[ubuntu/lucid] libvirt 0.7.5-5ubuntu1 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Mon Jan 25 21:50:15 GMT 2010
libvirt (0.7.5-5ubuntu1) lucid; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor (>=
2.3+1289-0ubuntu14)
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ temporarily remove Build-Depends on libcap-ng-dev, which isn't
available in Ubuntu main yet
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
+ 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the
profile changed from usr.bin.virt-aa-helper to
usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
+ 9000-delayed_iff_up_bridge.patch
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch
+ 9003-increase-logoutput-timeout.patch
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch
+ 9007-default-config-test-case.patch
+ 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016)
- Dropped the following patches now including upstream:
+ 0005-Fix-SELinux-linking-issues.patch
+ 9008-apparmor-caps-mockup.patch
+ 9009-apparmor-lp453335.patch
+ 9010-apparmor-lp460271.patch
+ 9011-apparmor-code-cleanups.patch
+ 9012-apparmor-add-virt-aa-helper-test.patch
+ 9013-apparmor-examples.patch
+ 9014-event-fuzz.patch
+ 9015-hal-startup-failure-is-nonfatal.patch
* debian/patches/9009-run-as-root-by-default.patch: run virtual machines
via qemu:///system as root. As of 0.7, upstream libvirt has the ability to
run VMs started via qemu:///system as an unprivileged user. Debian's
libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream
implementation is contentious among the community and while the it does
reduce the privileges of the VMs running under qemu:///system, all VMs
currently run under the same user, so there is no guest isolation. Even if
each user ran under its own user, an attacker could potentially break out
of the VM and have unconfined user access (albeit non-root). In Ubuntu,
Qemu/KVM virtual machines are already fully isolated and confined by the
AppArmor security driver so this feature has been disabled. Once there is
consensus among the community on the implementation and its use, changing
this default in Ubuntu can be considered as an additional protection to
the AppArmor driver.
* debian/README.Debian: add section discussing the security implications of
using qemu:///system
* debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in
virt-aa-helper.c and automake dependency declaration. This should be
dropped in 0.7.6 or higher.
libvirt (0.7.5-5) unstable; urgency=low
[ Guido Günther ]
* [d8e60e8] Add css to docs
* [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if-
info-chard.patch qemu: Use log output for pty assignment if 'info
chardev' is unavailable - thanks to Matthias Bolte
[ Laurent Léonard ]
* [0905f82] Fix QEMU driver custom domain status XML extensions. -
thanks to Daniel P. Berrange
libvirt (0.7.5-4) unstable; urgency=low
* [18520c0] Same description of supported virt techs in all binary packages
(Closes: #564909) - thanks to Loïc Minier
* [49c357c] Implement path lookup for USB by vendor:product (Closes:
#563502) - thanks to Cole Robinson
libvirt (0.7.5-3) unstable; urgency=low
* [4d41fd7] Also look for dmi information in /sys/class older kernels such
as 2.6.26 have it there. (Closes: #564020)
* [1c0e0b5] Explicitly disable ESX support
* [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas
for the patch
libvirt (0.7.5-2) unstable; urgency=low
* Upload to unstable
* [d6c5ca5] Add debugging symbols for all packages
libvirt (0.7.5-1) experimental; urgency=low
[ Laurent Léonard ]
* [96f8d94] Imported Upstream version 0.7.5
* [f8089a1] Redo patches.
* [294ce3d] Update libvirt0 symbols.
* [1c97be7] Allow DM upload and add myself as uploader.
* [5635a32] Clean debian/watch.
[ Guido Günther ]
* [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch
applied upstream.
libvirt (0.7.4-2) experimental; urgency=low
* [65d3755] Disable SELinux to work around #559356
* [19bd427] Run qemu instances as qemu-libvirt instead of root by default
(Closes: #558197)
* [0a6c03b] Use kvm as primary group for libvirt-qemu user
* [e5ae24b] Fix udev backend startup
* [f610a8e] Use udev instead of hal backend
libvirt (0.7.4-1) unstable; urgency=low
[ Laurent Léonard ]
* [8f2761b] Imported Upstream version 0.7.4
* [20b6b3d] Drop patches.
* 0005-Fix-SELinux-linking-issues.patch - fixed upstream.
* 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch -
fixed upstream.
* 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch -
applied upstream.
* 0008-Fix-qemu-session.patch - fixed upstream.
* [e41f8c6] Update libvirt0 symbols.
* [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts
commit 213ca47bbbefe2dc95be58a09db34669e3be5797.
* [65084d2] Enhance handling of examples.
Date: Mon, 25 Jan 2010 12:48:13 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 25 Jan 2010 12:48:13 -0600
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source
Version: 0.7.5-5ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libvirt-bin - the programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 558197 563502 564020 564053 564909
Changes:
libvirt (0.7.5-5ubuntu1) lucid; urgency=low
.
* Merge from debian unstable. Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor (>=
2.3+1289-0ubuntu14)
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ temporarily remove Build-Depends on libcap-ng-dev, which isn't
available in Ubuntu main yet
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
+ 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the
profile changed from usr.bin.virt-aa-helper to
usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
+ 9000-delayed_iff_up_bridge.patch
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch
+ 9003-increase-logoutput-timeout.patch
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch
+ 9007-default-config-test-case.patch
+ 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016)
- Dropped the following patches now including upstream:
+ 0005-Fix-SELinux-linking-issues.patch
+ 9008-apparmor-caps-mockup.patch
+ 9009-apparmor-lp453335.patch
+ 9010-apparmor-lp460271.patch
+ 9011-apparmor-code-cleanups.patch
+ 9012-apparmor-add-virt-aa-helper-test.patch
+ 9013-apparmor-examples.patch
+ 9014-event-fuzz.patch
+ 9015-hal-startup-failure-is-nonfatal.patch
* debian/patches/9009-run-as-root-by-default.patch: run virtual machines
via qemu:///system as root. As of 0.7, upstream libvirt has the ability to
run VMs started via qemu:///system as an unprivileged user. Debian's
libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream
implementation is contentious among the community and while the it does
reduce the privileges of the VMs running under qemu:///system, all VMs
currently run under the same user, so there is no guest isolation. Even if
each user ran under its own user, an attacker could potentially break out
of the VM and have unconfined user access (albeit non-root). In Ubuntu,
Qemu/KVM virtual machines are already fully isolated and confined by the
AppArmor security driver so this feature has been disabled. Once there is
consensus among the community on the implementation and its use, changing
this default in Ubuntu can be considered as an additional protection to
the AppArmor driver.
* debian/README.Debian: add section discussing the security implications of
using qemu:///system
* debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in
virt-aa-helper.c and automake dependency declaration. This should be
dropped in 0.7.6 or higher.
.
libvirt (0.7.5-5) unstable; urgency=low
.
[ Guido Günther ]
* [d8e60e8] Add css to docs
* [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if-
info-chard.patch qemu: Use log output for pty assignment if 'info
chardev' is unavailable - thanks to Matthias Bolte
.
[ Laurent Léonard ]
* [0905f82] Fix QEMU driver custom domain status XML extensions. -
thanks to Daniel P. Berrange
.
libvirt (0.7.5-4) unstable; urgency=low
.
* [18520c0] Same description of supported virt techs in all binary packages
(Closes: #564909) - thanks to Loïc Minier
* [49c357c] Implement path lookup for USB by vendor:product (Closes:
#563502) - thanks to Cole Robinson
.
libvirt (0.7.5-3) unstable; urgency=low
.
* [4d41fd7] Also look for dmi information in /sys/class older kernels such
as 2.6.26 have it there. (Closes: #564020)
* [1c0e0b5] Explicitly disable ESX support
* [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas
for the patch
.
libvirt (0.7.5-2) unstable; urgency=low
.
* Upload to unstable
* [d6c5ca5] Add debugging symbols for all packages
.
libvirt (0.7.5-1) experimental; urgency=low
.
[ Laurent Léonard ]
* [96f8d94] Imported Upstream version 0.7.5
* [f8089a1] Redo patches.
* [294ce3d] Update libvirt0 symbols.
* [1c97be7] Allow DM upload and add myself as uploader.
* [5635a32] Clean debian/watch.
.
[ Guido Günther ]
* [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch
applied upstream.
.
libvirt (0.7.4-2) experimental; urgency=low
.
* [65d3755] Disable SELinux to work around #559356
* [19bd427] Run qemu instances as qemu-libvirt instead of root by default
(Closes: #558197)
* [0a6c03b] Use kvm as primary group for libvirt-qemu user
* [e5ae24b] Fix udev backend startup
* [f610a8e] Use udev instead of hal backend
.
libvirt (0.7.4-1) unstable; urgency=low
.
[ Laurent Léonard ]
* [8f2761b] Imported Upstream version 0.7.4
* [20b6b3d] Drop patches.
* 0005-Fix-SELinux-linking-issues.patch - fixed upstream.
* 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch -
fixed upstream.
* 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch -
applied upstream.
* 0008-Fix-qemu-session.patch - fixed upstream.
* [e41f8c6] Update libvirt0 symbols.
* [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts
commit 213ca47bbbefe2dc95be58a09db34669e3be5797.
* [65084d2] Enhance handling of examples.
Checksums-Sha1:
469c28bf66dc3206da54b314f038c9f669c8489b 1961 libvirt_0.7.5-5ubuntu1.dsc
8d88541d67a2da50adb85b447b5a01204afeaf7c 9343666 libvirt_0.7.5.orig.tar.gz
1eb458f7109f6148d94159eb84c1660a27b321d0 42279 libvirt_0.7.5-5ubuntu1.diff.gz
Checksums-Sha256:
5a2e12398929f16affde2a94792de1500cb8853cef46eb54129db46ce0211ee1 1961 libvirt_0.7.5-5ubuntu1.dsc
922481aadf72a74cf14012fe3967c60d01e70f7e88908410d57428943ab4eb8b 9343666 libvirt_0.7.5.orig.tar.gz
4b818b715d277d2fb1cf8c2734ef9c00e776e8d3cf7c2ceee56334eb36caf73d 42279 libvirt_0.7.5-5ubuntu1.diff.gz
Files:
60198178761c28545f0837a6d3d011e6 1961 libs optional libvirt_0.7.5-5ubuntu1.dsc
06eedba78d4848cede7ab1a6e48f6df9 9343666 libs optional libvirt_0.7.5.orig.tar.gz
33d73d088c66571a1d301ec5cff9879c 42279 libs optional libvirt_0.7.5-5ubuntu1.diff.gz
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkteEG0ACgkQW0JvuRdL8BrqqgCeP367eOp7dwH/XxeK6r3fukbd
TR8An0TjW24GUtNIGw580uPRlHiY+UN2
=/JiY
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list