[ubuntu/oracular-proposed] libvirt 10.5.0-1ubuntu1 (Accepted)
Sergio Durigan Junior
sergio.durigan at canonical.com
Wed Aug 7 18:25:14 UTC 2024
libvirt (10.5.0-1ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064422). Remaining changes:
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- d/control: Use libc6-dev instead of libc-dev as a build dependency
- d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
override
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
+ Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
cases, do not set to "xen:///" (LP #2027838)
- d/control: Demote passt to Suggests (from Recommends) for
libvirt-daemon-driver-qemu, because passt is in universe.
* Drop changes (present in the new upstream version):
- d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754.
- SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
+ debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
+ CVE-2024-1441
- SECURITY UPDATE: crash in RPC library
+ debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
+ CVE-2024-2494
- SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop()
+ debian/patches/CVE-2024-4418.patch: ensure temporary GSource is
removed from client event loop in src/rpc/virnetclient.c.
+ CVE-2024-4418
- d/p/u/lp-2071848-fix-migration-with-disabled-vmx-features.patch:
Fix migration issues with disabled vmx-* CPU features. (LP #2071848)
Date: Tue, 23 Jul 2024 18:42:08 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvirt/10.5.0-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 23 Jul 2024 18:42:08 -0400
Source: libvirt
Built-For-Profiles: noudeb
Architecture: source
Version: 10.5.0-1ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Launchpad-Bugs-Fixed: 2051754 2064422
Changes:
libvirt (10.5.0-1ubuntu1) oracular; urgency=medium
.
* Merge with Debian unstable (LP: #2064422). Remaining changes:
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- d/control: Use libc6-dev instead of libc-dev as a build dependency
- d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
override
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
+ Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
cases, do not set to "xen:///" (LP #2027838)
- d/control: Demote passt to Suggests (from Recommends) for
libvirt-daemon-driver-qemu, because passt is in universe.
* Drop changes (present in the new upstream version):
- d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754.
- SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
+ debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
+ CVE-2024-1441
- SECURITY UPDATE: crash in RPC library
+ debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
+ CVE-2024-2494
- SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop()
+ debian/patches/CVE-2024-4418.patch: ensure temporary GSource is
removed from client event loop in src/rpc/virnetclient.c.
+ CVE-2024-4418
- d/p/u/lp-2071848-fix-migration-with-disabled-vmx-features.patch:
Fix migration issues with disabled vmx-* CPU features. (LP #2071848)
Checksums-Sha1:
53f83b6814b33f793aa96a0d1fecef43558c2a18 6196 libvirt_10.5.0-1ubuntu1.dsc
345a0557aeca3b74afb7f048ff4e281782503a16 9530296 libvirt_10.5.0.orig.tar.xz
43769f1860d152ec0aca1d5b729871f98315228f 833 libvirt_10.5.0.orig.tar.xz.asc
99230bf2b0dd197eb3e2fda989c0dc7b8f3940a4 155044 libvirt_10.5.0-1ubuntu1.debian.tar.xz
be0bffd05be6e44ece5ed99d91519e5f7b5e70af 9062 libvirt_10.5.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
6bca60134f5d6a16b713b4591f2db7c2d15ebc7c66c44b108813dcdd9bf9c1fd 6196 libvirt_10.5.0-1ubuntu1.dsc
8e853a9c91c9029b9019cf5fdf2b5fea36d501d563e43254efc20e12c00557e8 9530296 libvirt_10.5.0.orig.tar.xz
2d6c4eed153bc739c908abdedc1dc3bd3626bb591087d6d453898cbeff257a12 833 libvirt_10.5.0.orig.tar.xz.asc
e6f208a38daa87fd416d07d09d5a130dc3e410bd40ba6b44ba5a8a28709b0f96 155044 libvirt_10.5.0-1ubuntu1.debian.tar.xz
e6badca2cf590fc042ba07ed784f780e3ca612d26cc22183e780d59027b61006 9062 libvirt_10.5.0-1ubuntu1_source.buildinfo
Files:
7745e09b9cc01c503d14bf8ae6be9fba 6196 libs optional libvirt_10.5.0-1ubuntu1.dsc
e0961d2151df2d62355820fcf4617374 9530296 libs optional libvirt_10.5.0.orig.tar.xz
ea510262e76931a3835607a220544707 833 libs optional libvirt_10.5.0.orig.tar.xz.asc
062f40c22328a29c26ee16779233e4d9 155044 libs optional libvirt_10.5.0-1ubuntu1.debian.tar.xz
c9a5891651934c76264244b98c07ebba 9062 libs optional libvirt_10.5.0-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~sergiodj/ubuntu/+source/libvirt
Vcs-Git-Commit: 864787d424834a94c30625286aa8366f4462c67f
Vcs-Git-Ref: refs/heads/merge-10.5.0-1-oracular
More information about the oracular-changes
mailing list