libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: avoid issues with newer kernels >=4.18 (LP: #1788603) -- Christian Ehrhardt Mon, 27 Aug 2018 10:57:57 +0200 libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium * Fix an issue where guests with plenty of hostdevs attached where detected as not shut down due to the kernel needing more time to free up resources (LP: #1788226) - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch -- Christian Ehrhardt Tue, 21 Aug 2018 17:51:43 +0200 libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium * Merged with Debian unstable (LP: #1786957). Among many other new features and fixes this includes fixes for (LP: #1754871), Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - Xen related - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - Further upstreamed apparmor Delta, especially any new one Our former delta is split into logical pieces and is either Ubuntu only or is part of a continuous upstreaming effort. Listing related remaining changes in debian/patches/ubuntu-aa/: + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). Can be dropped >=libvirt 4.7 + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 & LP 1680384). + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + 0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests Can be dropped >=libvirt 4.7 - d/rules: enable build time self tests on all architectures - run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users - debian/rules: disable the netcf backend. (LP: 1764314) - debian/control: drop libnetcf from Build-Depends. - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - d/rules: install virtlockd correctly with defaults file (LP: 1729516) * Added Changes - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to take care of no more silencing and thereby hiding denials (LP 1719579 is an example) - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to also allow the optionally placed ceph asok file (LP: #1779674) - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare profile for usrmerge (LP: #1784023) - Finalize the libvirt-bin -> libvirt-* transition in the apport package-hook. - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: #1786019) - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we don't want blanket access. We only allow enumerating the base dir and reading owned files. Further features needing /tmp have to add local overrides, examples are qemu-smb and some modes of local snapshots. (LP: #1365261) Can be dropped >=libvirt 4.7 - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to preserve /dev mountpoints in qemu namespaces (LP: #1786168) Can be dropped >=libvirt 4.7 - avoid service dependency issues on upgrade (LP: #1786179) This will in the long term be resolved in dh_* tools, but to let an upgrade work for now we need to drop the sysV scripts (which we don't use anyway) and slightly modify the systemd service to work with todays dh_systemd_start properly. Can be dropped once Debian bug 905772 is resolved in dh_* tools and libvirt uses those new code. - d/libvirt-daemon-system.virtlogd.init: removed sysV init file - d/libvirt-daemon-system.libvirtd.init: removed sysV init file - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd and lbivirtd sysV init file - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references to virtlogd/virtlockd sockets as they would imply a restart of virtlogd breaking it. - d/t/smoke-lxc: use systemd instead of sysV to restart the service * Dropped Changes (upstream) - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing of memory slots and other extended features without breaking virt-aa-helper (LP: 1746431). - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: 1688508) - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471) - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: 1752361) - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: 1688508) - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: 1756394) - Fix nvdimm memory and passthrough input devices for hotplug via domain security callbacks backporting upstream commits (LP: 1755153). + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch - Fix nvdimm memory and passthrough input devices in initial guest description via virt-aa-helper (LP: 1757085). + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch - Fix clean shut down of guests on system shutdown (LP: 1764668) + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch - SECURITY UPDATE: QEMU monitor DoS + debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. + CVE-2018-1064 - SECURITY UPDATE: Speculative Store Bypass + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + CVE-2018-3639 - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch: Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: 1758037) - SECURITY UPDATE: code injection via libnss_dns.so + debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. + CVE-2018-6764 * Dropped Changes (no upgrade path left that needs those) - Backwards compatible handling of group rename (can be dropped >18.04). - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - d/libvirt-daemon-system.maintscript: remove the now dropped conffile /etc/cron.daily/libvirt-daemon-system * Dropped Changes (cleanups) - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed one issue and the other is solved in libvirt by ensuring to move to the right cgroups.) - remove no more used libvirt-dnsmasq user (this was redundant since 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user) - Disable selinux (now in main) -- Christian Ehrhardt Sat, 18 Aug 2018 14:40:58 +0200 libvirt (4.6.0-2) unstable; urgency=medium * [c33faee] Drop dwarves dependency. Unmaintained and only used in the test suite. (Closes: #905700) * [43da5ad] Don't use jansson for JSON encoding. It has borken integer parsing. This adds new patches: Revert-m4-Introduce-STABLE_ORDERING_JANSSON.patch Revert-Remove-virJSONValueNewStringLen.patch Revert-build-undef-WITH_JANSSON-for-SETUID_RPC_CLIENT.patch Revert-tests-qemucapsprobe-Fix-output-after-switching-to-.patch Revert-build-require-Jansson-if-QEMU-driver-is-enabled.patch Revert-util-jsoncompat-Stub-out-virJSONInitialize-when-co.patch Revert-Switch-from-yajl-to-Jansson.patch Revert-remote-daemon-Make-sure-that-JSON-symbols-are-prop.patch Revert-build-remove-references-to-WITH_YAJL-for-SETUID_RP.patch Revert-build-add-with-jansson.patch Revert-Remove-functions-using-yajl.patch Revert-build-switch-with-qemu-default-from-yes-to-check.patch Revert-tests-also-skip-qemuagenttest-with-old-jansson.patch Revert-util-avoid-symbol-clash-between-json-libraries.patch (Closes: #906116) -- Guido Günther Tue, 14 Aug 2018 15:09:14 +0200 libvirt (4.6.0-1) unstable; urgency=medium * [afd5e39] d/control: Fix typo in libnss-libvirt's short description. Thanks to Salvatore Bonaccorso (Closes: #904738) * [f2f7871] New upstream version 4.6.0 * [a81e098] Drop apparmor-Fix-forgotten-comma-at-EOL.patch applied upstream * [d53b4b1] Use jansson instead of yajl. The later is no longer supported upstream * [bf99d36] Bump symbol versions -- Guido Günther Mon, 06 Aug 2018 21:54:45 +0200 libvirt (4.5.0-1) unstable; urgency=medium * [c2b3afc] New upstream version 4.5.0 * [50aa257] Drop patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch not needed with QEMU since at least stretch. * [7698a4e] Build-dep on libwiretap-dev for the wireshark dissector * [2390909] examples: adjust to libvirtd code move * [64e5530] Bump symbol versions * [a89e652] l-d-s: suggest open-iscsi (Closes: #903262) * [882c646] Install bash completion (Closes: #902450) * [8d79673] apparmor: Fix forgotten comma at EOL * [0a9cb25] Install storage-file drivers * [84269a2] Warn about uninstalled files -- Guido Günther Tue, 17 Jul 2018 09:36:26 +0200 libvirt (4.3.0-1) unstable; urgency=medium * [8730a15] New upstream version 4.3.0 * [1272efc] Drop patches due to upstream code removal. Allow-xen-toolstack-to-find-it-s-binaries.patch debian/fix-Debian-specific-path-to-hvm-loader.patch * [20eb594] Bump symbol versions -- Guido Günther Wed, 16 May 2018 12:09:53 +0200 libvirt (4.2.0-3) unstable; urgency=medium * [78872cc] Ship logrotate snippets again (Closes: #895709) -- Guido Günther Wed, 16 May 2018 07:54:29 +0200 libvirt (4.2.0-2) unstable; urgency=medium * [c859ce5] Prefer /sbin over /usr/sbin. If libvirt is built in a chroot with merged /usr it will otherwise break on non /usr merged systems. (Closes: #895145) -- Guido Günther Sun, 08 Apr 2018 11:05:14 +0200 libvirt (4.2.0-1) unstable; urgency=medium [ Laurent Bigonville ] * [8d62a8c] Start admin sockets on installation (Closes: #893484) [ Guido Günther ] * [417534b] New upstream version 4.2.0 (Closes: #894985) * [9d7fa44] Bump symbol versions * [c23ed3d] Rediff patches. Applied upstream: lockd-fix-typo-in-virtlockd-admin.socket.patch CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch -- Guido Günther Fri, 06 Apr 2018 12:33:30 +0200 libvirt (4.1.0-2) unstable; urgency=medium * [0b6cf2f] lockd: fix typo in virtlockd-admin.socket (Closes: #893330) -- Guido Günther Sun, 18 Mar 2018 10:51:37 +0100 libvirt (4.1.0-1) unstable; urgency=medium * [3cbbfa5] New upstream version 4.1.0 * [0e596b3] Bump symbol versions * [e886044] Drop patches applied upstream - apparmor-allow-libvirt-to-send-term-signal-to-unconfined.patch - virlog-determine-the-hostname-on-startup-CVE-2018-6764.patch * [097d74c] CVE-2018-1064: qemu: avoid denial of service reading from QEMU guest agent -- Guido Günther Thu, 15 Mar 2018 08:25:29 +0100 libvirt (4.0.0-2) unstable; urgency=medium * [4339f02] CVE-2018-6764: virlog: determine the hostname on startup Closes: #889839 -- Guido Günther Thu, 08 Feb 2018 19:29:59 +0100 libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. -- Mathieu Trudel-Lapierre Wed, 27 Jun 2018 11:16:23 -0400 libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777) -- Christian Ehrhardt Tue, 12 Jun 2018 16:24:01 +0200 libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers Tue, 22 May 2018 10:55:56 -0400 libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian Ehrhardt Wed, 09 May 2018 17:07:59 +0200 libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium * debian/rules: disable the netcf backend. (LP: #1764314) * debian/control: drop libnetcf from Build-Depends. -- Mathieu Trudel-Lapierre Wed, 09 May 2018 10:06:15 -0400 libvirt (4.0.0-1ubuntu8) bionic; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt Tue, 24 Apr 2018 11:09:48 +0200 libvirt (4.0.0-1ubuntu7) bionic; urgency=medium * Fix nvdimm memory and passthrough input devices for hotplug via domain security callbacks backporting upstream commits (LP: #1755153). - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch * Fix nvdimm memory and passthrough input devices in initial guest description via virt-aa-helper (LP: #1757085). - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch -- Christian Ehrhardt Wed, 21 Mar 2018 08:30:47 +0100 libvirt (4.0.0-1ubuntu6) bionic; urgency=medium * Backport from recent upstream to stabilize libvirt (LP: #1756915) - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: #1688508) * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: #1756394) -- Christian Ehrhardt Mon, 19 Mar 2018 14:57:08 +0100 libvirt (4.0.0-1ubuntu5) bionic; urgency=medium * run dnsmasq as libvirt-dnsmasq (LP: #1743718) - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users * Backport from recent upstream to stabilize libvirt (LP: #1754352) - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471) * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: #1752361) -- Christian Ehrhardt Tue, 27 Feb 2018 12:04:02 +0100 libvirt (4.0.0-1ubuntu4) bionic; urgency=medium * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: #1688508) -- Christian Ehrhardt Fri, 23 Feb 2018 16:43:19 +0100 libvirt (4.0.0-1ubuntu3) bionic; urgency=medium [ Christian Ehrhardt ] * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04 - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch * d/rules: enable build time self tests on all architectures [ Marc Deslauriers ] * SECURITY UPDATE: code injection via libnss_dns.so - debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. - CVE-2018-6764 -- Christian Ehrhardt Mon, 19 Feb 2018 14:18:44 +0100 libvirt (4.0.0-1ubuntu2) bionic; urgency=medium * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442) - refreshed 0032 and 0040 to match the new context. * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing of memory slots and other extended features without breaking virt-aa-helper (LP: #1746431). -- Christian Ehrhardt Fri, 02 Feb 2018 07:31:17 +0100 libvirt (4.0.0-1ubuntu1) bionic; urgency=medium * Merged with Debian unstable (4.0) This closes several bugs: - Error generating apparmor profile when hostname contains spaces (LP: #799997) - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028) - libvirt usb passthrough throws apparmor denials related to /run/udev/data/+usb (LP: #1727311) - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626) - iohelper improvements to let bypass-cache work without opening up the apparmor isolation (LP: #1719579) - nodeinfo on s390x to contain more CPU info (LP: #1733688) - Upgrade libvirt >= 4.0 (LP: #1745934) * Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + autostart the default network by default + do not autostart if subnet is already taken (e.g. in guests). - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova * Dropped Changes (Upstream): - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets - d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP 1690140) - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for disk files (LP 1709818) - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for loader/nvram (LP 1710960) - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append files (LP 1726804) - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: fix path generation for USB host devices (LP 1552241) - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: generate valid rules on usb passthrough (LP 1686324) - d/p/avoid-double-locking.patch: fix a deadlock that could occur when libvirtd interactions raced with dbus causing a deadlock (LP 1714254). - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: fix FTBFS with glibc 2.26 (LP 1718668) - Extended handling of apparmor profiles - clear lost profiles via cron (now cleared by virt-aa-helper on domain stop) - nat only on some ports (upstream default now if nothing is specified, actually dropped last cycle) * Dropped Changes (In Debian or no more important): - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap (LP 522845). - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per guest if needed). - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts - Disable sheepdog (was for universe dependency, but is now only a suggest) - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of these were never released, but important to mention for the bug references: - libnss-libvirt once enabled causes apt to call getdents avoid this being an issue by dropping a apt conf that allows this in seccomp (LP: #1732030). - d/libvirt-daemon-system.postrm: clean up more libvirt directories on purge - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch: apparmor: allow unix stream for p2p migrations - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch: this replaces the hugepage rules and fixes many more formerly missing - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch: allowing to have path wildcards on labels set by domain callbacks - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch: apparmor implementation of security callback - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch: this is now covered by chardev label callbacks * Added Changes: - Revert Debian change "Drop libvirt-bin upgrade handling" This is needed in Ubuntu one last time (drop >18.04) - Revert Debian change "Drop maintscript helpers for versions predating jessie and wheezy-backports". This is needed in Ubuntu one last time (drop >18.04) - Refreshed d/p/* to match new version (only fuzz, no semantic change) - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to avoid error messages on purge - remove no more used libvirt-dnsmasq user (drop >18.04) - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch .patch: backport upstream cahnge to expose already used chardev calls. - d/libvirt-daemon-system.postrm: Remove the default.xml network link set up by postinst. - d/libvirt-daemon-system.maintscript: remove the now dropped conffile /etc/cron.daily/libvirt-daemon-system - d/libvirt-daemon-system.postinst: fixups for autostart default network - use modern shell syntax - try more default networks before giving up to enable by default - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: add multipass image path and mark as ubuntu only change. - d/rules: install virtlockd correctly with defaults file (LP: #1729516) - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover the slightly changed behavior of libvirt 4.0 (LP: #1741617) - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of just a suggest to have 3rd party relying on rbd out of the box working. This is deprecated and users of rbd backend should start depending on this package for it will be dropped to a suggest in future releases. -- Christian Ehrhardt Thu, 14 Dec 2017 14:15:55 +0100 libvirt (4.0.0-1) unstable; urgency=medium * [5936904] New upstream version 4.0.0 * [bcb7ca3] Drop patches applied upstream. Allow-libvirt-to-kill-unconfined-domains.patch Drop qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch -- Guido Günther Sat, 20 Jan 2018 16:31:11 +0100 libvirt (4.0.0~rc2-1) experimental; urgency=medium * [8dd2f5b] Don't manage /etc/apparmor.d/local as conf files (Closes: #887612) * [0819e5a] apparmor: allow libvirt to send term signal to unconfined * [b1ecc1a] New upstream version 4.0.0~rc2 * [7406ae5] CVE-2018-5748: qemu: avoid denial of service reading from QEMU monitor (Closes: #887700) * [564e232] Bump symbol versions * [0a274c0] d/control: use priority optional instead of extra -- Guido Günther Fri, 19 Jan 2018 12:54:54 +0100 libvirt (4.0.0~rc1-1) experimental; urgency=medium [ Guido Günther ] * [a225d2b] New upstream version 4.0.0~rc1 (Closes: #881293, #846534) * [2270343] Rediff patches [ intrigeri ] * [89b8ab4] Allow libvirt to kill unconfined domains [ Christian Ehrhardt ] * [b2ce106] Clear more directories on purge (Closes: #884828) * [0cd10ab] Avoid apt seccomp issues due to libnss-libvirt (LP: #1732030) -- Guido Günther Mon, 15 Jan 2018 09:44:37 +0100 libvirt (3.10.0-1) unstable; urgency=medium * [0d103b6] Bump standards version * [3eca017] Add russian debconf translation. Thanks to Lev Lamberov (Closes: #883109) * [04da2ca] New upstream version 3.10.0 * [f311e52] Drop AppArmor-add-rules-needed-with-additional-mediation-featu.patch - fixed upstream * [0c7f363] Bump symbol versions * [cbe1699] Use recent debhelper instead of dh-systemd * [c757791] apparmor: Allow virt-aa-helper to access the name service switch. Thanks to Martin Pitt (Closes: #882979) -- Guido Günther Tue, 05 Dec 2017 14:55:51 +0100 libvirt (3.9.0-1) unstable; urgency=medium * [eef697c] New upstream version 3.9.0 -- Guido Günther Sun, 05 Nov 2017 14:49:43 +0100 libvirt (3.9.0~rc1-1) experimental; urgency=medium * Upload to experimental * [23e28a0] New upstream version 3.9.0~rc1 * [b19f9f8] Bump symbol versions * [83a3ff3] Drop patches applied upstream apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch virt-host-validate-require-fuse-for-LXC-if-compiled-in.patch qemu-ensure-TLS-clients-always-verify-the-server-certific.patch * [e834771] AppArmor: add rules needed with additional mediation features brought by Linux 4.14. Thanks: intrigeri (Closes: #879772) -- Guido Günther Tue, 31 Oct 2017 12:13:29 +0100 libvirt (3.8.0-3) unstable; urgency=medium * [e0e0a42] virt-host-validate: require fuse for LXC if compiled in. This should make us skip the lxc test properly on debci. * [d16ae50] Drop libvirt-bin upgrade handling libvirt-bin was dropped before Jessie * [3f18a26] CVE-2017-1000256: qemu: ensure TLS clients always verify the server certificate (Closes: #878799) -- Guido Günther Mon, 16 Oct 2017 19:36:25 +0200 libvirt (3.8.0-2) unstable; urgency=medium * Upload to unstable Closes: #878153 * [646a20f] apparmor: add dnsmasq ptrace rule to libvirtd profile -- Guido Günther Thu, 12 Oct 2017 10:27:25 +0200 libvirt (3.8.0-1) experimental; urgency=medium * [842dee5] Add id-length to gbp.conf * [6cf2527] New upstream version 3.8.0 -- Guido Günther Thu, 05 Oct 2017 18:30:55 +0200 libvirt (3.8.0~rc1-1) experimental; urgency=medium * apparmor: add attach_disconnected * apparmor: cater for new AAVMF image location * Don't ship apparmor profiles in the doc package too. This is just confusing since things are installed in libvirt-daemon-system. * Drpo maintscript helpers for versions predating jessie and wheezy-backports * New upstream version 3.8.0~rc1 * New upstream version 3.8.0~rc1 * Rediff patches apparmor-cater-for-new-AAVMF-image-location.patch apparmor-delete-profile-on-VM-shutdown.patch apparmor-add-attach_disconnected.patch * Bump symbol versions -- Guido Günther Fri, 29 Sep 2017 12:53:25 +0200 libvirt (3.7.0-4) unstable; urgency=medium * Pass-GPG_TTY-env-var-to-the-ssh-binary.patch: sanitize commit message * apparmor: add attach_disconnected (Closes: #876071) * apparmor: cater for new AAVMF image location * apparmor: delete profile on VM shutdown -- Guido Günther Mon, 18 Sep 2017 20:24:07 +0200 libvirt (3.7.0-3) unstable; urgency=medium * Move glusterfs, rbd, sheepdog and zfs storage drivers into separate packages. This reduces the dependencies pulled into default installations. (Closes: #875834) -- Guido Günther Fri, 15 Sep 2017 14:09:31 +0200 libvirt (3.7.0-2) unstable; urgency=medium * Update copyright file -- Guido Günther Thu, 14 Sep 2017 12:16:47 +0200 libvirt (3.7.0-1) unstable; urgency=medium * New upstream version 3.7.0 (Closes: #874323) * Rediff patches * Bump symbol versions * Also pass $TERM to ssh so pinentry works Thanks to Guilhem Moulin (Closes: #843863) * Enable Gluster support (Closes: #755545) * Enable wireshark dissector (Closes: #862989) -- Guido Günther Fri, 08 Sep 2017 14:52:38 +0200 libvirt (3.6.0-1ubuntu6) artful; urgency=medium * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append files (LP: #1726804) * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: fix path generation for USB host devices (LP: #1552241) * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: generate valid rules on usb passthrough (LP: #1686324) -- Christian Ehrhardt Tue, 24 Oct 2017 14:30:34 +0200 libvirt (3.6.0-1ubuntu5) artful; urgency=medium * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: fix FTBFS with glibc 2.26 (LP: #1718668) -- Christian Ehrhardt Thu, 28 Sep 2017 08:18:10 -0400 libvirt (3.6.0-1ubuntu4) artful; urgency=medium * d/p/avoid-double-locking.patch: fix a deadlock that could occur when libvirtd interactions raced with dbus causing a deadlock (LP: #1714254). -- Christian Ehrhardt Fri, 01 Sep 2017 10:29:35 +0200 libvirt (3.6.0-1ubuntu3) artful; urgency=medium * No change rebuild for Qemu 2.10 and Xen 4.9 -- Christian Ehrhardt Mon, 21 Aug 2017 10:34:13 +0200 libvirt (3.6.0-1ubuntu2) artful; urgency=medium * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for loader/nvram (LP: #1710960) -- Christian Ehrhardt Thu, 17 Aug 2017 10:00:19 +0200 libvirt (3.6.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.6) This closes several bugs: - aarch64: improved chardev handling (LP: #1697610) - Forbid locking memory without memtune (LP: #1708305) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP 1690140) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova * Dropped Changes (Upstream): - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with default driver entries missing name='qemu'. - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. * Dropped Changes (In Debian): - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) * Added Changes: - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for disk files (LP: #1709818) -- Christian Ehrhardt Thu, 10 Aug 2017 12:44:47 +0200 libvirt (3.6.0-1) unstable; urgency=medium * [ece8d56] New upstream version 3.6.0 (Closes: #870626) * [f807f7e] Move debianization patches to front of pq since these are unlikely to go away * [a06e5a6] Don't build nss on non-linux since it depends on network support which is not available on non-linux. Thanks to Pino Toscano (Closes: #867393) * [6982266] Enable esx support (Closes: #602807) * [2c29499] Bump symbol versions * [f974bd9] d/control: fix typo. Thanks to lintian * [d4f1521] Bump standards version to 4.0.0 -- Guido Günther Fri, 04 Aug 2017 00:05:47 -0300 libvirt (3.5.0-1ubuntu3) artful; urgency=medium * Refresh changes to match they way they were accepted upstream - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit reference now that it is in git. - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the name this is now fixed by relaxing the schema. -- Christian Ehrhardt Wed, 19 Jul 2017 12:48:39 +0200 libvirt (3.5.0-1ubuntu2) artful; urgency=medium * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. -- Christian Ehrhardt Tue, 18 Jul 2017 16:34:57 +0200 libvirt (3.5.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.5) This closes several bugs: - improved handling of host-model since libvirt 3.2 (LP: #1673467) - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + (28 is a new patch, listed in added changes) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova - remaining but updated to match the latest release + d/p/Disable-use-of-namespaces-by-default.patch (Debian change) + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change) + d/p/debian/apparmor_profiles_local_include.patch Include local apparmor profile (Debian change) + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx + d/test/smoke-lxc workaround for debbug 848317/867379 * Dropped Changes (Upstream): - Add missing apparmor rule for debug-threads feature (LP 1615550). - Add new block device types to virt-aa-helpers profile (LP 1641618) - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms for storage dirs like /var/lib/libvirt/images. - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits to support huge systems. - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all in libvirtd.service (-d not allowed to be specified, everything else upstream so drop delta; LP 1574566). - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process spice: don't release used port (LP 1697729). - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus: Always fall back to the old command if domain caps fail (LP 1674298) - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past it was possible to have