Change log for libvirt package in Ubuntu
1 → 50 of 730 results | First • Previous • Next • Last |
libvirt (9.6.0-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2018082). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP #2008830) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override * Dropped changes: - d/p/CVE-2023-3750.patch: Remove - fixed upstream - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" This has been restored to match Debian because policykit-1 is now at a version greater than 121 in mantic * Modified changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) -- Lena Voytek <email address hidden> Mon, 14 Aug 2023 14:16:30 -0700
Available diffs
- diff from 9.5.0-2ubuntu2 to 9.6.0-1ubuntu1 (286.0 KiB)
libvirt (8.0.0-1ubuntu7.7) jammy; urgency=medium * When attempting to launch a VM with SGX enabled, there is an error reported that prevents VMs from being launched. Backport fix that fixes the main cause of that issue, which is the QOM_CPU_PATH macro and qom-get behavior (LP: #1982896). - d/p/b/qemu-monitor-json-get-cpux86-data-unexport.patch - d/p/b/qemu-process-update-and-verify-cpu-refactor-cleanup.patch - d/p/b/qemu-monitor-do-not-hardcode-qom-path-of-first-cpu.patch - d/p/b/qemu-domain-store-qompath-in-qemudomainvcpuprivate.patch - d/p/b/qemu-process-move-cpu-flag-querying-after-code-probing-cpus.patch - d/p/b/qemu-process-move-call-to-qemuprocessrefreshcpu-after-cpu-probe.patch - d/p/b/qemu-process-do-not-use-hardcoded-qom-path-for-cpu-for-probing-flags.patch -- Michal Maloszewski <email address hidden> Fri, 04 Aug 2023 10:42:25 +0200
Available diffs
libvirt (9.5.0-2ubuntu2) mantic; urgency=medium * Merge from Debian Unstable. Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830) - SECURITY UPDATE: denial of service via improper locking + debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. + CVE-2023-3750 * Dropped changes [upstream now]: - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities + debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. + CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu2 (13.5 MiB)
- diff from 9.5.0-2ubuntu1 to 9.5.0-2ubuntu2 (1.6 KiB)
Superseded in mantic-proposed |
libvirt (9.5.0-2ubuntu1) mantic; urgency=medium * Merge from Debian Unstable. Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830) - SECURITY UPDATE: denial of service via improper locking + debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. + CVE-2023-3750 * Dropped changes [upstream now]: - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities + debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. + CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu1 (13.5 MiB)
libvirt (9.0.0-2ubuntu3) mantic; urgency=medium * SECURITY UPDATE: denial of service via improper locking - debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. - CVE-2023-3750 -- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:09:55 -0400
Available diffs
libvirt (9.0.0-2ubuntu1.2) lunar-security; urgency=medium * SECURITY UPDATE: denial of service via improper locking - debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. - CVE-2023-3750 -- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:11:54 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.6) jammy; urgency=medium * d/p/u/lp-2024114-Avoid-memleak-in-virNodeDeviceGetPCIVPDDynamicCap.patch: fix memory leak PCI devices with VPD data (LP: #2024114) -- Rafael Lopez <email address hidden> Tue, 20 Jun 2023 11:54:15 +1000
Available diffs
libvirt (9.0.0-2ubuntu1.1) lunar-security; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.5) jammy-security; urgency=medium * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:08:33 -0400
Available diffs
libvirt (9.0.0-2ubuntu2) mantic; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.6.0-0ubuntu3.2) kinetic-security; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:07:47 -0400
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
libvirt (9.0.0-2ubuntu1) lunar; urgency=medium * Merge 9.0.0-2 from Debian unstable (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] * Added changes: - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830)
Available diffs
- diff from 8.6.0-0ubuntu5 to 9.0.0-2ubuntu1 (3.0 MiB)
- diff from 9.0.0-1ubuntu1 to 9.0.0-2ubuntu1 (8.8 KiB)
Superseded in lunar-proposed |
libvirt (9.0.0-1ubuntu1) lunar; urgency=medium * Merge 9.0.0-1 from Debian testing (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] -- Christian Ehrhardt <email address hidden> Wed, 08 Feb 2023 14:54:15 +0100
Available diffs
Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu6) lunar; urgency=medium * Rebuild against latest xen -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 08:10:38 -0500
Available diffs
- diff from 8.6.0-0ubuntu5 to 8.6.0-0ubuntu6 (338 bytes)
Published in focal-proposed |
libvirt (6.0.0-0ubuntu8.17) focal; urgency=medium * d/p/u/lp-1989078-*.patch: allow arm64 to lock its OVMF/AAVMF resources (LP: #1989078) -- Christian Ehrhardt <email address hidden> Mon, 09 Jan 2023 08:48:16 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.4) jammy; urgency=medium * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 15:59:28 +0100
Available diffs
libvirt (8.6.0-0ubuntu3.1) kinetic; urgency=medium [ Lena Voytek ] * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP: #1997269) [Christian Ehrhardt ] * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.6.0-0ubuntu5) lunar; urgency=medium * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl
Available diffs
- diff from 8.6.0-0ubuntu3 to 8.6.0-0ubuntu5 (4.9 KiB)
- diff from 8.6.0-0ubuntu4 to 8.6.0-0ubuntu5 (2.2 KiB)
Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu4) lunar; urgency=medium [ Lena Voytek ] * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP: #1997269) [Christian Ehrhardt ] * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.3) jammy; urgency=medium * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP: #1990499) -- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:33:14 +0200
Available diffs
Superseded in lunar-release |
Published in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP: #1990499) * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP: #1990949) -- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:29:46 +0200
Available diffs
libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium * d/p/libvirt-daemon-system.postinst: default network autostart handling needs to happen before services start (LP: #1990853) -- Christian Ehrhardt <email address hidden> Wed, 28 Sep 2022 08:36:15 +0200
Available diffs
- diff from 8.6.0-0ubuntu1 to 8.6.0-0ubuntu2 (723 bytes)
libvirt (8.0.0-1ubuntu7.2) jammy; urgency=medium * d/p/u/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch: allow arm64 to lock its OVMF resources (LP: #1989078) -- Christian Ehrhardt <email address hidden> Thu, 08 Sep 2022 12:00:39 +0200
Available diffs
libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1971289) Among many other fixes and improvements this fixes: - support for minor NFS versions (LP: #1980134) - launching VMs with SGX enabled (LP: #1982896) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). [8.1.0] - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. [8.1.0] - apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. [8.2.0] - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP 1968187) [8.3.0] - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP 1972075) [8.4.0] * Dropped changes [no more needed]: - d/control: breaks replaces for augeas lenses move in 6.0.0-1 * Added changes: - parallel-shutdown: upstream no more ships libvirt-guests defaults, so the Ubuntu customization of it moved to the file replacing it added in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default replacing the former "d/p/u/parallel-shutdown.patch: set parallel shutdown by default." - update patches to match 8.6.0 + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch + d/p/u/Allow-libvirt-group-to-access-the-socket.patch + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch + d/p/u/ovmf_paths.patch + d/p/u/swtpm-by-swtpm-user.patch + d/p/u/dnsmasq-as-priv-user
Available diffs
libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP: #1972075) -- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP: #1972075) -- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (7.6.0-0ubuntu1.2) impish-security; urgency=medium * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 09:34:13 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.21) bionic-security; urgency=medium * SECURITY UPDATE: crash via double-free memory issue - debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty flags in src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-2.patch: add support for filtering @acls by uint params in src/remote/remote_protocol.x, src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-3.patch: require write acl for guest agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after freeing in src/qemu/qemu_agent.c. - CVE-2020-25637 * SECURITY UPDATE: sVirt SELinux confinement flaw - debian/patches/CVE-2021-3631.patch: fix SELinux label generation logic in src/security/security_selinux.c. - CVE-2021-3631 * SECURITY UPDATE: segmentation fault during VM shutdown - debian/patches/CVE-2021-3975.patch: add missing lock in qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c. - CVE-2021-3975 * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-pre0.patch: handle external domain destroy in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 13:18:06 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.16) focal-security; urgency=medium * SECURITY UPDATE: crash via double-free memory issue - debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty flags in src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-2.patch: add support for filtering @acls by uint params in src/remote/remote_protocol.x, src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-3.patch: require write acl for guest agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after freeing in src/qemu/qemu_agent.c. - CVE-2020-25637 * SECURITY UPDATE: sVirt SELinux confinement flaw - debian/patches/CVE-2021-3631.patch: fix SELinux label generation logic in src/security/security_selinux.c. - CVE-2021-3631 * SECURITY UPDATE: improper locking issue - debian/patches/CVE-2021-3667.patch: unlock object on ACL fail in src/storage/storage_driver.c. - CVE-2021-3667 * SECURITY UPDATE: segmentation fault during VM shutdown - debian/patches/CVE-2021-3975.patch: add missing lock in qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c. - CVE-2021-3975 * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 11:31:12 -0400
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
libvirt (8.0.0-1ubuntu7) jammy; urgency=medium * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP: #1968187) -- Lena Voytek <email address hidden> Tue, 12 Apr 2022 10:04:05 -0700
Available diffs
libvirt (8.0.0-1ubuntu6) jammy; urgency=medium * d/control: recommend swtpm-tools (LP: #1948748) -- Christian Ehrhardt <email address hidden> Mon, 04 Apr 2022 07:30:15 +0200
Available diffs
- diff from 8.0.0-1ubuntu5 to 8.0.0-1ubuntu6 (616 bytes)
libvirt (8.0.0-1ubuntu5) jammy; urgency=medium * apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. -- Martin Pitt <email address hidden> Wed, 09 Mar 2022 13:43:40 +0100
Available diffs
libvirt (8.0.0-1ubuntu4) jammy; urgency=medium * No-change rebuild against libwireshark15. -- Steve Langasek <email address hidden> Mon, 07 Mar 2022 18:34:34 +0000
Available diffs
- diff from 8.0.0-1ubuntu3 to 8.0.0-1ubuntu4 (342 bytes)
libvirt (8.0.0-1ubuntu3) jammy; urgency=medium * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop system services and sockets." Due to the fix being in debhelper we no more need this mitigation now. (LP: #1959054)
Available diffs
- diff from 7.6.0-0ubuntu3 to 8.0.0-1ubuntu3 (2.7 MiB)
- diff from 8.0.0-1ubuntu2 to 8.0.0-1ubuntu3 (1.8 KiB)
Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:04:47 +0000
Available diffs
- diff from 8.0.0-1ubuntu1 to 8.0.0-1ubuntu2 (348 bytes)
Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu1) jammy; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1946869) Among many other fixes and improvements this fixes ceph usage in regard to apparmor (LP: #1588576) Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - d/p/u/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [in Debian now]: - d/control: add libtirpc for rpc.h with glibc >=2.32 - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0 - debian/rules: disable the netcf backend. (LP: 1764314) - d/libvirt-clients.install: completions no more are symlinked to vsh - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files - d/control, d/rules: enable libssh (LP 1939416) * Dropped changes [upstream now]: - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP 1913266) - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP 1927519) - Toleration for qemu >=6.0 handling of props (LP 1932264) - Persistent vfio-ccw device assignments (LP 1887929) * Dropped changes [no more needed]: - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966) - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough) * Added changes: - d/p/u/dnsmasq-as-priv-user: update for 8.0.0 - Add recent upstream fixes to 8.0 + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop libvirt system services and sockets (LP: #1959054). This allows to unblock some transitions that wait on libvirt now; The intention is that it is fixed in debhelper and libvirt reverts this change before jammy release.
Available diffs
libvirt (7.6.0-0ubuntu3) jammy; urgency=medium * d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP: #1951975) -- Christian Ehrhardt <email address hidden> Wed, 24 Nov 2021 07:50:53 +0100
Available diffs
- diff from 7.6.0-0ubuntu1 to 7.6.0-0ubuntu3 (3.3 KiB)
- diff from 7.6.0-0ubuntu2 to 7.6.0-0ubuntu3 (750 bytes)
libvirt (4.0.0-1ubuntu8.20) bionic; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) * d/p/u/skip-new-pdwtags.patch: avoid issues with backported dwarves 1.21 (LP: #1951438) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:24:01 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.15) focal; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:23:11 +0100
Available diffs
libvirt (7.0.0-2ubuntu2.2) hirsute; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:22:28 +0100
Available diffs
libvirt (7.6.0-0ubuntu1.1) impish; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:19:58 +0100
Available diffs
Superseded in jammy-proposed |
libvirt (7.6.0-0ubuntu2) jammy; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) * libvirt should not use user/group tss for swtpm (LP: #1948880) - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results - d/control: suggest swtpm-tools -- Christian Ehrhardt <email address hidden> Thu, 11 Nov 2021 12:11:38 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.14) focal; urgency=medium * Fixup backport of "util: Add phys_port_name support on virPCIGetNetName" to include the incorrectly removed "firstEntryName = NULL;" line, which caused a regression bringing up network pools. (LP: #1943481) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch -- Matthew Ruffell <email address hidden> Tue, 14 Sep 2021 14:00:49 +1200
Available diffs
- diff from 6.0.0-0ubuntu8.13 to 6.0.0-0ubuntu8.14 (762 bytes)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
libvirt (7.6.0-0ubuntu1) impish; urgency=medium * Merge v7.6.0 from upstream and unreleased changes from Debian git. Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778) - New upstream version 7.5.0 - New upstream version 7.6.0 - symbols: Bump symbol versions - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0 - patches: Refresh patches - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc * d/control, d/rules: enable libssh (LP: #1939416) * refresh ubuntu patches for v7.6.0 * Further fixups for v7.6.0 (thanks to Andrea Bolognani) - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files -- Christian Ehrhardt <email address hidden> Wed, 11 Aug 2021 08:11:16 +0200
Available diffs
- diff from 7.4.0-0ubuntu3 to 7.6.0-0ubuntu1 (792.8 KiB)
libvirt (7.0.0-2ubuntu2.1) hirsute; urgency=medium * Add support for switchdev NICs that link representor ports to parent PCI device. (LP: #1892132) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch - d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch -- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.13) focal; urgency=medium * Add support for switchdev NICs that link representor ports to parent PCI device. (LP: #1892132) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch - d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch -- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.12) focal; urgency=medium * d/p/u/lp-1929202-*: fix pre-creation of images during migration (LP: #1929202) -- Christian Ehrhardt <email address hidden> Tue, 20 Jul 2021 14:13:56 +0200
Available diffs
libvirt (7.4.0-0ubuntu3) impish; urgency=medium * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough)
Available diffs
- diff from 7.0.0-2ubuntu2 to 7.4.0-0ubuntu3 (6.8 MiB)
- diff from 7.4.0-0ubuntu2 to 7.4.0-0ubuntu3 (940 bytes)
Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu2) impish; urgency=medium * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
Available diffs
- diff from 7.4.0-0ubuntu1 to 7.4.0-0ubuntu2 (803 bytes)
Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu1) impish; urgency=medium * Merge v7.4.0 from upstream, among a lot of new features and fixes this closes a few of issues reported against Ubuntu - Toleration for qemu >=6.0 handling of props (LP: #1932264) - Persistent vfio-ccw device assignments (LP: #1887929) - Drop patches that are upstream in v7.4.0 - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch - d/p/u/lp-1913266-*: add vsock options to be usable with s390x - d/p/u/lp-1921754-*: EPYC-Rome-v2 - d/p/u/lp-1921880-*: EPYC-Milan - d/libvirt-clients.install: completions no more are symlinked to vsh - Revert "disable firewalld support (universe dependency)" This does not add a runtime dependency and while firewalld isn't in main that way users can install and use it from universe. (LP: #1928113) - d/libvirt0.symbols: bump symbol versions for 7.4.0 - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed -- Christian Ehrhardt <email address hidden> Thu, 17 Jun 2021 10:33:27 +0200
Available diffs
1 → 50 of 730 results | First • Previous • Next • Last |