd5f96f] New upstream version 0.9.9
* [623022f] Rebase patches
* [77eb5a4] Update symbols file
* debian/apparmor/usr.sbin.libvirtd: allow execution of /lib/udev/scsi_id
(LP: #992378)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: add /**.qed r so qed
drives in non-standard locations can be used. (LP: #981571)
[ Serge Hallyn ]
* Apply patches from Josh Durgin <josh.durgin@dreamhost.com> to make
attaching rbd volumes and taking snapshots of them work.
- ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch
- ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch
- ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch
- ubuntu/9025-qemu-change-rbd-auth_supported-separation-character-.patch
[ Stefan Bader ]
* Do not use vfb sections in HVM graphics definitions (side-
effect will create a vkbd device as well which causes error
messages in the HVM guest). (LP: #973529)
[ Stefan Bader ]
* Use domain/status to check for inactive domains in the xend sub-
driver. (LP: #929626)
* Prevent the hypervisor sub-driver from logging an internal error
just because it cannot find a certain domain when looking for
the number of vcpus. (LP: #963006)
* re-enable numa (undo delta against debian) (LP: #614322):
- debian/control: remove from dependencies
- debian/rules: turn it off
* ubuntu/skip-labelling-network-disks.patch: don't try to label network
drives with apparmor. It fails. (LP: #949428)
[ Stefan Bader ]
* Never use type=ioemu for NIC definitions. It is not needed
and actually breaks the paravirt interface which always gets
created in parallel.
[ Serge Hallyn ]
* run dnsmasq as a new libvirt-dnsmasq user (LP: #938255)
- ubuntu/dnsmasq-as-priv-user: add '-u libvirt-dnsmasq' to dnsmasq args
- debian/libvirt-bin.postinst: create libvirt-dnsmasq user
- tests/networkxml2argvdata/*.argv: update expected dnsmasq command lines
to include '-u libvirt-dnsmasq'.
[ Chuck Short ]
* cherry-pick rewrite-lxc-controller-eof-handling-yet-again (commit
9130396214975ba2251082f943c9717281039050) from upstream.
* debian/control: add libgcrypt11-dev to build-depends (LP: #932889)
[ Stefan Bader ]
* xen_hypervisor: libvirtd can be started before xenfs has been loaded
as a module. A missing privcmd file is not necessarily a permanent
error. (LP: #922486)
[ Serge Hallyn ]
* debian/libvirt-bin.upstart: start on just 'runlevel [2345]'
* ubuntu/fix-bridge-fd.patch: cherrypick commit
2d5046d31f4f5c961fc4aa6b415a00bb9eadae2b from upstream to write the
bridge delay to the right file. (LP: #924446)
[ David weber ]
* debian/patches/fix-block-migration.patch: Fix block-migration for large images.
[ Guilhem Lettron ]
* debian/apparmor/libvirt-qemu: add apparmor rule for mavtap (LP: #921870)
* debian/patches/fix-lxc-startup-error.patch: Fix lxc start up error.
(LP: #921004)
* debian/libvirt-bin.postinst: even if we think it's a new install, don't
assume that /etc/libvirt/qemu/networks/autostart/default.xml doesn't
exist.
* debian/patches/fix-ubuntu-xen-qemu-dm-patch.patch:
Update patch due to failing tests.
* debian/control: add dbus to libvirt-bin depends. It fails to start
otherwise. (LP: #918343)
* debian/patches/fix-ubuntu-xen-qemu-dm-path.patch:
Fix qemu-dm paths so Xen can be used with libvirt.
(LP: #914788)
* Merge from Debian Unstable, remaining changes are:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- swap open-iscsi to open-iscsi-utils
- remove virtualbox-ose
- add libapparmor-dev
- swap libnl-dev for libnl3-dev
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommends: move lvm2 to Suggests
* Install cgroup-lite
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded clean:: section (they only deal with sysvinit stuff)
* comment out binary-install/libvirt-bin:: part dealing with sysvinit
* dont ship libvirt-guests init script for now.
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* debian/patches/series:
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches(/ubuntu):
- Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches
- drop patches:
* 9000-delayed_iff_up_bridge.patch
* 9011-move-ebtables-script.patch
* apparmor-allow-tunnelled-migration.patch
* apparmor-allow-tunnelled-migration-2.patch
* fix-qemu-1.0.patch
* conf-dont-drop-console-def-ondomain-restart.patch
- keep (and refreshed) patches:
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
* libnl3.patch
* arm-gcc-workaround.patch
* disable numa - until the MIR for numa is done
- debian/control: remove from dependencies
- debian/rules: turn it off
* Fix default network autostart symlink disappearing on upgrade (LP: #901298)
- debian/libvirt-bin.preinst: note if the symlink exists
- debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading
from one of the broken versions, then recreate the symlink. (Continue
to create the symlink on new installs.)
* enable use of libvirt with kvm-spice (LP: #903962):
. src/qemu/qemu_capabilities.c: search for 'kvm-spice' before
'kvm' (debian/patches/ubuntu/enable-kvm-spice.patch)
. debian/apparmor/libvirt-qemu:
* prepend 'owner' to /run/shm/spice.* rule
* add more needed spice perms
* Upload to unstable. Works with qemu-kvm and qemu 1.0.
(Closes: #652454)
* [8a35c97] New upstream version 0.9.8
* [52e19b5] Drop remote_driver-don-t-fail-if-keepalive-check-fails.patch
applied upstream.
* [e50aac4] remote_driver: don't fail if keepalive check fails. This fixes
remote connections to older libvirt versions.
* [9b1abb2] New upstream version 0.9.8~rc2
* [99476ba] New upstream version 0.9.8~rc1
* [3bdcf07] Make radvd a linux-any build-dep (Closes: #649635)
* [7546785] Drop patch storage-forbid-rebuilding-existing-disk-storage-pool
applied upstream.
* [0c2afdb] Rediff remaining patches
* [3d121b2] Update symbols file
* Don't apply ubuntu/conf-dont-drop-console-def-ondomain-restart.patch:
it breaks virt-manager.
* debian/patches/ubuntu/conf-dont-drop-console-def-ondomain-restart.patch:
cherrypicked from upstream to fix 'virsh console'. (LP: #915355)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: Update for nova.
(LP: #907269)
* move cgroup-lite | cgroup-bin to depends, now that cgroup-lite is in
main.
* enable use of libvirt with kvm-spice (LP: #903962):
. src/qemu/qemu_capabilities.c: search for 'kvm-spice' before
'kvm' (debian/patches/ubuntu/enable-kvm-spice.patch)
. debian/apparmor/libvirt-qemu:
* prepend 'owner' to /run/shm/spice.* rule
* add more needed spice perms
* move cgroup-lite | cgroup-bin to depends, now that cgroup-lite is in
main.
* debian/control: Revert cgroup-lite | cgroup-bin move from suggests to
depends: cgroup-lite is not in main.
* debian/control: move (cgroup-lite | cgroup-bin) from Suggests to Depends.
Libvirt-lxc is broken without it.
* apparmor/usr.lib.libvirt.virt-aa-helper: add 'deny /dev/dm-*' to silence
warnings about lvm backing stores (LP: #912007)
[ Peter Silva ]
* apparmor/libvirt-qemu: add rules to enable spice audio
(LP: #913023)
* Build-Depend on libnl-3-dev. (LP: #908581)
* Update libnl3 patch to also pass LIBNL_CFLAGS in the LXC target.
* debian/apparmor/libvirt-qemu: add /etc/pki/CA/* and /etc/pki/libvirt/**
(LP: #901272)
* Fix default network autostart symlink disappearing on upgrade (LP: #901298)
- debian/libvirt-bin.preinst: note if the symlink exists
- debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading
from one of the broken versions, then recreate the symlink. (Continue
to create the symlink on new installs.)
* debian/patches/fix-qemu-1.0.patch: without this patch, libvirt fails
when trying to parse the version # from qemu 1.0.
* debian/rules, libvirt-bin.dirs and libvirt-bin.install: put
/etc/apparmor.d/local/usr.sbin.libvirtd into place. (fixes break since
0.9.7-2ubuntu4) (LP: #900857)
* Fix compile failure (VIR_WARN needs logging.h)
* debian/apparmor/usr.sbin.libvirtd:
- allow access to /etc/libvirt/hooks/** (LP: #891472)
- #include <local/usr.sbin.libvirtd> for site-local customizations
* debian/control: Suggest cgroup-lite | cgroup-bin (LP: #544146)
* debian/patches/ubuntu/apparmor-allow-tunnelled-migration-2.patch:
Warn but don't error out when we can't find a pathname for a file.
This is needed to support tunnelled migration. (LP: #869553)
* Don't override local removal of default network autostart on upgrades
(LP: #372001)
- re-enable debian/Don-t-enable-default-network-on-boot.patch
- debian/libvirt-bin.postinst: create default network autostart symlink
for new installs only.
* apparmor-allow-tunnelled-migration.patch: adjust virt-aa-helper to
allow tunnelled migration (LP: #869553)
(Thanks to Simon Deziel <simon.deziel@gmail.com>)
* fix break in last upload: really don't apply patch
debian/Don-t-enable-default-network-on-boot.patch
* Merged from debian unstable (LP: #889104) (LP: #890036).
Remaining changes are:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- swap open-iscsi to open-iscsi-utils
- remove virtualbox-ose
- add libapparmor-dev
- swap libnl-dev for libnl3-dev
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommends: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded clean:: section (they only deal with sysvinit stuff)
* comment out binary-install/libvirt-bin:: part dealing with sysvinit
* dont ship libvirt-guests init script for now.
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* debian/patches/series:
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches(/ubuntu):
- Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches
- drop patches:
* 9014-skip-nodeinfotest.patch # should this be dropped?
* lp832507.patch (applied upstream)
* 9029-skip-tests.patch
* lxc-use-own-ptyfns.patch (applied upstream)
- keep (and refreshed) patches:
* 9000-delayed_iff_up_bridge.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9011-move-ebtables-script.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
* libnl3.patch
* arm-gcc-workaround.patch
* disable numa - until the MIR for numa is done
- debian/control: remove from dependencies
- debian/rules: turn it off
* [b0bdb13] Enable numa support. (Closes: #648323)
Thanks to Ralf Spenneberg for testing
* [5b55828] Disk storage: forbid rebuilding existing disk storage pools
wiping all it's data.
* [d77511c] Build depend on radvd (Closes: #648551)
* [c06e393] debian/watch: match releases and release candidates
* [2d08768] New upstream version 0.9.7
* [a260f43] Add empty hooks dir (Closes: #623996)
* [0b10e48] Install logrotate files again. This got broken by moving to
separate build-dir. Based on a patch from Serge Hallyn. (Closes: #647953)
* [2d51700] New upstream version 0.9.7~rc2
* [bae02ad] Drop patches, now fixed upstream.
- Fix-storage-pool-source-comparison-to-avoid-comparin.patch
- Skip-socket-test-if-we-exceed-UNIX_PATH_MAX.patch
* [c0292f7] Skip socket test if we exceed UNIX_PATH_MAX.
* [764a29c] Fix storage pool source comparison to avoid comparing with self
Thanks to Daniel P. Berrange
* [6dba3c4] New upstream version 0.9.7~rc1
* [456c4b7] Update symbols file
* [a5b6513] debian/watch: allow for '-' in the version number so we also
catch the release candidates.
* [a5d0318] Drop Autodetect-if-the-remote-nc-command-supports-the-q-o.patch
fixed upstream.
* [fb8aed9] Update remaining patches
* [1f841c0] Move Debian specific patches to debian/patches/debian
* Move creation of /var/log/libvirt/{lxc,uml,qemu} dirs from libvirt-bin.dirs
to libvirt-bin.postinst. Otherwise after a 'apt-get remove libvirt-bin',
that dir will be removed (if empty) but /etc/logrotate.d/libvirtd will
still try to rotate it and raise errors. (LP: #886770)
* debian/rules: Fix a bug in the new logic for installing upstream-supplied
logrotate files. (LP: #887312)
* Sync changes from 0.9.6-2 to install the libvirtd manpage (LP: #522710)
* [6e5ad9d] Install libvirtd manpage. Thanks to Serge E. Hallyn
(Closes: #644457, #606069)
* [480ef36] Remove now superfluous build-dep on QEMU
* [86140cf] python-libvirt: Recommend libvirt-bin (Closes: #646440)
* [a76d37f] Build-depend and Recommend: parted since it's needed for disk
storage pool creation (found by libvirt-tck)
* [2e7bee9] Remove workaround for m68k ICE fixed in gcc-4.6 upstream and
Debian's gcc-4.4. Thanks to Thorsten Glaser
* debian/control: - add radvd to build-depends (LP: #862136)
* debian/control: remove moved relations from original:
- libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
- libvirt-bin Recommends: move qemu to Suggests
* debian/patches/lxc-use-own-ptyfns.patch: Re-add dropped patch.
* Merged from debian unstable, remaning changes are:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- remove [linux-any] from all dependencies
- remove [!linux-any] deps
- swap qemu to qemu-kvm and open-iscsi to
open-iscsi-utils in Build-Depends
- remove virtualbox-ose Build-Depends
- add parted and libapparmor-dev Build-Depends
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommands: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.manpages:
* add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS
is defined.
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded binary-install/libvirt-bin:: and clean::
sections (they only deal with sysvinit stuff)
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* dont ship libvirt-guests init script for now.
* debian/patches/9029-skip-tests.patch: Skip broken tests on ubuntu.
* debian/patches/series:
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches:
- dropped patches:
* 9001-dont_clobber_existing_bridges.patch
* 9026-lp795800.patch
* 9027-move-apparmor-load-to-genlabel.patch
* 9028-linux-3-0-no-micro.patch
* lp810270.patch
* CVE-2011-2511.patch
* lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch
* 0001-make-ptmx-a-bind-mount-rather-than-symlink.patch
* arm-startup-fixes.patch
- keep patches:
* 9000-delayed_iff_up_bridge.patch
* 9001-dont_clobber_existing_bridges.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9011-move-ebtables-script.patch
* 9014-skip-nodeinfotest.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
* 9026-lp795800.patch
* libnl3.patch
* arm-gcc-workaround.patch
* Disable-gnulib-s-test-nonplocking-pipe.sh.patch
* [828e4e3] New upstream version 0.9.6
* [59404f4] Use versioned X-Python-Version
* [0b43f12] Update symbols file
* [744aaeb] Drop Readd-LFS-support.patch - fixed upstream
* [f759960] Rediff remaining patches
[ Philipp Hahn ]
* [c9a080d] Build python-libvirt for all python versions (Closes: #628828)
* [a92d03e] New upstream version 0.9.4
* [76f0333] Run tests verbosely to ease error diagnostics
* [f4e7d0b] Work around ICE on m68k.
Thanks to Thorsten Glaser
* [ac6e760] Add directories chown'ed in the postinst.
Thanks to Houmehr Aghabozorgi for the report (Closes: #636965)
* [194722a] Simplify netcat probe and adjust testcase output to reduce
number of failing testcases.
* [05e5a06] Use libyajl QEMU JSON support
* [e7934f7] Use libpcap for ip address learning support
* [6661730] Readd LFS support
* [17d831b] Don't require gawk for a simple print expression
(Closes: #636712)
* [0e60a81] New upstream version 0.9.4~rc1
* [db6dbcc] Suggest radvd needed for IPv6
* [a9b77e5] Drop Catch-dnsmasq-start-failures.patch applied upstream
* [b18ac26] Rediff remaining patches
* [8ee8750] Update symbols
* [44874f6] Add directories chown'ed in the postinst. Thanks to Houmehr
Aghabozorgi for the report (Closes: #636965)
* [db6dbcc] Suggest radvd needed for IPv6
* [32ac1cf] Work around ICE on m68k. Thanks to Thorsten Glaser.
* [6db6929] Catch dnsmasq start failures
* [0254bfb] Add empty log directories to make logrotate happy
(Closes: #635239)
* Upload to unstable
* [331afb8] Move build rules to make sure DEB_BUILD_ARCH_OS is properly
defined.
Thanks to Serge E. Hallyn
* [4f3fe1d] Adjust directory permissions to what upstream uses to avoid
potential information leakage.
(Closes: #632332)
* [ab7ad05] Add sanlock dir
* [bc05a9d] Logrotate logs from HVs other than qemu too
(Closes: #625746)
* [320f8b6] New upstream version 0.9.3 (Closes: #633840)
* [fff5144] Update symbols
* [787d91c] Depend on dnsmasq-base, netcat-openbsd and openssh-client for
"make check"
* [1fa64b0] Remove article from libvirt-bin description to make lintian
happy.
* [3689fc5] Drop patches applied upstream:
- Skip-nodeinfo-test-on-non-intel-architectures.patch
- Split-out-dlopen-detection.patch
- nodeinfo-remove-superfluous-braces.patch
* [31b17c8] Drop Update-generated-autoconf-files.patch. No need to
regenerate autoconf for 0.9.3
* [65871eb] Adjust nc autodetect patch to new socket code
* [7b0c6df] Disable failing virnetsockettest until investigated further
* [248bc3f] Rediff remaining patches
* [b385504] Disable the testsuite on all architectures except i386 and amd64
so the current version can move into testing.
* [e523120] New patch Disable-gnulib-s-test-nonplocking-pipe.sh.patch.
Disable gnulib's test-nonplocking-pipe.sh.
* lxc_controller: use our own unlocpt+grantpt rather than glibc's, which
can't handle opening a pty in a devpts not mounted at /dev/pts.
(LP: #863629)
* Pull patches from upstream which prevent a race between lxc driver and
controller while a container is started, easily exposed by nova.
(LP: #842845)
* debian/patches/lp832507.patch: update virt-aa-helper to use the correct
paths for character devices that are pipes. This can be removed in
0.9.7. (LP: #832507)
* debian/patches/arm-startup-fies.patch: Fix typo in patch.
(LP: #845764)
[Serge Hallyn]
* do not rely on 'ip' or 'ifconfig' commands inside container (LP: #828211)
Reported and fixed by Scott Moser <smoser@ubuntu.com>.
* make ptmx a bind mount rather than a symlink (LP: #832123)
[Chuck Short]
* debian/arm-startup-fixes.patch: Dont detect DMI information on non-intel
compatible arches.
* debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch:
updated to support target systems where the grep utility has no -q
option. (LP: #792985)
* Source /etc/default/libvirt-bin at the upstart 'start' section (LP: #823638)
* Fix build failure on ARM, working around a GCC issue. LP: #823711.
* Port to libnl3.
* libvirt-bin.upstart: add a pre-stop script to shut down running VMs
before the host shuts down. (LP: #350936)
* SECURITY UPDATE: integer overflow in virDomainGetVcpus()
- debian/patches/CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to
verify maxinfo * maplen < REMOTE_CPUMAPS_MAX
- this can be dropped in 0.9.2-7/0.9.3
- CVE-2011-2511
* debian/libvirt-bin.apport: use new apport MAC function instead of
parsing and attaching AppArmor events here.
* debian/apparmor/libvirt-qemu: adjust for /dev/shm -> /run/shm transition
* debian/patches/lp810270.patch: adjust AppArmor profile for /var/run ->
/run
- LP: #810270
* Fix /etc/init/libvirt-bin.conf start on to wait until networking.conf
has stopped with success, meaning ifup -a completed successfully and
all auto-started network devices are up. (LP: #495394)
[ Scott Moser ]
* 9028-linux-3-0-no-micro.patch: support running libvirt with lxc on linux
3.0 (LP: #802977)
[ Jamie Strandboge ]
* debian/apparmor/usr.sbin.libvirtd: allow ipc_lock
* Merge from debian unstable. Remaining changes:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- remove [linux-any] from all dependencies
- remove [!linux-any] deps
- swap qemu to qemu-kvm and open-iscsi to
open-iscsi-utils in Build-Depends
- remove virtualbox-ose Build-Depends
- add parted and libapparmor-dev Build-Depends
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommands: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.manpages:
* add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS
is defined.
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded binary-install/libvirt-bin:: and clean::
sections (they only deal with sysvinit stuff)
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* debian/patches/series:
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches:
- dropped patches:
* 9022-allows-lxc-containers-with-lxcguest.patch (applied upstream)
* 9023-disable-test-poll.patch
* 9024-ftbfs-with-arm.patch (doesnt really fix arm just yet)
* 9025-CVE-2011-2178.patch (applied upstream)
- keep patches:
* 9000-delayed_iff_up_bridge.patch
* 9001-dont_clobber_existing_bridges.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9011-move-ebtables-script.patch
* 9014-skip-nodeinfotest.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
* 9026-lp795800.patch
[ Jamie Strandboge ]
* 9027-move-apparmor-load-to-genlabel.patch: 0.9.2 introduced a change that
caused aa_change_profile() to be called before the profile was loaded into
the kernel. Adjust AppArmorGenSecurityLabel() in
src/security/security_apparmor.c to load the profile itself, and adjust
AppArmorSetSecurityAllLabel() to reload the profile when stdin_fn is
specified. This patch can be removed in 0.9.3. (LP: #801569)
* [398a4dd] New patch Split-out-dlopen-detection.patch. Explicitly pass
-ldl since the lock manager needs it.
* [3be22be] New patch Update-generated-autoconf-files.patch. Update
generated autoconf files
* [008e65d] New patch Skip-nodeinfo-test-on-non-intel-architectures.patch:
Skip nodeinfo test on non intel architectures since the testfiles assume a
/proc/cpuinfo specific to this architecture.
* [17570fc] Enable OpenVZ on Linux only (Closes: #630099)
* [31a35bc] New patch nodeinfo-remove-superfluous-braces.patch
nodeinfo: remove superfluous braces to fix compilation on non intel
architectures
* [c6187ec] New upstream version 0.9.2
* [368375a] Update netcat detection to new code
* [e3319ee] Drop security-plug-regression-introduced-in-disk-probe-lo.patch
applied upstream
* [a1428a7] Refresh patches
* [77590ee] Update symbols
* [0626972] Depend on iproute
* [a1b211d] Version dependency on iptables and drop
Disable-CHECKSUM-rule.patch (Closes: #627595)
* [4fbc990] New patch security-plug-regression-introduced-in-disk-probe-lo.
patch (Closes: #629128)
- Fixes: CVE-2011-2178
* SECURITY UPDATE: 0.8.8 regression which reopens disk probing
(CVE-2010-2238). This can be dropped in 0.9.2.
- 9025-CVE-2011-2178.patch: use correct pointer address in
virSecurityManagerGetPrivateData()
- CVE-2011-2178
* fix virsh save when AppArmor driver is enabled
- 9026-lp795800.patch: src/security/security_apparmor.c: implement
AppArmorSetFDLabel(), which is now used by qemuMigrationToFile() if
our version of qemu supports fd migraton. This can be dropped in 0.9.3.
- LP: #795800
* debian/patches/9024-ftbfs-with-arm.patch: Fix FTBFS with arm.
* Depend on libxen-dev rather than libxen3-dev.
* Resynchronize and merge from Debian unstable (LP: #794378). Remaining
changes:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- remove [linux-any] from all dependencies
- remove [!linux-any] deps
- swap libxen to libxen3, qemu to qemu-kvm, and open-iscsi to
open-iscsi-utils in Build-Depends
- remove virtualbox-ose Build-Depends
- add parted and libapparmor-dev Build-Depends
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommands: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.manpages:
* add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS
is defined.
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded binary-install/libvirt-bin:: and clean::
sections (they only deal with sysvinit stuff)
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* debian/patches/series:
- don't apply Disable-CHECKSUM-rule.patch: our iptables can do this
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches:
- drop 9007-fix-daemon-conf-ftbfs.patch (looks like it may be fixed)
- drop patches applied upstream:
* 9022-drop-booton-when-kernel-specified.patch
* 9023-fix-lxc-console-hangup.patch
* 9024-fix-broken-commandtest.patch
* 9025-Pass-virSecurityManagerPtr-to-virSecurityDAC-Set-Res.patch
* 9026-security-avoid-memory-leak.patch
* 9027-CVE-2011-1146.patch
- keep patches:
* 9000-delayed_iff_up_bridge.patch
* 9001-dont_clobber_existing_bridges.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9011-move-ebtables-script.patch (refreshed)
* 9014-skip-nodeinfotest.patch (modified to make it apply)
* 9020-lp545795.patch (modified to make it still apply)
* 9021-fix-uint64_t.patch
* 9022-allows-lxc-containers-with-lxcguest.patch (renamed, modified
to make it still apply, and added DEP-3 tags).
- new patches:
* 9023-disable-test-poll.patch - don't run broken test-poll
* [1546b8c] New upstream version 0.9.1
* [2418ebf] Rediff patches
* [d4e2b71] Drop Make-sure-DNSMASQ_STATE_DIR-exists.patch: applied upstream
* [0fef693] libvirt0: Update symbols
* [b4ff149] Bump standards version to 3.9.2
* [3a8e07f] New patch Make-sure-DNSMASQ_STATE_DIR-exists.patch
(Closes: #623536)
* [a91c8f6] New upstream version 0.9.0
* [1608a8c] Drop patch Make-macros-work-as-rvalues.patch, fixed upstream
* [85c3f78] Fix test failure caused by our libvirtd.conf changes
* [0defeee] Fix crashes due to missing initialization of the error system
* [0a63618] Disable daemon start test for now
* [1c29d34] Enable testsuite
* [cf3a26f] Build for Python 2.6 only
* [7da1fd9] New patch Make-macros-work-as-rvalues.patch fixes kFreeBSD build
* [08c4915] Add support for kFreeBSD (Closes: #612238)
* [77fc1c5] New upstream version 0.9.0~rc2
* [30ceba5] Drop superflous build-dep on dpkg-dev.
The affected versions are neither in Lenny, Squeeze nor Sid.
* [5845bed] Switch to dh_python2 (Closes: #616874)
* [02daf0b] New upstream version 0.9.0~rc1
* [b4a05a1] Update patches. Drop patches applied upstream:
Do-not-add-drive-boot-on-param-when-a-kernel-is-spec.patch
Don-t-pass-empty-arguments-to-dnsmasq.patch
Make-sure-the-rundir-is-accessible-by-the-user.patch
upstream/Add-missing-checks-for-read-only-connections.patch
* [7ff8e58] Update symbols for 0.9.0~rc1
* [28df435] Don't create the rundir in the init script. The daemon does this
now.
* [7302aff] New patch Make-sure-the-rundir-is-accessible-by-the-user.patch.
Make sure the rundir is accessible by the user (Closes: #614210)
* [6dde59d] Recommend dmidecode used by the qemu driver
* [235f893] Add missing checks for read only connections.
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
src/libvirt.c: fix the above set of entry points to error on read-only
connections (Closes: #617773)
* [f5fa0d3] initscript: depend on $local_fs (Closes: #616162)
* [f503698] README.Debian: Mention netcat.openbsd. Thanks to Luca Capello
for the patch.
* [9d1ceb0] New patch:
Do-not-add-drive-boot-on-param-when-a-kernel-is-spec.patch.
Do not add drive 'boot=on' param when a kernel is specified
Thanks to Jim Fehlig and Wolfgang Frisch (Closes: #615013)
* Force rebuild to find brctl in its new location. (LP: #780896)
* add parted to build-depends (LP: #697046)
* debian/patches/allows-lxc-containers-with-lxcguest.patch:
Pass "libvirt" to lxc containers, so that libvirt can
work with lxcguest. (LP: #757752)
* debian/apparmor/usr.sbin.libvirtd: allow read access to '/' (LP: #727286)
[ Serge Hallyn ]
* Replace 9024-skip-broken-commandtest.patch with
9024-fix-broken-commandtest.patch from upstream.
[ Jamie Strandboge ]
* debian/patches/9026-security-avoid-memory-leak.patch: avoid memory leaks
with the security drivers. Can be dropped in 0.8.9.
* SECURITY UPDATE: debian/patches/9027-CVE-2011-1146.patch: Add missing
checks for read only connections. Patch from Debian. Can be dropped in
0.8.8-3.
- CVE-2011-1146
* 9025-Pass-virSecurityManagerPtr-to-virSecurityDAC-Set-Res.patch: Fix
ownership setting of chardevs.
* debian/control: Demoted package ebtables from Recommends
to Suggests for binary package, libvirt-bin.
* Resynchronize and merge from Debian unstable. Remaining changes:
- debian/patches:
* 9000-delayed_iff_up_bridge.patch
* 9001-dont_clobber_existing_bridges.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9007-fix-daemon-conf-ftbfs.patch
* 9011-move-ebtables-script.patch
* 9014-skip-nodeinfotest.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
- debian/patches/series:
* Disable qemu-disable-network.diff.patch
- debian/control:
* set ubuntu maintainer
* Build-Depends:
- swap libxen to libxen3, qemu to qemu-kvm, and open-iscsi to
open-iscsi-utils in Build-Depends
- remove virtualbox Build-Depends
- add libxml2 and libapparmor-dev Build-Depends
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommands: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.manpages:
* add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* don't build with vbox since virtualbox-ose is in universe
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* set DEB_MAKE_CHECK_TARGET to 'check'
* remove unneeded binary-install/libvirt-bin:: and clean::
sections (they only deal with sysvinit stuff)
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* The following Ubuntu packaging changes occurred during the divergence
between Debian and Ubuntu. These changes are not new, but included here
for completeness: (0.8.5-0ubuntu1 - 0.8.5-0ubuntu5):
- Have upstart job source /etc/default/libvirt-bin. This is only a
temporary fix until upstart provides proper default override support
through /etc/init/libvirt-bin.override (or any other mechanism).
(LP: 708172)
- debian/apparmor/usr.sbin.libvirtd: use PUx instead of Ux for executables
(LP: 573315)
- Rebuild with python 2.7 as the python default.
- debian/libvirt-bin.cron.daily: use shell globbing to enumerate xml files.
Based on patch thanks to Henryk Plötz (LP: 655176)
* Dropped the following patches included/fixed upstream:
- 9010-dont-disable-ipv6.patch
- 9022-build-cleanup-declaration-of-xen-tests.patch
- 9023-vah-require-uuid.patch
- 9009-autodetect-nc-params.patch
* rolled into Debian's
Autodetect-if-the-remote-nc-command-supports-the-q-o.patch
* Updated the following patches:
- 9011-move-ebtables-script.patch:
* LOCALSTATEDIR is defined in configmake.h
- 9000-9006: added DEP-3 tags
- 9002-better_default_uri_virsh.patch: updated (context changed)
* New patches:
- 9022-drop-booton-when-kernel-specified.patch (LP: #720426)
- 9023-fix-lxc-console-hangup.patch (LP: #668369)
- 9024-skip-broken-commandtest.patch
* debian/patches/series:
- don't apply Disable-CHECKSUM-rule.patch: our iptables can do this
- don't apply Debian-specific Debianize-libvirt-guests.patch
[ Guido Günther ]
* [6a174b7] Remove symbol versions that didn't introduce new public symbols
and mark those as missing.
[ Laurent Léonard ]
* [d9e4cad] Imported Upstream version 0.8.8
* [d5ae8aa] Drop patches
- build-let-xgettext-see-strings-in-libvirt-guests.patch - fixed upstream
- libvirt-guests-remove-bashisms.patch - fixed upstream
* [d5990df] Update libvirt0 symbols
* [e6c5184] New patch Don-t-pass-empty-arguments-to-dnsmasq.patch: Don't
pass empty arguments to dnsmasq
Thanks to Simon McVittie for the detailed description (Closes: #613944)
* [8887de6] Add gbp.conf
[ Laurent Léonard ]
* [aa3b6a0] Add gettext-base dependency for libvirt-bin. Since
libvirt-guests now needs it.
* [bb7dbde] Add non dependency booting support for libvirt-guests
[ Guido Günther ]
* Upload to unstable
* [f2fdde0] libvirt-bin.init: add cgconfig to Should-Start.
This ensures we reliably process cgroups before starting libvirtd
(Closes: #610738)
* [261f679] libvirt-bin.init: Add hal and avahi to Should-Stop
to make Should-Start and Should-Stop symmetric.
[ Guido Günther ]
* [f561b2e] New patch 0010-nwfilter-resolve-deadlock-between-VM-
operations-and-.patch nwfilter: resolve deadlock between VM
operations and filter update (Closes: #602715)
[ Laurent Léonard ]
* [6f95d48] Fix exit status codes in libvirt init script to comply
with LSB
* [7d7aed4] New patch 0010-Debianize-libvirt-guests.patch
* [a7f4bed] Install libvirt-guests
* [6408c57] Remove libvirt-suspendonreboot
* [3466195] Imported Upstream version 0.8.7
* [18bb43a] Update libvirt0 symbols
* [d8e02ad] Fix typo in --with-init-script build option
* [676a47e] New patch 0008-libvirt-guests-remove-bashisms.patch
* [3a03ea6] New patch 0009-build-let-xgettext-see-strings-in-libvirt-
guests.patch
* [ee3d2e0] Update patch 0010-Debianize-libvirt-guests.patch
* [904de70] Update libvirt-guests init script location
* [3b7b682] Imported Upstream version 0.8.6
* [5b081c3] Drop patch
- 0008-Move-MAX_VIRT_CPUS-so-all-xen-code-can-see-it.patch - fixed upstream
* [38589e6] Update libvirt0 symbols
[ Laurent Léonard ]
* [6e46f0e] Fix wrong regular expression in debian/watch
* [802e658] Imported Upstream version 0.8.5
* [c8e4517] Update patch 0002-qemu-disable-network.diff.patch
* [5549d65] Drop patch
- 0009-Don-t-fail-lxc-domain-start-when-memory-controller-s.patch - fixed
upstream
* [1af66c1] Update libvirt0 symbols
[ Guido Günther ]
* [fc234c4] New patch 0008-Move-MAX_VIRT_CPUS-so-all-xen-code-can-see-
it.patch. Move MAX_VIRT_CPUS so all xen code can see it
[ Laurent Léonard ]
* [49a581b] Imported Upstream version 0.8.4
* [e1dc0c7] Redo patches
* [cce7327] Update libvirt0 symbols
[ Guido Günther ]
* [bd91614] Drop 0007-Fix-block-statistics-with-newer-versions-of-
Xen.patch fixed upstream.
** SNAPSHOT build @ca2348476605efc4d067933f136ffdae3cf44283 **
[ Laurent Léonard ]
* [6e46f0e] Fix wrong regular expression in debian/watch
* [6f95d48] Fix exit status codes in libvirt init script to comply with LSB
[ Laurent Léonard ]
* [6e46f0e] Fix wrong regular expression in debian/watch
[ Guido Günther ]
* [f561b2e] New patch 0010-nwfilter-resolve-deadlock-between-VM-
operations-and-.patch nwfilter: resolve deadlock between VM operations and
filter update (Closes: #602715)
* [91a1b8d] New patch 0011-OpenVZ-take-veid-from-vmdef-name-when-
defining-new-d.patch: Fixes OpenVZ domain creation (Closes: #592817) -
thanks to Eric Litak.
* [3d3f395] New patch 0012-OpenVZ-Fix-some-overwritten-error-codes.patch:
Improve error reporting.
* [29e8714] Recommend ebtables used by nwfilter
* [e9eb650] New patch
0009-Don-t-fail-lxc-domain-start-when-memory-controller-s.patch - Don't
fail lxc domain start when memory controller support is missing (Closes:
#566180)
* [178670a] Add $syslog to the list of Required-{Start,Stop} services also
drop $local_fs since we already have $remote_fs
* [4db7451] Don't hardcode netcat's -q option. (Closes: #573172) - thanks to
Marc Deslauriers for the patch
* [d4c46ee] Disable CHECKSUM rules not supported by Squeeze's iptables
(Closes: #598330)
* [dbc2609] Move new NEWS items to the top
* [4097bbd] New patch 0007-Fix-block-statistics-with-newer-versions-
of-Xen.patch. Fix block statistics with newer versions of Xen
(Closes: #596004) - thanks to Gerald Turner for the patch
* [d554da3] Explain disk image probing changes (Closes: #594962)
* Let Apparmor allow libvirtd to create PF_PACKET sockets. Several
utility functions require it. Of particular interest, the NWFilter
code uses it, so libvirt's firewalling functionality depends on
this. (LP: #646706)
* debian/patch/9028-lp628055.patch: include sys/stat.h to fix compiler
warning and stat() failure on 32bit architectures when calling stat() on
large files. This can be dropped in 0.8.5. (LP: #628055)
* 9027-Make-newfilter-xml-transformations-endian-safe.patch
NWFilter XML processing includes endian assumptions. Ensure
that XML is parsed in an endian-safe manner. Thanks to
Stefan Berger for developing the patch upstream. (LP: #643394)
* 9026-Rebuild-network-filter-for-UML-guests-on-updates.patch.
NWFilter updates are supposed to be immediate. Add this support to
the UML driver.
[ Jamie Strandboge ]
* debian/apparmor/usr.lib.virt-aa-helper: add read access to new 'loader'
for eucalyptus (LP: #637544)
[ Soren Hansen ]
* Add 9025-Add-nwfilter-support-to-UML-driver.patch. Adds missing
nwfilter support to UML.
* Update 9023-Support-virDomainAttachDevice-and-virDomainDetachDev.patch
based on a small last-minute change upstream.
* Add 9024-Explicitly-pass-uml_dir-argument-to-user-mode-linux.patch
to stop user-mode-linux domains running under a libvirtd run by
upstart from mysteriously and silently crashing during boot.
* debian/patches/9009-autodetect-nc-params.patch: updated to fix
connecting to a remote server when using zsh or tcsh. (LP: #605172)
* debian/patches/series: per Ubuntu Server team, run qemu/kvm as non-root
and comment out 9008-run-as-root-by-default.patch. This has now received
significant testing in Debian, adds a good security benefit for people
who disable AppArmor and fixes the libvirt portion of LP: #619843. With
this patch removed, libvirt will default to the Debian configure arguments
and run qemu/kvm VMs as 'libvirt-qemu:kvm'.
* debian/README.Debian: adjusted for the above
* FFe: LP: #622682.
* Replace 9019-Remove-wrong-check-for-uml-monitor-response-size.patch with
9019-uml-fix-logic-bug-in-checking-reply-length.patch which is what ended
up getting applied upstream.
* Add the following patches taken from upstream git:
- 9021-Allow-chardev-of-type-file-for-UML-domains.patch
- 9022-Rename-qemudShrinkDisks-to-virDomainDiskRemove-and-m.patch
- 9023-Support-virDomainAttachDevice-and-virDomainDetachDev.patch
* update to allow pcidev and hostdev to work with AppArmor (LP: #545795)
- debian/patches/lp-545795.patch: add vendor and device to
pciDeviceFileIterate(). Patch submitted upstream and they feel it is
reasonable, but not committed yet. This should fix pcidev.
- debian/apparmor/usr.lib.libvirt.virt-aa-helper: add read access to
/sys/bus/usb/devices/**
- debian/apparmor/libvirt-qemu: adjust read access to be
/sys/devices/**/usb[0-9]*/** instead of /sys/devices/*/*/usb[0-9]*/**.
Patched based on work by Andreas Ntaflos.
* debian/patches/9012-apparmor-dont-ignore-open.patch: don't bother with
updated logic. After review, upstream's code is sufficient and simpler.
Keep new tests and rename to 9012-apparmor-extra-tests.patch. This can be
removed in 0.8.4.
* debian/patches/9013-apparmor-lp457716.patch: updated based on upstream
feedback. This can be removed in 0.8.4.
* Added the following patches:
- 9015-Add-ubd-to-the-list-of-disk-prefixes.patch.
- 9016-Close-fd-s-of-persistent-tap-devices.patch.
- 9017-Make-sure-all-command-line-arguments-get-passed-to-U.patch.
- 9018-Make-umlConnectTapDevice-ask-brAddTap-for-a-persiste.patch.
- 9019-Remove-wrong-check-for-uml-monitor-response-size.patch
* All but the last are already in upstream git. Together, they make
user-mode-linux guests work again.
* Note: The last patch in the list is still being reviewed upstream.
Depending on the outcome, I'll update here accordingly.
* debian/patches/9014-skip-nodeinfotest.patch: fix FTBFS in nodeinfotest
which is still broken on armel
* Merge from debian unstable with security fixes
* Fixes:
- LP: #588369
- LP: #585964
* Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Drop lvm2, qemu-kvm and qemu to Suggests
+ We call libxen-dev libxen3-dev, so change all references
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/apparmor:
- add TEMPLATE
- add libvirt-qemu abstraction
- add usr.lib.libvirt.virt-aa-helper
- add usr.sbin.libvirtd
- debian/patches/series:
+ don't apply 0002-qemu-disable-network.diff.patch
+ don't apply 0005-Terminate-nc-on-EOF.patch. Use
9009-autodetect-nc-params.patch instead
+ 9000-delayed_iff_up_bridge.patch (refreshed)
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch (refreshed)
+ 9003-better-default-arch.patch (refreshsed)
+ 9004-libvirtd-group-name.patch
+ 9005-increase-unix-socket-timeout.patch (refreshed)
+ 9006-default-config-test-case.patch
+ 9007-fix-daemon-conf-ftbfs.patch (updated)
+ 9008-run-as-root-by-default.patch (refreshed)
+ 9009-autodetect-nc-params.patch (refreshed)
+ 9010-dont-disable-ipv6.patch (refreshsed)
+ 9011-move-ebtables-script.patch (refreshed)
* Dropped the following patches included/fixed upstream:
- 9012-fix-nodeinfotest-ftbfs.patch
- 9013-apparmor-lp457716.patch
* Disable virtualbox support since virtualbox-ose is not in main
- debian/control: remove virtualbox-ose build dependency
- debian/rules: use --without-vbox
* debian/patches/9012-apparmor-dont-ignore-open.patch: fix logic when
using virDomainDiskDefForeachPath() and add tests. This can be removed
in 0.8.4.
* debian/apparmor/usr.sbin.libvirtd: add capability fsetid (LP: #613549)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to
@{PROC}/[0-9]*/net/psched
* debian/patches/9013-apparmor-chardev.patch: update for serial, parallel
and channels. This can be removed in 0.8.4. (LP: #609055, LP: #578527)
* migrate virtual machine definitions with non-raw disks and previously
unspecified disk format with a one time probe:
- add debian/libvirt-migrate-qemu-disks
- add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst: updated to run 'libvirt-migrate-qemu-disks
-a' on upgrades
- debian/rules: cp debian/libvirt-migrate-qemu-disks into place
- debian/libvirt-bin.manpages: install debian/libvirt-migrate-qemu-disks.1
- debian/README.Debian: updated for libvirt-migrate-qemu-disks
[ Guido Günther ]
* Mention clear_emulator_capabilities
* Recommend iptables and gawk
[ Laurent Léonard ]
* Imported Upstream version 0.8.3
- Fixes: CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242
* Redo patches
* Update libvirt0 symbols
* Bump Standards-Version to 3.9.1
[ Guido Günther ]
* Install libvirt-qemu library
* Add libvirt-qemu.so symbols
[ Laurent Léonard ]
* Fix debian/NEWS syntax
* Imported Upstream version 0.8.2
* Drop patches.
* Update libvirt0 symbols.
* Bump Standards-Version to 3.9.0.
* Add virtualbox-ose and libnl-dev build dependencies.
* Merge from debian unstable. Remaining changes:
- Fixes:
LP: #522845
LP: #553737
LP: #520386
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Drop qemu-kvm and qemu to Suggests
+ We call libxen-dev libxen3-dev, so change all references
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/apparmor:
- add TEMPLATE
- add libvirt-qemu abstraction
- add usr.lib.libvirt.virt-aa-helper
- add usr.sbin.libvirtd
- debian/patches/series:
+ don't apply 0002-qemu-disable-network.diff.patch
+ don't apply 0005-Terminate-nc-on-EOF.patch. Use
9010-autodetect-nc-params.patch instead
+ 9000-delayed_iff_up_bridge.patch (refreshed)
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch (updated)
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch (refreshed)
+ 9007-default-config-test-case.patch (updated)
+ 9008-fix-daemon-conf-ftbfs.patch (rewritten)
+ 9009-run-as-root-by-default.patch (refreshed)
+ 9010-autodetect-nc-params.patch (refreshed, formerly 9015)
+ 9011-dont-disable-ipv6.patch (updated)
* Dropped following packaging changes, no longer required with upgrades
from Lucid:
- debian/control:
+ versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg
+ remove Build-Depends on libcap-ng-dev
- debian/libvirt-bin.postinst: virt-aa-helper profile migration to
/usr/lib/libvirt
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
* Dropped the following patches, included upstream:
- 0010-Use-base-16-for-product-vendor.patch
- 9003-increase-logoutput-timeout.patch
- 9010-apparmor-ftbfs.patch
- 9011-node_device_driver.patch
- 9012-dont-crash-on-restart.patch
- 9013-apparmor-dont-clear-caps.patch
- 9014-apparmor-remove-unloaded-profile-is-not-fatal.patch
- 9016-disk-cache-setting-xml.patch
- 9018-fix-pty-console.patch
- 9019-apparmor-fix-xauth.patch
- 9020-apparmor-fix-backingstore.patch
- 9021-apparmor-fix-hostdev.patch
- 9022-dont-leak-log-fd.path.patch
- 9023-virt-pki-validate_fixes.patch
- 9024-free-memory-for-invalid-devices.patch (use
0008-Fix-leaks-in-udev-device-add-remove.patch from Debian)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to ecryptfs
files (LP: #591769)
* debian/patches/9012-fix-nodeinfotest-ftbfs.patch: fix FTBFS in
nodeinfotest. Drop in 0.8.2.
* debian/patches/9013-apparmor-lp457716.patch: properly support/save and
restore (LP: #457716). Drop in 0.8.2.
* debian/apparmor/libvirt-qemu: remove workaround for LP: #457716
* don't create and run ebtables script in /tmp:
- debian/apparmor/usr.sbin.libvirt: allow ixr to /var/lib/libvirt/virtd*
for new ebtables functionality added in 0.8.0
- debian/patches/9014-move-ebtables-script.patch: update
nwfilter_ebiptables_driver.c /var/lib/libvirt to use /var/lib/libvirt
instead of /tmp
* [41aea79] Drop patchsys-quilt since this package is 3.0 (quilt) now.
(Closes: #577919)
* [978e3c9] libvirt-bin.init: export PATH. (Closes: #584333)
* [e4f0869] virt-xml-validate needs xmllint from libxml2-utils.
(Closes: #584869)
* [bba6d72] New patch 0008-Fix-leaks-in-udev-device-add-remove.patch:
Fix leaks in udev device add/remove. (Closes: #582965) - thanks to
Nigel Jones for forwarding this
* [647cbd6] Imported Upstream version 0.8.1
* fixes spurious syslog messages (Closes: #565275)
* sysfs USB class parsing (Closes: #579208)
* virsh honors $VISUAL (Closes: #574415)
* [fecd1b9] Update libvirt symbols to 0.8.1
* [3e58e0b] Drop patches merged upstream:
* 0007-nwfilter-Don-t-crash-if-driverState-NULL.patch
* 0008-Ignore-empty-type-statement-in-disk-element.patch
* [561ab2e] New patch:
* 0007-patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch:
make qemuMonitorTextGetMigrationStatus to intercept unknown
command 'info migrate' (Closes: #574272) - thanks to Andreas Bießmann
* [aeda8ea] Enanble macvtap support
* [70fbcb6] New patch 0007-nwfilter-Don-t-crash-if-driverState- NULL.patch
nwfilter: Don't crash if driverState == NULL (Closes: #577728)
* [d7d1abd] New patch 0008-Ignore-empty-type-statement-in-disk-
element.patch Ignore empty type statement in disk element
(Closes: #578347)
* Imported Upstream version 0.8.0
* Drop patches.
* Update libvirt0 symbols.
* Switch to new source format 3.0 (quilt).
[ Guido Günther ]
* [cf4919c] Recommend either qemu-kvm or qemu
[ Laurent Léonard ]
* [1b12f02] Change libparted1.8-dev build dependency to libparted0- dev.
(Closes: #574906)
* The "fix all those crashes" release
* [f74e13a] Explicitly disable hal (Closes: #574177)
* [21ef92b] New patch 0009-security-Set-permissions-for-kernel- initrd.patch
security: Set permissions for kernel/initrd (Closes: #574241) - thanks to
Cole Robinson
* [b69d3cc] Revert "Enable NUMA support" since it breaks the python
bindings.
* [5f2ca4a] New patch 0010-Don-t-crash-without-a-security-driver.patch Don't
crash without a security driver (Closes: #574359)
[ Guido Günther ]
* [b350683] Enable parallel build
* [b2a6aab] Enable NUMA support
* [13274cf] New patch 0007-Work-around-broken-linux-socket.h.patch
Work around broken linux/socket.h
[ Laurent Léonard ]
* [3c12caf] qemu: Fix USB by product with security enabled.
* [f944460] Imported Upstream version 0.7.7
* [bd457cc] Redo patches.
* [098d1d3] Update libvirt0 symbols.
* [72790fc] Drop hal dependency We're using udev for device enumeration.
* [ce225c4][11cc6e9] New patch
0006-Don-t-drop-caps-when-exec-ing-qemu.patch: Don't drop caps when
exec'ing qemu. Instead of disabling libcap-ng better exclude this one exec
so we get the additional security for the rest of the calls. Makes
interface type="network" work again. (Closes: #565767)
* [0229557] Imported Upstream version 0.7.6
* [6fdc00b] Drop patches.
* [1b0670b] Update libvirt0 symbols.
[ Laurent Léonard ]
* [a3b98c9] Don't free an uninitalized pointer in update_driver_name()
(Closes: #565983) - thanks to Matthias Bolte
* [719976d] Handle only official releases in debian/watch.
* [83902d9] Bump Standards-Version to 3.8.4.
[ Guido Günther ]
* [959640d] New patch 0011-Fix-parsing-of-info-chardev-line-
endings.patch Fix parsing of 'info chardev' line endings (Closes:
#567818) - thanks to Matthew Booth
[ Laurent Léonard ]
* [0b2a9dd] Add $remote_fs to Required-Start and Required-Stop in
libvirt-bin init script.
* debian/apparmor/libvirt-qemu: allow setgid and setuid so qemu can drop
privileges (LP: #579584)
* debian/control: lower qemu-kvm and lvm2 from Recommends to Suggests,
LP: #556312; it's reasonable to install libvirt on systems that
host xen and qemu VMs; see meta packages (ubuntu-virt, ubuntu-virt-server,
ubuntu-virt-mgmt) for group installation of virt pacakge sets
[ Nigel Jones ]
* debian/patches/9024-free-memory-for-invalid-devices.patch: clean
up a memory leak affecting multipath+libvirt, LP: #571093
* debian/libvirt-bin.postinst: ensure that the convenience feature
of adding users to the libvirtd group does cause package setup
failure, LP: #565380
* debian/patches/9023-virt-pki-validate_fixes.patch: fix a bashism,
a missing autoconf substitution, and an insufficient sed call, in
order to get this working on Ubuntu, LP: #562266; patch submitted
upstream
* debian/patches/9022-dont-leak-log-fd.path.patch: Fix FD leak in
qemudStartVMDaemon (LP: #567392)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for LVM
volumes and searching /sys/bus/usb/devices/ (LP: #565691)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for
eucalyptus (LP: #564914)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: eek, the /dev change from
the last upload was a wee bit too aggressive. Revert that and allow access
to .img, .qcow{,2}, and .vmdk (file extensions that actually support
backingstore) and .[iI][sS][oO] since it is so common (LP: #517714)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: also allow /opt but deny
access to /dev to suppress confusing, non-fatal profile denials.
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow ro access to files
in /mnt, /media and /srv
* debian/libvirt-bin.upstart: simplify pidfile cleanup logic,
per discussion with Jamie Strandboge and Loic Minier in LP: #510658
* debian/libvirt-bin.upstart:
- remove unnecessary pid file existence test, LP: #510658
- revert virbr0 up/down hack added in 0.7.5-5ubuntu17, LP: #345485
* fix for hostdev devices (LP: #545795). This can be dropped in 0.7.8
- debian/patches/9021-apparmor-fix-hostdev.patch: adjust virt-aa-helper to
handle pci devices. Update valid_path() to have an override array to
check against, and add "/sys/devices/pci" to it. Then rename
file_iterate_cb() to file_iterate_hostdev_cb() and create
file_iterate_pci_cb() based on it. Update tests suite for this and SDL
- debian/apparmor/libvirt-qemu: adjust for the above
- debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to
/sys/devices
* handle SDL graphics (LP: #545426). This can be dropped in 0.7.8
- 9019-apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL
graphics, specifically Xauthority. Also remove a couple redundant
checks.
- debian/apparmor/libvirt-qemu: add comment about /dev/fb*
* handle backingstore (LP: #470636). This can be dropped in 0.7.8
- debian/patches/9020-apparmor-fix-backingstore.patch: adjust
virt-aa-helper to handle disks with backing stores
- debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to
user-tmp, non-hidden files in @{HOME} and storage pools
* debian/libvirt-bin.upstart: bring virbr0 up/down on upstart start/stop
of libvirt, LP: #345485
* debian/libvirt-bin.upstart: libvirt has a nasty habit of leaving
it's pidfile lying around when/if it crashes; add a pre-start
check that removes the pidfile if it exists but the daemon is
not actually running, LP: #510658
* debian/apparmor/libvirt-qemu, examples/apparmor/libvirt-qemu:
allow seabios in the apparmor profile, LP: #545302
* debian/patches/9018-fix-pty-console.patch: fix issue using
console in virsh.
(LP: #542324)
* debian/patches/9017-dont-disable-ipv6.patch: don't disable IPv6
on the bridge interface. The original intent of disabling IPv6 was
to prevent RAs received from client VMs from accidentally adding
addresses to the bridge interface. However, only accept_ra=0 is
necessary to fix this, without the side-effect of disabling IPv6.
(LP: #528934)
* Build against parted 2.2.
* Make sure cache setting is output by virDomainGetXMLDesc (and, by
extension, "virsh dumpxml"), even if no special driverName is set.
(LP: #531741)
* debian/patches/9015-autodetect-nc-params.patch: autodetect if the
remote nc command supports the -q option. (LP: #517478)
* debian/patches/0006-Terminate-nc-on-EOF.patch: disabled
as the previous patch replaces it.
* debian/apparmor/libvirt-qemu:
- explicitly deny setpcap to silence denials. See LP: 522845 for details
- allow read access to /proc/*/status
* debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch:
Don't exit with error if the user unloaded the profile outside of libvirt
(LP: #530400)
* Build against parted 2.1.
* debian/patches/0010-Use-base-16-for-product-vendor.patch: parse the USB
and PCI product and vendor ids in hexadecimal. This fixes incorrect
USB ids being used in virt-manager. (LP: #514610)
* debian/patches/9013-apparmor-dont-clear-caps.patch: Don't clear
capabilities when calling virt-aa-helper. When built with libcap-ng,
clearing caps makes virt-aa-helper lose MAC_ADMIN, which is (obviously)
needed by apparmor_parser. This restores libcap-ng behavior to what it was
when not built with libcap-ng. (LP: #517714)
* Build-Depend on libcap-ng. (LP: #488963)
* debian/patches/9011-node_device_driver.patch: Don't free an uninitalized
pointer in update_driver_name() in src/node_device/node_device_driver.c
(LP: #513544)
* debian/patches/9012-dont-crash-on-restart.patch: don't crash on restart
if domain(s) with PCI devices are running
* 9008-fix-daemon-conf-ftbfs.patch: fix for FTBFS on Ubuntu buildds by
disabling running libvirtd with a valid config file in the daemon-conf
test. This patch used to be 9008-warn-on-daemon-conf-test-wait.patch
* debian/patches/9010-apparmor-ftbfs.patch: updated to match upstream
and give proper attribution
* Merge from debian unstable. Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor (>=
2.3+1289-0ubuntu14)
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ temporarily remove Build-Depends on libcap-ng-dev, which isn't
available in Ubuntu main yet
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
+ 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the
profile changed from usr.bin.virt-aa-helper to
usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
+ 9000-delayed_iff_up_bridge.patch
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch
+ 9003-increase-logoutput-timeout.patch
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch
+ 9007-default-config-test-case.patch
+ 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016)
- Dropped the following patches now including upstream:
+ 0005-Fix-SELinux-linking-issues.patch
+ 9008-apparmor-caps-mockup.patch
+ 9009-apparmor-lp453335.patch
+ 9010-apparmor-lp460271.patch
+ 9011-apparmor-code-cleanups.patch
+ 9012-apparmor-add-virt-aa-helper-test.patch
+ 9013-apparmor-examples.patch
+ 9014-event-fuzz.patch
+ 9015-hal-startup-failure-is-nonfatal.patch
* debian/patches/9009-run-as-root-by-default.patch: run virtual machines
via qemu:///system as root. As of 0.7, upstream libvirt has the ability to
run VMs started via qemu:///system as an unprivileged user. Debian's
libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream
implementation is contentious among the community and while it does
reduce the privileges of the VMs running under qemu:///system, all VMs
currently run under the same user, so there is no guest isolation. Even if
each user ran under its own user, an attacker could potentially break out
of the VM and have unconfined user access (albeit non-root). In Ubuntu,
Qemu/KVM virtual machines are already fully isolated and confined by the
AppArmor security driver so this feature has been disabled. Once there is
consensus among the community on the implementation and its use, changing
this default in Ubuntu can be considered as an additional protection to
the AppArmor driver.
* debian/README.Debian: add section discussing the security implications of
using qemu:///system
* debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in
virt-aa-helper.c and automake dependency declaration. This should be
dropped in 0.7.6 or higher.
[ Guido Günther ]
* [d8e60e8] Add css to docs
* [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if-
info-chard.patch qemu: Use log output for pty assignment if 'info
chardev' is unavailable - thanks to Matthias Bolte
[ Laurent Léonard ]
* [0905f82] Fix QEMU driver custom domain status XML extensions. -
thanks to Daniel P. Berrange
* [18520c0] Same description of supported virt techs in all binary packages
(Closes: #564909) - thanks to Loïc Minier
* [49c357c] Implement path lookup for USB by vendor:product (Closes:
#563502) - thanks to Cole Robinson
* [4d41fd7] Also look for dmi information in /sys/class older kernels such
as 2.6.26 have it there. (Closes: #564020)
* [1c0e0b5] Explicitly disable ESX support
* [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas
for the patch
* Upload to unstable
* [d6c5ca5] Add debugging symbols for all packages
[ Laurent Léonard ]
* [96f8d94] Imported Upstream version 0.7.5
* [f8089a1] Redo patches.
* [294ce3d] Update libvirt0 symbols.
* [1c97be7] Allow DM upload and add myself as uploader.
* [5635a32] Clean debian/watch.
[ Guido Günther ]
* [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch
applied upstream.
* [65d3755] Disable SELinux to work around #559356
* [19bd427] Run qemu instances as qemu-libvirt instead of root by default
(Closes: #558197)
* [0a6c03b] Use kvm as primary group for libvirt-qemu user
* [e5ae24b] Fix udev backend startup
* [f610a8e] Use udev instead of hal backend
[ Laurent Léonard ]
* [8f2761b] Imported Upstream version 0.7.4
* [20b6b3d] Drop patches.
* 0005-Fix-SELinux-linking-issues.patch - fixed upstream.
* 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch -
fixed upstream.
* 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch -
applied upstream.
* 0008-Fix-qemu-session.patch - fixed upstream.
* [e41f8c6] Update libvirt0 symbols.
* [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts
commit 213ca47bbbefe2dc95be58a09db34669e3be5797.
* [65084d2] Enhance handling of examples.
* Update libvirt0 description to match the other packages in supported
virtualization technologies.
* Rename Vcs-* to XS-Debian-Vcs-*.
* debian/rules, debian/libvirt-bin.upstart: migrate libvirt to upstart
(LP: #446036)
* debian/control: depend on open-iscsi-utils, rather than open-iscsi,
fixed again, grrr (LP: #414986)
* debian/libvirt-bin.postinst: don't sed a non-existent file (LP: #493582)
* debian/patches/9016-warn-on-daemon-conf-test-wait.patch: workaround FTBFS
on buildd by not failing when waiting on pid
* debian/control: Build-Depends on qemu-kvm, not qemu
* debian/patches/9007-default-config-test-case.patch: revert last change
which caused a different failure on buildd
* Merge from debian testing. Remaining changes:
- debian/control:
+ Don't build-depend on QEmu
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ Build-Depends on libxml2-utils
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- debian/postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
- debian/libvirt-bin.postrm: rename the libvirt group to libvirtd
- debian/rules: add DEB_MAKE_CHECK_TARGET := check
- debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
- AppArmor integration:
+ debian/control: Build-Depends on libapparmor-dev and Suggests
apparmor (>= 2.3+1289-0ubuntu14)
+ debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt,
/etc/cron.daily and /usr/share/apport/package-hooks
+ add debian/libvirt-bin.cron.daily (LP: #438165)
+ add debian/libvirt-bin.apport
+ debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
+ debian/postinst: reload apparmor profiles
+ debian/libvirt-bin.postrm: remove apparmor symlinks on purge
+ debian/libvirt-bin.preinst: added to force complain on certain
upgrades
+ debian/README.Debian: add AppArmor section based on the upstream
documentation
+ debian/rules: use --with-apparmor and copy apparmor and apport hook to
debian/tmp
- Dropped the following patches now included upstream:
+ 0005-Close-logfile-fd-after-spawning-qemu.patch
+ 9090-reenable-nonfile-labels.patch
+ 9091-apparmor.patch
+ 9092-apparmor-autoreconf.patch
* AppArmor integration updates:
- debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to
/usr/lib/libvirt/* (LP: #480478)
- debian/apparmor/libvirt-qemu: allow guests access to
/etc/pki/libvirt-vnc/** (LP: #484562)
- debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to
/usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper
to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in
0.7.4):
+ debian/patches/9008-apparmor-caps-mockup.patch
+ debian/patches/9009-apparmor-lp453335.patch
+ debian/patches/9010-apparmor-lp460271.patch
+ debian/patches/9011-apparmor-code-cleanups.patch
- add virt-aa-helper-test and examples/apparmor that were omitted from the
upstream tarball (can be dropped in 0.7.5):
+ debian/patches/9012-apparmor-add-virt-aa-helper-test.patch
+ debian/patches/9013-apparmor-examples.patch
+ debian/rules: add post-patches target to make virt-aa-helper-test
executable
* debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work
when both apparmor and selinux are available. This patch should be
dropped in 0.7.4.
* debian/patches/9007-default-config-test-case.patch: updated to not fail
if building in a deep directory
* debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite
so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels.
Can be dropped in 0.7.5.
* debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal
driver if hald is not running instead of dying. Can be dropped in
0.7.4.
* debian/control: temporarily remove Build-Depends on libcap-ng-dev, which
isn't available in Ubuntu main yet
* revert change to new source format 3.0 (quilt) since Launchpad can't
handle it yet (see LP: #293106)
* [213ca47] switch to new source format 3.0 (quilt)
* [f5a10e9] Depend on hal (Closes: #556730)
* [7d1422d] Drop build-dep on libpolkit-dbus-dev (Closes: #549500)
* [95ad85c] Depend on libcap-ng-dev for lxc driver.
* [2c0aa82] Fix qemu:///session Backported from upsgtream's
79218cdd9887b132eb0f29fe2048f89e90beae1 (Closes: #554869)
[ Laurent Léonard ]
* [a9ea205] Change requirement of libvirt-bin in libvirt- suspendonreboot.
* [a4db804] Update debian/patches/0006-Don-t-let-parent-of-daemon-
exit-until-basic-initiali.patch. Fix use of an uninitialized variable that
was causing a bug on i386 systems.
* [59e1e53] Redo patches.
[ Guido Günther ]
* upload to unstable
* [43f106a] Only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
(Closes: #549949) - thanks to Rob S. Wolfram for testing
[ Laurent Léonard ]
* [51a4814] Imported Upstream version 0.7.2
* [12268f6] Update patches.
* [175d497] Fix SELinux linking issues. Pulled from upstream
309acaa0230494b8ec08d03375c10238cb2daf55.
* [5cfdaf8] Update libvirt-doc docs.
* [dc2059f] Update libvirt-bin manpages.
* [a62a4a7] Update libvirt-bin examples.
* [9e38cbc] Update libvirt0 symbols.
* [412b12f] Make init.d script provide itself.
* [35451bf] Update debian/rules to support new example files.
* [43b7dac] Don't let parent of daemon exit until basic initialization is
done.
* [5a37e69] Make init.d provide libvirtd for backward compatibility.
* [f5299d3] document changes and release 0.7.1-1
* [f137c00] Allow for older versions of dpkg-dev to ease backports.
* [74f5832] Use Policykit 1.0 (Closes: #549500)
[ Laurent Léonard ]
* [40fb620] Bump Debhelper version to 7.
* [e0e89f2] Bump Standards-Version to 3.8.3.
* [50a862f] Clean debian/rules.
* [e9c9906] Change build dependency on libreadline5-dev to
libreadline-dev.
* [b6cb738] Imported Upstream version 0.7.1
* [780f6a7] Redo patches.
* [3d66f37] Update libvirt-bin examples.
* [c01ed84] Update libvirt0 symbols.
* Run test suite at build time.
* Add libxml2-utils dependency. Needed by the test suite.
* Remove "Connecting to uri: " notice from virsh. It breaks the test
suite, the information is readily available with the "uri" command
inside virsh, and it's a usability delta with upstream, so
constantly causes confusion.
* debian/patches/9093-lp460271.patch: require absolute path for dynamic
added files (LP: #460271)
* debian/patches/9094-lp453335.patch: suppress confusing and misleading
apparmor denied message when kvm/qemu tries to open a libvirt specified
readonly file (such as a cdrom) with write permissions. libvirt uses the
readonly attribute for the security driver only, and has no way of telling
kvm/qemu that the device should be opened readonly. (LP: #453335)
* debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to
work (LP: #461528)
* debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by
allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000)
* allow save/restore to work in $HOME. This is a workaround until upstream
https://bugzilla.redhat.com/show_bug.cgi?id=529363 is fixed. (LP: #457716)
* debian/libvirt-bin.cron.daily: don't comlain if no domain XML definitions
or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607)
* debian/apparmor/libvirt-qemu: a couple more fixes for pulseaudio
LP: #453329
* debian/patches/9091-apparmor.patch:
- src/virt-aa-helper.c: update to parse XML for guest's architecture and
os.type rather than just trying to make something up.
- tests/virt-aa-helper-test: add some tests for the above and fix another
test
- LP: #448671
* debian/patches/0005-Close-logfile-fd-after-spawning-qemu.patch: fix
egregious file descriptor leak with cherry-pick from upstream git,
LP: #438815
* allow access for sound (LP: #437854)
- abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We
do not use the audio abstraction because the virtual machine runs as root
and therefore DAC cannot be used as a fallback.
- debian/README.Debian: add some text to encourage review of the AppArmor
profiles and abstraction when using in production environments
* debian/libvirt-bin.cron.daily: added to clean out old profiles that are no
longer associated with a virtual machine definition (LP: #438165)
* debian/patches/9091-apparmor.patch:
- quote the pid, monitor and logfile in case any of them have weird
characters (complete fix for LP: #432810)
- support <readonly/> for disks
* debian/patches/9091-apparmor.patch: sync with upstream for maintenance,
licensing compliance with upstream and bug fixes:
- handle files with spaces in the name (LP: #432810)
- add serial, console, kernel and initrd support (LP: #432581)
- allow read only access to /boot, /vmlinuz and /initrd.img
- allow access to character devices (eg USB devices)
- have virt-aa-helper accept XML on stdin, which allows for adding
other devices in the future and helps ensure we always have the most
up to date definition
- update profile on attach and detach of devices (LP: #435527)
- add --dryrun option to virt-aa-helper, and greatly improve the
virt-aa-helper-test script
* revert workaround for LP: #431090 now that kernel, initrd, et al is
properly supported
* debian/apparmor/usr.sbin.libvirtd: add various capabilities
recommended by upstream to prevent potential regressions
* debian/apparmor/libvirt-qemu: add chown capability (LP: #434417)
* debian/apparmor/libvirt-qemu: workaround eucalyptus serial console,
kernel and initrd location. This should be removed after virt-aa-helper is
able to get these from XML. (LP: #431090)
* debian/apparmor/usr.sbin.libvirtd: switch to enforcing by default. Please
note that this was only in complain mode temporarily to work around kernel
bugs in the 2.6.31-9 kernel. Confinement of virtual machines (controlled
by /etc/apparmor.d/libvirt/TEMPLATE) was already in enforcing mode.
(LP: #427338)
* debian/README.Debian: update AppArmor section based on the upstream
documentation
* debian/libvirt-bin.postinst: add each admin user to libvirtd,
LP: #410226; note that this is only a partial fix, as admin users
added after libvirt's install will need to be individually added
to libvirtd; however, this should fix a huge number of
single-admin-user-in-default-Ubuntu-system annoyances
* debian/control: bump standards version
* debian/apparmor/libvirt-qemu: allow access to /dev/kqemu
* debian/apparmor/usr.bin.virt-aa-helper: use @{PROC} instead of /proc
* Add AppArmor support (LP: #388422):
- debian/patches/9090-reenable-nonfile-labels.patch: add back in
virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor
labels are not stored on disk
- debian/patches/9091-apparmor.patch: add AppArmor security driver
- debian/patches/9092-apparmor-autoreconf.patch: after installing libtool
and the build dependencies, run autoreconf to pull in changes to
Makefile.am and configure.in in 9091-apparmor.patch
- debian/rules: use --with-apparmor and copy debian/apparmor/* to
debian/tmp
- debian/control: Build-Depends on libapparmor-dev and Suggests apparmor
>= 2.3+1289-0ubuntu14
- add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will
default to complain mode until LP: #401931 is sorted out
- debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt,
/etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain
- debian/libvirt-bin.install: install profiles and abstractions
- debian/libvirt-bin.preinst: newly added to force complain on certian
upgrades
- debian/libvirt-bin.postinst: (re)load profile
- debian/libvirt-bin.postrm: remove force-complain profile on purge
* 9006-increase-unix-socket-timeout.patch:
increase timeout waiting for unix socket in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the logoutput timeout
adjustment in 9003-increase-logoutput-timeout.patch. This is needed with
the new qemudOpenMonitorUnix() function introduced in 0.7.0.
* add apport hook:
- add debian/libvirt-bin.apport
- debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks
- debian/libvirt-bin.install: add source_libvirt-bin.py
- debian/rules: install libvirt-bin.apport
* Merge from debian experimental, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
+ We call libxen-dev libxen3-dev, so change all references.
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- 9000-delayed_iff_up_bridge.patch:
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_clobber_existing_bridges.patch:
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_default_uri_virsh.patch:
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-logoutput-timeout.patch:
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-default-arch.patch:
If a domain does not specify its architecture, attempt to match the host.
(LP #344913)
- 9005-libvirtd-group-name.patch:
Rename libvirt group to libvirtd.
- rename the libvirt group to libvirtd in postinst/postrm
* Dropped the following patches from debian/patches (they don't apply any
more were not applied in 0.6.4-1ubuntu2):
- dynamic_bridge_names.patch
- event-loop-hang.diff
- more-flexible-emulator-on-x86.patch
- xen-events-handling-fix.diff
[ Laurent Léonard ]
* [4fb1a38] Imported Upstream version 0.7.0
* [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer-
QEMU.patch. Fixed upstream.
* [9a8afd0] Redo patches.
* [937ab63] Update symbols.
* [b4bd1ea] Update section in doc-base control file.
* [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316)
* [ae20998] fix Debian Xen path patch to also cover the testsuite
* [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer-
QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with
newer kvm.
* [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673)
[ Guido Günther ]
* [05e9a39] build-depend on policykit so polkit auth works with virsh
as well
[ C.J. Adams-Collier ]
* [a161c5f] allow to qemu to emulate arm
[ Guido Günther ]
* [b1e4c4b] Imported Upstream version 0.6.5
* [e764583] change private symbols to 0.6.5
* [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream.
* [7ad7896] bump standards version
* [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses
private symbols
* Also rename the libvirt group to libvirtd in postinst/postrm.
(LP: #392696)
* Merge from debian unstable, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
- 9000-delayed_iff_up_bridge.patch:
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_clobber_existing_bridges.patch
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_default_uri_virsh.patch:
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-logoutput-timeout.patch:
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-default-arch.patch:
If a domain does not specify its architecture, attempt to match the host.
(LP #344913)
- 9005-libvirtd-group-name.patch:
Rename libvirt group to libvirtd.
- We call libxen-dev libxen3-dev, so change all references.
* [dd3adb2] Imported Upstream version 0.6.4
* [2320162] update symbols file
* [89c9720] remove bashism (Closes: #530122)
* [30d86c1] drop patches fixed upstream:
0005-don-t-crash-with-def-NULL.patch
0006-Fix-QEMU-ARGV-detection-with-kvm-85.patch
0007-Declare-support-for-QEMU-migration-in-capabilities.patch
* [3607f2f] Install libvirt_lxc that got list somewhere between our
testbuilds. (Closes: #529578)
* [070ddd5] install augeas lense
* [c9b034d] install schema files
* [4087b7d] disable lxc on ia64 to work around FTBFS until we have
access to a test machine
* [df5f5a0] pull some kvm/qemu related patches from upstream
(Closes: #529324)
* [35898d3] fix crash when libvirt_lxc is called without arguments
* [449ca60] enable lxc support (Closes: #526718) - thanks to Daniel
Pittman for testing this
* [335a4e6] update description with supported virtualization solutions
* [92eba47] delay libvirt-bin start until after avahi
* [8ebd17d] update startup priorities due to changed libvirt-bin
startup priority. Also add an LSB header. (Closes: #526944)
* [0cb2f83] Imported Upstream version 0.6.3
* virtual box support
* [06fe518] 0001-remove-RHism.diff.patch: use invoke-rc.d
* [ec2fd52] drop patches merged upstream:
* 0003-allow-libvirt-group-to-access-the-socket.patch series
* 0004-fix-Debian-specific-path-to-hvm-loader.patch
* [6977bde] enable vbox support
* [93c4423] add symbols file
* [031b9c1] Don't hardcode buffer size for getgrnam_r. Works around
#520744 and fixes possible problems with implementations having
_SC_GETGR_R_SIZE_MAX != 1024.
* [bbe7743] respect log priority for qemu domain logs (Closes: #524145)
* [a2e4cb0] don't rely on log_end_msg returning 0 this isn't the case
with splashy. (Closes: #523712)
* [ddfafda] move debug package into section debug
* [99fd06c] Imported Upstream version 0.6.2 (Closes: #521785)
* [78cd5c8] drop /var/run/libvirt created by init script
* [2a7cb3b] move startup of libvirtd after hal (Closes: #522310)
* [b8707ed] bump standards version 0.8.1 (no changes necessary)
* [3be7341] Imported Upstream version 0.6.1
* [38fde15] rediff Debian specific patches
* [9b59a19] drop patches applied upstream:
* 0004-Don-t-hardcode-ssh-port.patch
* 0005-minimal-workaround-for-qemu-startup-race.patch
* [95d4b7f] drop patches backported from upstream
* 0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch
* [8171d83] build-dep on module-init-tools so configure can figure out
the path to modprobe
* Fix logic error when applying %d bridge name rewriting. (LP: #350780)
[ Marc Deslauriers <marc.deslauriers@ubuntu.com> ]
* 0008-increase-logoutput-timeout.patch: increase timeout waiting
for log output in src/qemu_driver.c, set to 30 seconds, which 10x
longer than before, and matches the disk-wait in mdadm, LP: #344400
* Fix "libvirt's defaults are slightly less than sane" (LP: #344913)
- more-flexible-emulator-on-x86.patch (from upstream)
- default-arch.patch
* Add fix for event loop hang (LP: #344195)
http://article.gmane.org/gmane.comp.emulators.libvirt/12437
* Add fix for Xen events handling.
http://git.et.redhat.com/?p=libvirt.git;a=commit;h=124cfcbc2bcd1b71b51e720b9bfc7d8e69e8af89
* New upstream release. (FFe: LP: #339868)
* Dropped 0004-Don-t-hardcode-ssh-port.patch: Included upstream.
* Rewrote dynamic_bridge_names.patch to work with refactored upstream
bridging code.
* No change rebuild for python2.6.
* Accidentally dropped our changes to
0003-allow-libvirt-group-to-access-the-socket.patch, causing the
group as which libvirtd expected to run to be wrong. Change it back
to "libvirtd" rather than "libvirt". (LP: #328093)
* Merge with Debian experimental. Remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
- Rename libvirt group to libvirtd.
- 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge
before at least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- better_default_uri_virsh.patch: Default to qemu:///system if the
user has write access to the libvirt socket, otherwise
qemu:///session.
- We call libxen-dev libxen3-dev, so change all references.
- Included (but did not enable) opennebula patch (since it's not in
main yet).
* [30be86d] Imported Upstream version 0.6.0
* [179781c] drop patches
* fixed upstream:
0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
* applied upstream:
0004-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch
0005-qemu-fix-parallel-serial-mode-tcp-and-unix.patch
0007-don-t-fail-on-missing-locales.patch
* [d80a176] adjust remaining patches to new upstream version
* [208c924] add minimal workaround for qemu startup race
* [6e8caa0] restart libvirt daemon on upgrades if possible
(Closes: #492694, #499008)
* [1238706] Recommend dnsmasq-base instead of dnsmasq this keeps us
out of all the dnsmasq already running troubles. (Closes: #516443) -
thanks to Bin Zhang for the suggestion and the doc update
* [5c9dfd7] don't rotate empty logfiles (Closes: #517040)
* [1c9a023] libvirt_proxy: Fix use of uninitalized memory We currently
don't build this code (CVE-2009-0036).
* [4ea1ea9] fix path to hvmloader (Closes: #517059)
* [879b632] suggest devhelp
* [f22f1ef] add ${misc:Depends}
* [c6f579e] README.Debian: fix typo
* upload to unstable
* [d4a69d1] don't fail on missing locales (Closes: #512721)
* [cecac4c] don't hardcode ssh port - based on a patch by Adrian
Bridgett. (Closes: #513605)
* [4565a65] drop superflous headers and footers from remaining patches
* Merge with Debian experimental.
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
- Rename libvirt group to libvirtd.
- 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge
before at least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- better_default_uri_virsh.patch: Default to qemu:///system if the
user has write access to the libvirt socket, otherwise
qemu:///session.
- We call libxen-dev libxen3-dev, so change all references.
* Included (but did not enable) opennebula patch (since it's not in
the archive yet).
* [2fd5224] apply upstream patch for CVE-2008-5086 (Closes: #509106)
* [d30438c] create libvirt log directory (Closes: #508129)
* [417a23c] qemu: fix parallel/serial mode "tcp" and "unix"
(Closes: #507608)
* [4cd547b] create /var/run/libvirt (Closes: #507578)
* [fe96870] merge back master
* [d46313f] drop patches for issues fixed upstream
- 0007-also-look-for-usr-bin-kvm.patch
- 0008-Increase-initial-qemu-monitor-read-timeout.patch
- 0009-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch
- 0010-raise-error-on-invalid-volume-format.patch
* [d76b3a1] Imported Upstream version 0.5.1 (Closes: #507677, #507547)
* [2e550ae] enable hal for device enumeration
* [0d9116a] rotate qemu monitor logs (Closes: #507553) - thanks to
Harald Staub
* [5f85e66] depend on logrotate
* [6e955a3] open qemu monitor O_APPEND instead of O_TRUNC for logrotate
* [7dbea84] drop 0004-xen-prefer-xenstoraged-driver-for-
listDomains.patch - applied upstream
* [717ef21] Imported Upstream version 0.5.0
* [b7a1fbd] enable OpenVZ support (Closes: #504597) - thanks to Pierre
Chifflier for the patch
* [ee3590a] drop patches, fixed upstream:
* 0004-support-virtio-and-scsi-disks-in-qemudDomainBlockSta.patch
* 0005-fix-define-vs.-defined-typos.patch
* [f4f601f] bump shlibs to 0.5.0
* [5878698] cherry-pick patch for CVE-2008-5086 from experimental
* [d30438c] create libvirt log directory (Closes: #508129)
* [e771da9] drop superflous 0011-Fix-segfault-on-missing-volume-
format.patch - not needed.
* [ea12bd9] create /var/run/libvirt fixes /var/run on tmpfs
(Closes: #507578)
* [97e5706] also look for /usr/bin/kvm (Closes: #507547)
* [311b4c1] increase initial qemu monitor read timeout
(Closes: #499720)
* [fbe4e00] open qemu monitor log O_APPEND instead of O_TRUNC
* [f8ce017] raise error on invalid volume format
* [40edcf8] rotate qemu monitor logs (Closes: #507553) - thanks to
Harald Staub
* [46ea43a] fix segfault on missing volume format (Closes: #507677) -
thanks to Daniel Veillard
* [ee377f3] bump shlibs version to 0.4.6
* [504d55d] depend on logrotate
* [ff8e9ae] README.Debian: clarify xen configuration
* [c07c68f] prefer xenstoraged driver for listDomains - avoids seeing "ghost
domains" due to bugs in several versions of the xen HV
* SECURITY UPDATE: fix privilege escalation due to missing read only
connection checks
- debian/patches/0009-CVE-2008-5086.patch: update functions in
src/libvirt.c to check against VIR_CONNECT_RO and return with operation
denied error
- CVE-2008-5086
* Merge from debian unstable, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends
of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since
we used to ship them as such.
- Create /var/run/libvirt in libvirt-bin's init script.
- Rename libvirt group to libvirtd.
- 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at
least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- better_default_uri_virsh.patch: Default to qemu:///system if the user
has write access to the libvirt socket, otherwise qemu:///session.
- We call libxen-dev libxen3-dev, so change all references.
* Add qemu migration patch (from upstream git (adjusted for 0.4.6)).
* Add dynamic_bridge_names.patch to again support dynamic bridge names.
* [411ada3] add more details about dnsmasq vs. libvirtd (Closes: #504605)
* [2f8f07d] add default image dir virt-manager assumes they exist and
they're used in the SELinux policies too. (Closes: #505577)
* [9eb3a83] fix #define vs. #defined typos - affects non Linux architectures
and fixes the build with gcc 4.4 (Closes: #505607) - thanks to Martin
Michlmayr
* [0e21634] fix uploader
* upload to unstable
* [50b27f5] add libvirt-suspendonreboot script (Closes: #501155) -
thanks to Andreas Barth
* [8fa5a3c] add a versioned recommends on qemu (Closes: #501692)
* [d1539bc] recommend pkg-config
* [f08bb18] explain libvirt group (Closes: #501824)
* [2039095] tighten libvirt dependency
* [06dbe8a] qemu/kvm: fix domain block stats for virtio and scsi devices
* [e20d3d4] Imported Upstream version 0.4.6
* [0c840ab] disable numactl
* [ca2c5cb] cleanup doc installation (Closes: #492075)
* [714ab94] drop 0004-for-kvm-determine-maxVCPUs-at-runtime.patch - applied
upstream
* [e7563a8] drop 0005-fix-crash-when-no-emulator-is-defined-for-kvm-
qemu.patch - fixed upstream
* [17647cd] libvirt-bin.default: add keytab default
* [0ef01e7] fix runtime vcpu detection (0004-for-kvm-determine-
maxVCPUs-at-runtime.patch) (Closes: #495950)
* [b91e1eb] don't crash when no emulator is defined (0005-fix-crash-
when-no-emulator-is-defined-for-kvm-qemu.patch)
* [ab8b4e6] Imported Upstream version 0.4.5
* [4aaef27] tighten dependency on libvirt
* [fa253be] drop 0002-qemu-path.diff.patch - fixed upstream
* [87fc2db] drop 0005-check-for-the-existence-of-the-migrate-
command.patch applied upstream
* [bc311aa] drop 0006-wrong-open-failure-detection.patch applied
upstream
* [38e615d] rebase the remaining patches
* [9a04bb7] bump shlibs version to 0.4.5
* [9fadd6f] disable LXC
* [179c869] build-dep on libselinux1-dev for selinux support
* debian/patches/0008-lp287533.patch: allow 16 VCPUs when using kvm
(LP: #287533)
* Make QEmu a suggested package of libvirt0 rather than a recommended one.
* Make kvm a recommended package of libvirt0.
* Merge from debian unstable, remaining changes:
- debian/control:
+ DebianMaintainerField
+ Don't build-depend on QEmu.
+ Add "XS-Original-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends
of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since
we used to ship them as such.
- Create /var/run/libvirt in libvirt-bin's init script.
- Rename libvirt group to libvirtd.
- 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at
least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- better_default_uri_virsh.patch: Default to qemu:///system if the user
has write access to the libvirt socket, otherwise qemu:///session.
- We call libxen-dev libxen3-dev, so change all references.
* upload to unstable
* [96c6727] add /var/cache/libvirt needed by qemuDriver for temporary
storage
* [794f95c] bump standards version to 3.8.0
* [05184af] add README.source
* [facb983] README.Debian explain "default" network startup
* [395a510] add /var/lib/libvirt needed for the dnsmasq lease file
* [9c588ac] promote bridge-utils & dnsmasq to Recommends: since
they're needed for the default NAT network
* [9ed2cd4] recommend iptables - needed for the default NAT network
* [0ff1e68] new upstream version
* [2098f96] rebase patches for 0.4.4
* [abbd15e] enable with-storage-disk now that we have parted1.8
* [3942b25] start libvirtd by default
* New upstream release
- Drop nic-model, disk-bus, and ancient_parted.patch. They're all
upstream now (in some form).
- Add new libdevmapper-dev build-dependency.
* Merge from debian unstable, remaining changes:
- debian/control:
+ DebianMaintainerField
+ Don't build-depend on QEmu.
+ Add "XS-Original-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends
of libvirt-bin.
+ s/interract/interact/g
- debian/libvirt-bin.default
+ Make libvirtd start by default
- Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store
its state info.
- Create /var/run/libvirt in libvirt-bin's init script.
- Rename libvirt group to libvirtd.
- Build iscsi and disk storage support.
- delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at
least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- nic-model.patch: Add support for <model type='foo'/> NIC configuration.
- disk-bus.patch: Add support for bus='foo' attributes for disk targets.
- better_default_uri_virsh.patch: Default to qemu:///system if the user
has write access to the libvirt socket, otherwise qemu:///session.
- ancient_parted.patch: Fix builds against libparted1.7
- We call libxen-dev libxen3-dev, so change all references.
* reenable open-iscsi support - thanks to to the open-iscsi
maintainers for fixing this up
* build a libvirt0-dbg package
* register documentation with doc-base (Closes: #480294) - thanks to
Tzafrir Cohen for the patch
* control: fix typo
* README.Debian: explain debugging
* We call libxen-dev libxen3-dev.
* Make libvirt-dev installable alongside libvirt0-dbg.
* Merge from debian unstable, remaining changes:
- debian/control:
+ DebianMaintainerField
+ Don't build-depend on QEmu.
+ Add "XS-Original-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends
of libvirt-bin.
+ s/interract/interact/g
- Add libvirt0-dbg package
- debian/libvirt-bin.default
+ Make libvirtd start by default
- Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store
its state info.
- Create /var/run/libvirt in libvirt-bin's init script.
- Install PolicyKit and sasl stuff in libvirt-bin.
- Rename libvirt group to libvirtd.
- Build iscsi and disk storage support.
- delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at
least one interface has been added to it.
- dont_clobber_existing_bridges.patch: Assign the name of the virtual
bridge dynamically to avoid interfering with existing bridges.
- nic-model.patch: Add support for <model type='foo'/> NIC configuration.
- disk-bus.patch: Add support for bus='foo' attributes for disk targets.
- better_default_uri_virsh.patch: Default to qemu:///system if the user
has write access to the libvirt socket, otherwise qemu:///session.
- ancient_parted.patch: Fix builds against libparted1.7
* no need to depend on python-all-dev we only build an extension for
the current python version
* only build-dep on qemu on architectures that have it
(Closes: #476290)
* the packages containing the daemon should suggest polkit
* drop the {build-,}dependency on open-iscsi too
* suggest policykit
* disable the iscsi storage backend until #423368 is fixed in unstable
* disable polkit authentication by default so the libvirt stays accessible
for members of the libvirt group
* drop no-mac.diff - applied upstream
* no need to explicitly link against libpthread
* always enable debugging
* add Homepage URL
* add Vcs-{Git,Browser} fields
* symlink devhelp docs
* enable policy kit
* new upstream version
* Xen 3.2 fixes
* storage pool support
* partition based storage pools are disabled, since this needs parted 1.8
which is only in experimental
* update patches for new upstream release
* boot-dev-error.diff - applied upstream
* qemu-parse-error.diff - applied upstream
* qemu-path.diff - adjust to new hypervisor detection code
* rediff the rest
* new patches:
* no-mac.diff: don't set mac address on tun device since it breaks kvm
* bump shlibs version
* depend on libxen-dev (Closes:#467598)
* allow members of the libvirt group to manage virtual machines
* thanks to the xen maintainers Debian now has a working libxen-dev, so
enable xen support in the default build (Closes: #453826)
* recommend netcat-openbsd for unix domain socket support (Closes: #453627)
* README.Debian: document necessary xend options
* fix spelling of Python
* don't segfault on broken boot device configuration (Closes: #463686)
* don't segfault due to missing errorhandling in the XML parsing code
* add and remove the libvirt group for the socket
* be a bit more verbose on libvirtd reload
* depend on adduser since we add the libvirt user
* don't restart libvirtd on upgrades since it kills running qemus
* enable debugging via DEB_BUILD_OPTS
* disk-bus.patch:
- Add bus attribute to disk/target tags. Allows you to create virtio disks.
(LP: #213991)
* nic-model.patch:
- Add <model type='foo'/> support to network interfaces. (LP: #213991)
* graceful_shutdown.patch:
- Rather than pulling the power from virtual machines, send an ACPI power
button event and let the OS handle it.
* better_default_uri_virsh.patch:
- Updated patch: Output connection URI to stderr instead of stdout to avoid
breaking scripts that use virsh.
* better_default_uri_virsh.patch:
- Make virsh connect to qemu:///system by default if the user has write
access to /var/run/libvirt/libvirt-sock and qemu:///session if not.
* Actually apply our patches to the -dbg version.
* Create /var/lib/libvirt in libvirt-bin. (LP: #191636)
* dont_clobber_existing_bridges.patch:
- Change bridge name from virbr0 to virbr%d, to ensure we never clobber
existing bridges.
* Add iptables dependency
* Build against libxen3-dev instead of libxen3.2-dev.
* libvirt-bin:
+ Replace "Suggests: dnsmasq" with "Depends: dnsmasq-base".
+ Add dependency on netcat-openbsd (to enable qemu+ssh:// style remote
management)
* Build against libxen-3.2 instead of 3.1.
* Bump bridge-utils from Suggests: to Depends:.
* Merge from debian unstable, remaining changes:
- DebianMaintainerField.
- Add libxen3.1-dev to enable Xen management.
- Add libpolkit-dbus-dev to enable polkit integration.
- Build libvirt0-dbg flavour.
- Start libvirtd by default.
- Install polkit policy.
- Install sasl config.
- Install sample qemu and libvirtd config.
- Create libvirtd group in postinst.
- libvirt-remote-ssh.patch: Fix foo+ssh:// urls.
- delayed_iff_up_bridge.patch: Don't try to IFF_UP the bridge interface
until an interface gets added to it.
* Create /var/run if it doesn't exist (LP: #178106).
* libvirt-bin.init: fix the reload target
* add configuration examples
* new upstream version
* enable sasl support
* leave policykit support disabled since it's not in unstable yet
* bump shlibs version
* remove CVS metadata
* rediff patches
* libvirtd-bin.init: libvirtd supports reload
* Clean up debian/rules (should reenable concurrent builds).
* Don't restart libvirt on upgrades (if there's a good reason, we'll
add it to postinst/prerm with checks for specific versions).
* IFF_UP'ing a bridge interface doesn't work until the first interface has
been added to it.
* Fix remote ssh connections.
* New upstream release.
* Don't change the default URI. It appears that too many applications
still depend on this broken behaviour.
* Change maintainer to ubuntu-core-dev.
* Merge from debian unstable, remaining changes:
- Add libvirt0-dbg package.
- Start libvirtd by default.
- Create libvirtd group, and have libvirtd's sockets have group ownership
"libvirtd".
- Add libxen as a build-dependency to enable libvirt's Xen features.
* don't include precompiled examples in the doc package (Closes: #456825)
* remove RHism from manpage (Closes: #455859)
* bump standards version
* rebuild with xen support
* make libs match overrides
* move to team maintenance
* suggest dnsmasq and bridge-utils for qemu networking
* remove stale PID files
* UNRELEASED
* build with xen support
* debian/control: we also support xen
* Made default_uri a configurable.
* Add "Provides: libvirt0" to libvirt0-dbg.
* Make virsh understand that the default URI is not xen:///.
* Change default URI to qemu:///session
* Add libvirt0-dbg package, which is just like libvirt0, but built
with --enable-debug=yes.
* Start libvirtd by default.
* Create libvirtd group, and have libvirtd's sockets have group ownership
"libvirtd".
* Fakesync with Debian.
* Reenable Xen.
* put packages into the proper sections
* fix messed up Standards-Version (Closes: #453900)
* build with xen support - depend on our hacked up xen-utils for that
* add initscript to start libvirtd
* debian/copyright:
* update FSF address
* update upstream author and copyright information
* install the virsh manpage
* use binary:Version instead of Source-Version
* repackage for Debian (Closes: #384300)
* enable avahi
* build with qemu/kvm support
* disable xen support until #402249 is fixed
* disable qemu autonetwork for now, causes libvirtd to seqfault
* fix path to kvm
* switch off DH_VERBOSE
* thanks to the Ubuntu maintainers for their work!
* New upstream release.
* Update maintainer.
* Add lingnutls-dev Build-Dep.
* Import new upstram release that can actually build on xen-3.1.
* Depends on libxen3.1-dev.
* New upstream version.
* Updated libvirt-bin.install, thanks to Marcelo Boveto Shima.
* Rebuild for python2.5 as the default python version.
* Initial release