[ubuntu/groovy-proposed] libvirt 6.6.0-1ubuntu2 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Aug 26 13:15:16 UTC 2020
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
* d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
between libtripc and glibc that break libvirt-lxc (LP: #1892826)
* d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
allow libvirt to control virtiofsd (LP: #1892736)
libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
* Merge with Debian 6.6.0-1 from experimental
Among many other new features and fixes this includes fixes for:
(LP: #1874647) - Stale libvirt cache leads to VM startup failures
(LP: #1869796) - bad ordering and dependent restarts of services/sockets
Remaining changes:
- d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP 1847361)
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped changes (in Debian now):
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- enable attr support to store XATTR labels. Among other things
this allows to properly restore file ownership (LP 691590)
- d/control: build depend to libattr1-dev
- d/rules: configure --with-attr
- Install virt-login-shell-helper
- Install augeas lenses for all drivers
- Remove all mentions of Devhelp
- not-installed: Remove obsolete entries
- not-installed: List all split daemons files
- d/control: bump build dep to python3
- d/control: add python3-docutils as build dependency
- d/rules: set enable-dependency-tracking to avoid FTBFS
- d/rules: drop the no more existing phyp option
- d/rules: drop the no more existing xen configure option
- minimize patches generated by autoreconf
- fix build on Debian/Ubuntu in qemuhotplugtest
- d/libvirt-doc.doc: install rendered docs
- d/libvirt-daemon-system.examples: drop old examples that are now active
- d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
- d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
- d/libnss-libvirt.lintian-overrides: accept having two nss so files
- d/rules: don't ship split daemons just yet
- d/rules: install /etc/default/* files that are shared between sysv and
systemd packages
- d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
libvirt-daemon-system-sysv
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
* Dropped changes (part of upstream now):
- d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
(LP 1879325)
- d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
(LP 1871354)
- d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
-on-rea.patch: avoid DOS through read only connections
CVE-2020-10701
- d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
and binary autodetection in general (LP 1867460)
- d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
fixes (LP 1868539)
- d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
modern types on kernels with recent security fixes (LP 1853200)
- d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
(LP 1868528)
- d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
qemuDomainSetTimeAgent (LP 1865425)
- d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
allow emulation of smartcard via host certificates
- d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
types (LP 1861125)
- d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
block vhost-user-gpu usage
- d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
profiles (LP 1655111)
* Dropped changes (no more needed):
- d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
just a suggest. This was deprecated since bionic and now will be dropped.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- d/control: VCS links to use generic Ubuntu launchpad git URLs
- refreshed patches for libvirt v6.0.0
- d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
avoid error messages on purge [deluser/delgroup no more report warnings]
- "Additional apport package-hook": due to context auto updates
d/libvirt-daemon.install had bad entries which are no more required.
- d/control, d/rules: Disable rbd and zfs on riscv64 where they are
unavailable (LP 1872952)
* Added Changes:
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- refresh ubuntu patches for 6.6
- d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
- d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
- d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
- d/p/ubuntu/dnsmasq-as-priv-user
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
- d/p/ubuntu/daemon-augeas-fix-expected.patch
- d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
enhancements
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
- d/libvirt-clients.lintian-overrides: profile scripts are non executable
- d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
triggering denials in devmapper error path
- d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
(again) allow permanent per guest overrides (LP: #1745114)
- d/control: drop mdevctl to a suggest until (LP 1889248) is ready
libvirt (6.6.0-1) unstable; urgency=medium
* Team upload
[ Andrea Bolognani ]
* [ecdcc72] New upstream version 6.6.0
Includes fix for CVE-2020-14339 (Closes: #966563)
* [751e146] upstream: Add key for Jiří Denemark
* [ab2a1b4] control: Add Build-Depends on libtirpc-dev
* [8714f7d] control: Drop Build-Depends on libncurses5-dev.
* [1137e33] patches: Assign topic to all patches.
* [51e52ab] patches: Reorder patches.
[ Christian Ehrhardt ]
* [ceab403] d/control, d/rules: feature architecture parity.
Enable systemtap, numa and numad on more architectures.
* [dd2d1a9] Drop d/p/apparmor-Allow-[....]-name-service-.patch.
Doesn't seem to be necessary anymore.
* [d31eba5] fix device mapper issues.
Add the following backports:
- virdevmapper-Don-t-cache-device-mapper-major.patch
- virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch
- virdevmapper-Handle-kernel-without-device-mapper-support.patch
* [3145e31] tools: fix libvirt-guests.sh text assignments
Add the following backports:
- tools-fix-libvirt-guests.sh-text-assignments.patch
libvirt (6.5.0-1) unstable; urgency=medium
* Team upload
* [38c0fa7] New upstream version 6.5.0
* [b8a07b4] control: Add Recommends for mdevctl
libvirt (6.4.0-2) unstable; urgency=medium
[ Christian Ehrhardt ]
* [d0f7eb5] enable attr support to be able to store XATTR labels.
Among other things this allows to properly restore file ownership
- d/control: build depend on libattr1-dev
- d/rules: configure --with-attr
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590
[ Andrea Bolognani ]
* Use consistent layout in packaging files
libvirt (6.4.0-1) experimental; urgency=medium
* Team upload
* [1662a90] New upstream version 6.4.0
Includes a fix for CVE-2020-14301 (Closes: #963474)
* [ad19936] patches: Drop tests-Mock-[...]-for-qemuhotplug.patch
* [bfc4f8b] rules: Install upstream release notes
* [995991b] control: Set Rules-Requires-Root: no
* [dd75022] control: Bump Standards-Version to 4.5.0
* [fa6aefb] rules: Enable 'bindnow' hardening option
libvirt (6.2.0-1) experimental; urgency=medium
* Team upload
[ Guido Günther ]
* Upload to experimental
* [1b6982f] New upstream version 6.2.0
Contains fix for CVE-2020-10701. (Closes: #955841)
Thanks to Carnil for the triage
Contains fix for CVE-2020-12430. (Closes: #959447)
[ Andrea Bolognani ]
* [ba77756] patches: Drop all gnulib-related patches
Specifically:
openpty-Skip-test-if-no-pty-is-available.patch
Disable-gnulib-s-test-nonplocking-pipe.sh.patch
test-posix_openpt-don-t-fail-on-EACCESS.patch
* [2e0b5f1] patches: Add tests-Mock-[...]-for-qemuhotplug.patch
Replaces:
skip-qemuhotplugtest.patch
* [7c1e182] debhelper: Use debhelper-compat package
libvirt (6.0.0-7) unstable; urgency=medium
[ Laurent Bigonville ]
* [4e6f909] Disable polkit support on !linux, see: #927896
* [3ee1c87] Do not build-depends against libglusterfs-dev on non-linux
architectures
[ Guido Günther ]
* [41c33eb] Rediff patches
* [da804f9] Backport fix for CVE-2020-10701.
Thanks to Carnil for the triage (Closes: #955841)
* [a5dd08c] d/rules: systemd: Also pass --no-restart-on-upgrade when using
--no-start.
[ Andrea Bolognani ]
* [0c6a3a0] salsa-ci: Create local pristine-tar branch.
libvirt (6.0.0-6) unstable; urgency=medium
[ Laurent Bigonville ]
* [ea7b8b7] autopkgtest exits with 2 when there are skipped tests do not
consider that as fatal
[ Guido Günther ]
* [100e8aa] Don't start or restart socket units on package upgrades.
Changes get picked up when the corresponding system unit is being restarted.
This avoids problems when socket and service units of the same service get
restarted together. See #955483 for details.
* [ff981d5] Pass --no-auto to dh_instalsystemd.
This avoids generation of restart snippets for services listed in `Also=`
sections of the service units. Otherwise these get restarted but we want
to avoid that and let systemd figure it out all by itself.
See: #955483, #841095
libvirt (6.0.0-5) unstable; urgency=medium
[ Guido Günther ]
* [421e865] systemd: Don't restart libvirt-guests on upgrade
(Closes: #955216)
[ Laurent Bigonville ]
* [5f72035] Only run qemu test on amd64
(Closes: #955278)
libvirt (6.0.0-4) unstable; urgency=medium
* [d7df842] sysv: Don't restart libvirt-guests on upgrade
(Closes: #954921)
libvirt (6.0.0-3) unstable; urgency=medium
* [de68a4b] Bump Breaks/conflicts.
While there were conflicts/breaks for the driver split we moved
the augeas lenses in 6.0.0-1. (Closes: #954032, #953894)
libvirt (6.0.0-2) unstable; urgency=medium
* Upload to unstable
libvirt (6.0.0-1) experimental; urgency=medium
[ Guido Günther ]
* [33890b9] New upstream version 6.0.0
(Closes: #939552)
* [c9f82be] gitlab-ci: Run autopkgtests
[ Christian Ehrhardt ]
* [fa167bc] d/libnss-libvirt.lintian-overrides: accept having two nss so
files
* [bf48357] d/libvirt-daemon-system-sysv.lintian-overrides: not shipping
systemd files. Packages are split intentionally, ignore this lintian
warning.
* [2278598] d/rules: also check build time self test results on all
architectures
* [c1be36a] d/rules: drop doc binary cleanup.
* [6d60c3c] d/rules: don't ship split daemons just yet
* [33f8dc4] d/p/skip-qemuhotplugtest.patch: fix qemuhotplugtest.
Skip some elements of qemuhotplugtest that for now break in
Debian/Ubuntu build environments.
* [a1734f7] d/rules: add libvirt-guests.default to libvirt-daemon-system
instead of libvirt-daemon-system-sysv
* [69f6cfe] d/rules: install /etc/default/* files that are shared between
sysv and systemd packages
* [31be682] d/rules: install virtlockd for sysv
(Closes: #880970)
[ Andrea Bolognani ]
* [070d158] Install virt-login-shell-helper.
This new binary was introduced in libvirt 5.7.0 and is necessary for
virt-login-shell to work.
* [143dafb] Install augeas lenses for all drivers.
These slipped through the cracks when we moved from picking up the
corresponding directories as a whole to listing the specific files we're
interested in.
* [efa4cfe] Remove all mentions of Devhelp.
As of libvirt 5.8.0, the corresponding files are no longer
generated.
* [8ebd427] not-installed: Remove obsolete entries.
Now that upstream's build system has been fixed and we're picking up the
documentation from the install location rather than the source directory,
the corresponding files will no longer be flagged by dh_missing.
* [ce54aef] not-installed: List all split daemons files.
Since we're not shipping split daemons yet, the corresponding
binaries as well as systemd units and augeas lenses will be
flagged by dh_missing if we don't list them here.
* [391e39d] symbols: Drop LIBVIRT_5.9.0
libvirt 5.9.0 didn't introduce any new public symbols.
libvirt (6.0.0~rc1-1) experimental; urgency=medium
[ Guido Günther ]
* [443fae0] New upstream version 6.0.0~rc1
* [70c5676] Bump symbol versions
* [eb6c6c1] gitlab-ci: Build package.
We unfortunately can't use salsa-ci's prebuilt pipeline since
that hangs on large jobs:
https://salsa.debian.org/salsa/support/issues/180
We redirct output to a file to work around:
https://salsa.debian.org/salsa/support/issues/191
[ Christian Ehrhardt ]
* [cc6b955] refresh d/p/* for v6.0.0
* [5639ffb] d/control: bump build dep to python3
* [dc99d35] d/rules: set enable-dependency-tracking to avoid FTBFS.
* [af131c7] d/rules: drop the no more existing xen configure option
* [84367d9] d/control: add python3-docutils as build dependency
* [37f0a5c] d/libvirt-doc.doc: install rendered docs
* [880f00e] d/libvirt-daemon-system.examples: Drop examples that are now
conf files
* [671aeca] d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file
placement
Date: Tue, 25 Aug 2020 14:53:26 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvirt/6.6.0-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Aug 2020 14:53:26 +0200
Source: libvirt
Architecture: source
Version: 6.6.0-1ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 880970 939552 953894 954032 954921 955216 955278 955841 959447 963474 966563
Launchpad-Bugs-Fixed: 1745114 1869796 1874647 1887592 1892736 1892826
Changes:
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
.
* d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
between libtripc and glibc that break libvirt-lxc (LP: #1892826)
* d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
allow libvirt to control virtiofsd (LP: #1892736)
.
libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
.
* Merge with Debian 6.6.0-1 from experimental
Among many other new features and fixes this includes fixes for:
(LP: #1874647) - Stale libvirt cache leads to VM startup failures
(LP: #1869796) - bad ordering and dependent restarts of services/sockets
Remaining changes:
- d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP 1847361)
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped changes (in Debian now):
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- enable attr support to store XATTR labels. Among other things
this allows to properly restore file ownership (LP 691590)
- d/control: build depend to libattr1-dev
- d/rules: configure --with-attr
- Install virt-login-shell-helper
- Install augeas lenses for all drivers
- Remove all mentions of Devhelp
- not-installed: Remove obsolete entries
- not-installed: List all split daemons files
- d/control: bump build dep to python3
- d/control: add python3-docutils as build dependency
- d/rules: set enable-dependency-tracking to avoid FTBFS
- d/rules: drop the no more existing phyp option
- d/rules: drop the no more existing xen configure option
- minimize patches generated by autoreconf
- fix build on Debian/Ubuntu in qemuhotplugtest
- d/libvirt-doc.doc: install rendered docs
- d/libvirt-daemon-system.examples: drop old examples that are now active
- d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
- d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
- d/libnss-libvirt.lintian-overrides: accept having two nss so files
- d/rules: don't ship split daemons just yet
- d/rules: install /etc/default/* files that are shared between sysv and
systemd packages
- d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
libvirt-daemon-system-sysv
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
* Dropped changes (part of upstream now):
- d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
(LP 1879325)
- d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
(LP 1871354)
- d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
-on-rea.patch: avoid DOS through read only connections
CVE-2020-10701
- d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
and binary autodetection in general (LP 1867460)
- d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
fixes (LP 1868539)
- d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
modern types on kernels with recent security fixes (LP 1853200)
- d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
(LP 1868528)
- d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
qemuDomainSetTimeAgent (LP 1865425)
- d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
allow emulation of smartcard via host certificates
- d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
types (LP 1861125)
- d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
block vhost-user-gpu usage
- d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
profiles (LP 1655111)
* Dropped changes (no more needed):
- d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
just a suggest. This was deprecated since bionic and now will be dropped.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- d/control: VCS links to use generic Ubuntu launchpad git URLs
- refreshed patches for libvirt v6.0.0
- d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
avoid error messages on purge [deluser/delgroup no more report warnings]
- "Additional apport package-hook": due to context auto updates
d/libvirt-daemon.install had bad entries which are no more required.
- d/control, d/rules: Disable rbd and zfs on riscv64 where they are
unavailable (LP 1872952)
* Added Changes:
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- refresh ubuntu patches for 6.6
- d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
- d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
- d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
- d/p/ubuntu/dnsmasq-as-priv-user
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
- d/p/ubuntu/daemon-augeas-fix-expected.patch
- d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
enhancements
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
- d/libvirt-clients.lintian-overrides: profile scripts are non executable
- d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
triggering denials in devmapper error path
- d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
(again) allow permanent per guest overrides (LP: #1745114)
- d/control: drop mdevctl to a suggest until (LP 1889248) is ready
.
libvirt (6.6.0-1) unstable; urgency=medium
.
* Team upload
.
[ Andrea Bolognani ]
* [ecdcc72] New upstream version 6.6.0
Includes fix for CVE-2020-14339 (Closes: #966563)
* [751e146] upstream: Add key for Jiří Denemark
* [ab2a1b4] control: Add Build-Depends on libtirpc-dev
* [8714f7d] control: Drop Build-Depends on libncurses5-dev.
* [1137e33] patches: Assign topic to all patches.
* [51e52ab] patches: Reorder patches.
.
[ Christian Ehrhardt ]
* [ceab403] d/control, d/rules: feature architecture parity.
Enable systemtap, numa and numad on more architectures.
* [dd2d1a9] Drop d/p/apparmor-Allow-[....]-name-service-.patch.
Doesn't seem to be necessary anymore.
* [d31eba5] fix device mapper issues.
Add the following backports:
- virdevmapper-Don-t-cache-device-mapper-major.patch
- virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch
- virdevmapper-Handle-kernel-without-device-mapper-support.patch
* [3145e31] tools: fix libvirt-guests.sh text assignments
Add the following backports:
- tools-fix-libvirt-guests.sh-text-assignments.patch
.
libvirt (6.5.0-1) unstable; urgency=medium
.
* Team upload
.
* [38c0fa7] New upstream version 6.5.0
* [b8a07b4] control: Add Recommends for mdevctl
.
libvirt (6.4.0-2) unstable; urgency=medium
.
[ Christian Ehrhardt ]
* [d0f7eb5] enable attr support to be able to store XATTR labels.
Among other things this allows to properly restore file ownership
- d/control: build depend on libattr1-dev
- d/rules: configure --with-attr
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590
.
[ Andrea Bolognani ]
* Use consistent layout in packaging files
.
libvirt (6.4.0-1) experimental; urgency=medium
.
* Team upload
.
* [1662a90] New upstream version 6.4.0
Includes a fix for CVE-2020-14301 (Closes: #963474)
* [ad19936] patches: Drop tests-Mock-[...]-for-qemuhotplug.patch
* [bfc4f8b] rules: Install upstream release notes
* [995991b] control: Set Rules-Requires-Root: no
* [dd75022] control: Bump Standards-Version to 4.5.0
* [fa6aefb] rules: Enable 'bindnow' hardening option
.
libvirt (6.2.0-1) experimental; urgency=medium
.
* Team upload
.
[ Guido Günther ]
* Upload to experimental
* [1b6982f] New upstream version 6.2.0
Contains fix for CVE-2020-10701. (Closes: #955841)
Thanks to Carnil for the triage
Contains fix for CVE-2020-12430. (Closes: #959447)
.
[ Andrea Bolognani ]
* [ba77756] patches: Drop all gnulib-related patches
Specifically:
openpty-Skip-test-if-no-pty-is-available.patch
Disable-gnulib-s-test-nonplocking-pipe.sh.patch
test-posix_openpt-don-t-fail-on-EACCESS.patch
* [2e0b5f1] patches: Add tests-Mock-[...]-for-qemuhotplug.patch
Replaces:
skip-qemuhotplugtest.patch
* [7c1e182] debhelper: Use debhelper-compat package
.
libvirt (6.0.0-7) unstable; urgency=medium
.
[ Laurent Bigonville ]
* [4e6f909] Disable polkit support on !linux, see: #927896
* [3ee1c87] Do not build-depends against libglusterfs-dev on non-linux
architectures
.
[ Guido Günther ]
* [41c33eb] Rediff patches
* [da804f9] Backport fix for CVE-2020-10701.
Thanks to Carnil for the triage (Closes: #955841)
* [a5dd08c] d/rules: systemd: Also pass --no-restart-on-upgrade when using
--no-start.
.
[ Andrea Bolognani ]
* [0c6a3a0] salsa-ci: Create local pristine-tar branch.
.
libvirt (6.0.0-6) unstable; urgency=medium
.
[ Laurent Bigonville ]
* [ea7b8b7] autopkgtest exits with 2 when there are skipped tests do not
consider that as fatal
.
[ Guido Günther ]
* [100e8aa] Don't start or restart socket units on package upgrades.
Changes get picked up when the corresponding system unit is being restarted.
This avoids problems when socket and service units of the same service get
restarted together. See #955483 for details.
* [ff981d5] Pass --no-auto to dh_instalsystemd.
This avoids generation of restart snippets for services listed in `Also=`
sections of the service units. Otherwise these get restarted but we want
to avoid that and let systemd figure it out all by itself.
See: #955483, #841095
.
libvirt (6.0.0-5) unstable; urgency=medium
.
[ Guido Günther ]
* [421e865] systemd: Don't restart libvirt-guests on upgrade
(Closes: #955216)
.
[ Laurent Bigonville ]
* [5f72035] Only run qemu test on amd64
(Closes: #955278)
.
libvirt (6.0.0-4) unstable; urgency=medium
.
* [d7df842] sysv: Don't restart libvirt-guests on upgrade
(Closes: #954921)
.
libvirt (6.0.0-3) unstable; urgency=medium
.
* [de68a4b] Bump Breaks/conflicts.
While there were conflicts/breaks for the driver split we moved
the augeas lenses in 6.0.0-1. (Closes: #954032, #953894)
.
libvirt (6.0.0-2) unstable; urgency=medium
.
* Upload to unstable
.
libvirt (6.0.0-1) experimental; urgency=medium
.
[ Guido Günther ]
* [33890b9] New upstream version 6.0.0
(Closes: #939552)
* [c9f82be] gitlab-ci: Run autopkgtests
.
[ Christian Ehrhardt ]
* [fa167bc] d/libnss-libvirt.lintian-overrides: accept having two nss so
files
* [bf48357] d/libvirt-daemon-system-sysv.lintian-overrides: not shipping
systemd files. Packages are split intentionally, ignore this lintian
warning.
* [2278598] d/rules: also check build time self test results on all
architectures
* [c1be36a] d/rules: drop doc binary cleanup.
* [6d60c3c] d/rules: don't ship split daemons just yet
* [33f8dc4] d/p/skip-qemuhotplugtest.patch: fix qemuhotplugtest.
Skip some elements of qemuhotplugtest that for now break in
Debian/Ubuntu build environments.
* [a1734f7] d/rules: add libvirt-guests.default to libvirt-daemon-system
instead of libvirt-daemon-system-sysv
* [69f6cfe] d/rules: install /etc/default/* files that are shared between
sysv and systemd packages
* [31be682] d/rules: install virtlockd for sysv
(Closes: #880970)
.
[ Andrea Bolognani ]
* [070d158] Install virt-login-shell-helper.
This new binary was introduced in libvirt 5.7.0 and is necessary for
virt-login-shell to work.
* [143dafb] Install augeas lenses for all drivers.
These slipped through the cracks when we moved from picking up the
corresponding directories as a whole to listing the specific files we're
interested in.
* [efa4cfe] Remove all mentions of Devhelp.
As of libvirt 5.8.0, the corresponding files are no longer
generated.
* [8ebd427] not-installed: Remove obsolete entries.
Now that upstream's build system has been fixed and we're picking up the
documentation from the install location rather than the source directory,
the corresponding files will no longer be flagged by dh_missing.
* [ce54aef] not-installed: List all split daemons files.
Since we're not shipping split daemons yet, the corresponding
binaries as well as systemd units and augeas lenses will be
flagged by dh_missing if we don't list them here.
* [391e39d] symbols: Drop LIBVIRT_5.9.0
libvirt 5.9.0 didn't introduce any new public symbols.
.
libvirt (6.0.0~rc1-1) experimental; urgency=medium
.
[ Guido Günther ]
* [443fae0] New upstream version 6.0.0~rc1
* [70c5676] Bump symbol versions
* [eb6c6c1] gitlab-ci: Build package.
We unfortunately can't use salsa-ci's prebuilt pipeline since
that hangs on large jobs:
https://salsa.debian.org/salsa/support/issues/180
We redirct output to a file to work around:
https://salsa.debian.org/salsa/support/issues/191
.
[ Christian Ehrhardt ]
* [cc6b955] refresh d/p/* for v6.0.0
* [5639ffb] d/control: bump build dep to python3
* [dc99d35] d/rules: set enable-dependency-tracking to avoid FTBFS.
* [af131c7] d/rules: drop the no more existing xen configure option
* [84367d9] d/control: add python3-docutils as build dependency
* [37f0a5c] d/libvirt-doc.doc: install rendered docs
* [880f00e] d/libvirt-daemon-system.examples: Drop examples that are now
conf files
* [671aeca] d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file
placement
Checksums-Sha1:
32a2aa6c4ebf6c7ef9ed07adb06605d7eb28a241 5226 libvirt_6.6.0-1ubuntu2.dsc
88e4d2a62197013e45c0450d38bc3754b2a076c3 9305836 libvirt_6.6.0.orig.tar.xz
4b6385e08d26fbac0d5782bd180a2d774c859723 833 libvirt_6.6.0.orig.tar.xz.asc
66f6d9627dbe20ccc078c46b3f4dec4ee0185b26 143628 libvirt_6.6.0-1ubuntu2.debian.tar.xz
b6113e3c5979eddc30fd7dcb0a8011c57d949a1b 15775 libvirt_6.6.0-1ubuntu2_source.buildinfo
Checksums-Sha256:
8c7525b97b25a53f97e6c3c0ad88fec639280dd5dfe8734d003a810014809227 5226 libvirt_6.6.0-1ubuntu2.dsc
94e52ddd2d71b650e1a7eb5ab7e651f9607ecee207891216714020b8ff081ef9 9305836 libvirt_6.6.0.orig.tar.xz
46919026c65b3518a84efac96f87a9c99e63e4b79c31c5a1547223604ad34caa 833 libvirt_6.6.0.orig.tar.xz.asc
2792ce3eba4dcf1bf8c53db7148b55d0842b74c22505609b241e67e1351b4943 143628 libvirt_6.6.0-1ubuntu2.debian.tar.xz
acb612532146b65b0f1ef72f74572a52e3087cfb22fbfbc62cb9e6ce568f16a6 15775 libvirt_6.6.0-1ubuntu2_source.buildinfo
Files:
6f01255cbba3a6773c63e757a862cb2d 5226 libs optional libvirt_6.6.0-1ubuntu2.dsc
a1f1d1580292f8932bcbacf5801cf223 9305836 libs optional libvirt_6.6.0.orig.tar.xz
6a2a77e2857cdc44b2007669da6e75ae 833 libs optional libvirt_6.6.0.orig.tar.xz.asc
a85af092b41712e58ce330c18674b370 143628 libs optional libvirt_6.6.0-1ubuntu2.debian.tar.xz
46e179f11a87368835a27fa849010248 15775 libs optional libvirt_6.6.0-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAl9GYEUACgkQuj4pM4KA
skIfRQ//fUpVxUr5xRCAxXQsNco/trs4zg0ogeHVIJ+ZsQPFGkduK5kQ1LW600cK
nIMzMQ4u6rdxnF9zu/TquayQ7oTYXH0w4yHCAnREUckXBgDZkfKDScX0SsPMK1Dn
Y8XsqKxrLGXB6pP+DpcKeqohfVVI2rn7lubia6LZxLbdI7ricE1nJ1rA0Sz11sxv
i/QPgMg1+1um1QxGW1xw6LxPyFyMtbXvmsRlLwckJKqi9N2RtTXJxTSlog0RYWCe
UsOoxHr6AgpClhb2Z8slxWoxtBtdgazMMtNLSJrI7KQq1OJ6Hx+e3ixDDVQWSmdf
bXUKRSfQWBbvqpF81OJTUQXBmtusqwDqVet0PT4a4z71dXK24/TTkhA7NA3UdTZw
RTO4hdbeXzr9jGKZ38yOvQvbbY6IKTS/s0r0l5YxrC8pAzG8YG6owh5x1yDfW9Uy
f2v1yWHEG6R67eDbXq66mxJYHw0EN0SUxmCHfVgnPRFGStleBMAWjlY9h39Eg+u2
rV7SOR0iKLaaInQbLd/Fa87uOWQ/d2rGU0CORMwDMgNKI7L+sRr2SSDiDoKaZCO/
sFraXt4IC2f0qhtSCSz6oE5ZSpGEcqsUq3m5joRYFQ3MKIev5KQwcPh26TWUN8tf
2TxV7l7jZB6+2NuspnjxwZbuhkQrqXmT1QoUoOO7kiKWlMGI0d0=
=I/Oi
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list