114
|
|
|
Serge Hallyn |
0.8.8-1ubuntu1 |
13 years ago
|
|
|
108
|
|
|
Serge Hallyn |
0.8.5-0ubuntu1 |
13 years ago
|
|
|
93
|
|
* Merge from debian unstable with security fixes * Fixes: - LP: #588369 - LP: #585964 * Remaining changes: - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Drop lvm2, qemu-kvm and qemu to Suggests + We call libxen-dev libxen3-dev, so change all references + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/apparmor: - add TEMPLATE - add libvirt-qemu abstraction - add usr.lib.libvirt.virt-aa-helper - add usr.sbin.libvirtd - debian/patches/series: + don't apply 0002-qemu-disable-network.diff.patch + don't apply 0005-Terminate-nc-on-EOF.patch. Use 9009-autodetect-nc-params.patch instead + 9000-delayed_iff_up_bridge.patch (refreshed) + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch (refreshed) + 9003-better-default-arch.patch (refreshsed) + 9004-libvirtd-group-name.patch + 9005-increase-unix-socket-timeout.patch (refreshed) + 9006-default-config-test-case.patch + 9007-fix-daemon-conf-ftbfs.patch (updated) + 9008-run-as-root-by-default.patch (refreshed) + 9009-autodetect-nc-params.patch (refreshed) + 9010-dont-disable-ipv6.patch (refreshsed) + 9011-move-ebtables-script.patch (refreshed) * Dropped the following patches included/fixed upstream: - 9012-fix-nodeinfotest-ftbfs.patch - 9013-apparmor-lp457716.patch * Disable virtualbox support since virtualbox-ose is not in main - debian/control: remove virtualbox-ose build dependency - debian/rules: use --without-vbox * debian/patches/9012-apparmor-dont-ignore-open.patch: fix logic when using virDomainDiskDefForeachPath() and add tests. This can be removed in 0.8.4. * debian/apparmor/usr.sbin.libvirtd: add capability fsetid (LP: #613549) * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to @{PROC}/[0-9]*/net/psched * debian/patches/9013-apparmor-chardev.patch: update for serial, parallel and channels. This can be removed in 0.8.4. (LP: #609055, LP: #578527) * migrate virtual machine definitions with non-raw disks and previously unspecified disk format with a one time probe: - add debian/libvirt-migrate-qemu-disks - add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: updated to run 'libvirt-migrate-qemu-disks -a' on upgrades - debian/rules: cp debian/libvirt-migrate-qemu-disks into place - debian/libvirt-bin.manpages: install debian/libvirt-migrate-qemu-disks.1 - debian/README.Debian: updated for libvirt-migrate-qemu-disks
|
Jamie Strandboge |
0.8.3-1ubuntu1 |
14 years ago
|
|
|
92
|
|
* Merge from debian unstable. Remaining changes: - Fixes: LP: #522845 LP: #553737 LP: #520386 - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Drop qemu-kvm and qemu to Suggests + We call libxen-dev libxen3-dev, so change all references + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/apparmor: - add TEMPLATE - add libvirt-qemu abstraction - add usr.lib.libvirt.virt-aa-helper - add usr.sbin.libvirtd - debian/patches/series: + don't apply 0002-qemu-disable-network.diff.patch + don't apply 0005-Terminate-nc-on-EOF.patch. Use 9010-autodetect-nc-params.patch instead + 9000-delayed_iff_up_bridge.patch (refreshed) + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch (updated) + 9004-better-default-arch.patch + 9005-libvirtd-group-name.patch + 9006-increase-unix-socket-timeout.patch (refreshed) + 9007-default-config-test-case.patch (updated) + 9008-fix-daemon-conf-ftbfs.patch (rewritten) + 9009-run-as-root-by-default.patch (refreshed) + 9010-autodetect-nc-params.patch (refreshed, formerly 9015) + 9011-dont-disable-ipv6.patch (updated) * Dropped following packaging changes, no longer required with upgrades from Lucid: - debian/control: + versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg + remove Build-Depends on libcap-ng-dev - debian/libvirt-bin.postinst: virt-aa-helper profile migration to /usr/lib/libvirt - debian/libvirt-bin.preinst: added to force complain on certain upgrades * Dropped the following patches, included upstream: - 0010-Use-base-16-for-product-vendor.patch - 9003-increase-logoutput-timeout.patch - 9010-apparmor-ftbfs.patch - 9011-node_device_driver.patch - 9012-dont-crash-on-restart.patch - 9013-apparmor-dont-clear-caps.patch - 9014-apparmor-remove-unloaded-profile-is-not-fatal.patch - 9016-disk-cache-setting-xml.patch - 9018-fix-pty-console.patch - 9019-apparmor-fix-xauth.patch - 9020-apparmor-fix-backingstore.patch - 9021-apparmor-fix-hostdev.patch - 9022-dont-leak-log-fd.path.patch - 9023-virt-pki-validate_fixes.patch - 9024-free-memory-for-invalid-devices.patch (use 0008-Fix-leaks-in-udev-device-add-remove.patch from Debian) * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to ecryptfs files (LP: #591769) * debian/patches/9012-fix-nodeinfotest-ftbfs.patch: fix FTBFS in nodeinfotest. Drop in 0.8.2. * debian/patches/9013-apparmor-lp457716.patch: properly support/save and restore (LP: #457716). Drop in 0.8.2. * debian/apparmor/libvirt-qemu: remove workaround for LP: #457716 * don't create and run ebtables script in /tmp: - debian/apparmor/usr.sbin.libvirt: allow ixr to /var/lib/libvirt/virtd* for new ebtables functionality added in 0.8.0 - debian/patches/9014-move-ebtables-script.patch: update nwfilter_ebiptables_driver.c /var/lib/libvirt to use /var/lib/libvirt instead of /tmp
|
Jamie Strandboge |
0.8.1-2ubuntu1 |
14 years ago
|
|
|
64
|
|
* Merge from debian unstable. Remaining changes: - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles + 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/libvirt-bin.preinst: added to force complain on certain upgrades - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + 9000-delayed_iff_up_bridge.patch + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch + 9003-increase-logoutput-timeout.patch + 9004-better-default-arch.patch + 9005-libvirtd-group-name.patch + 9006-increase-unix-socket-timeout.patch + 9007-default-config-test-case.patch + 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016) - Dropped the following patches now including upstream: + 0005-Fix-SELinux-linking-issues.patch + 9008-apparmor-caps-mockup.patch + 9009-apparmor-lp453335.patch + 9010-apparmor-lp460271.patch + 9011-apparmor-code-cleanups.patch + 9012-apparmor-add-virt-aa-helper-test.patch + 9013-apparmor-examples.patch + 9014-event-fuzz.patch + 9015-hal-startup-failure-is-nonfatal.patch * debian/patches/9009-run-as-root-by-default.patch: run virtual machines via qemu:///system as root. As of 0.7, upstream libvirt has the ability to run VMs started via qemu:///system as an unprivileged user. Debian's libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream implementation is contentious among the community and while the it does reduce the privileges of the VMs running under qemu:///system, all VMs currently run under the same user, so there is no guest isolation. Even if each user ran under its own user, an attacker could potentially break out of the VM and have unconfined user access (albeit non-root). In Ubuntu, Qemu/KVM virtual machines are already fully isolated and confined by the AppArmor security driver so this feature has been disabled. Once there is consensus among the community on the implementation and its use, changing this default in Ubuntu can be considered as an additional protection to the AppArmor driver. * debian/README.Debian: add section discussing the security implications of using qemu:///system * debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in virt-aa-helper.c and automake dependency declaration. This should be dropped in 0.7.6 or higher.
|
Jamie Strandboge |
0.7.5-5ubuntu1 |
14 years ago
|
|
|
58
|
|
* Merge from debian testing. Remaining changes: - debian/control: + Don't build-depend on QEmu + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + Build-Depends on libxml2-utils + Build-Depends on open-iscsi-utils instead of open-iscsi due to LP: #414986 - debian/postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd - debian/rules: add DEB_MAKE_CHECK_TARGET := check - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2 - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch - AppArmor integration: + debian/control: Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks + add debian/libvirt-bin.cron.daily (LP: #438165) + add debian/libvirt-bin.apport + debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook + debian/postinst: reload apparmor profiles + debian/libvirt-bin.postrm: remove apparmor symlinks on purge + debian/libvirt-bin.preinst: added to force complain on certain upgrades + debian/README.Debian: add AppArmor section based on the upstream documentation + debian/rules: use --with-apparmor and copy apparmor and apport hook to debian/tmp - Dropped the following patches now included upstream: + 0005-Close-logfile-fd-after-spawning-qemu.patch + 9090-reenable-nonfile-labels.patch + 9091-apparmor.patch + 9092-apparmor-autoreconf.patch * AppArmor integration updates: - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to /usr/lib/libvirt/* (LP: #480478) - debian/apparmor/libvirt-qemu: allow guests access to /etc/pki/libvirt-vnc/** (LP: #484562) - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in 0.7.4): + debian/patches/9008-apparmor-caps-mockup.patch + debian/patches/9009-apparmor-lp453335.patch + debian/patches/9010-apparmor-lp460271.patch + debian/patches/9011-apparmor-code-cleanups.patch - add virt-aa-helper-test and examples/apparmor that were omitted from the upstream tarball (can be dropped in 0.7.5): + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch + debian/patches/9013-apparmor-examples.patch + debian/rules: add post-patches target to make virt-aa-helper-test executable * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work when both apparmor and selinux are available. This patch should be dropped in 0.7.4. * debian/patches/9007-default-config-test-case.patch: updated to not fail if building in a deep directory * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels. Can be dropped in 0.7.5. * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal driver if hald is not running instead of dying. Can be dropped in 0.7.4. * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet * revert change to new source format 3.0 (quilt) since Launchpad can't handle it yet (see LP: #293106)
|
Jamie Strandboge |
0.7.2-4ubuntu1 |
14 years ago
|
|
|
44
|
|
|
Jamie Strandboge |
0.7.0-1ubuntu2 |
15 years ago
|
|
|
42
|
|
* Merge from debian unstable, remaining changes: - debian/control: + Don't build-depend on QEmu. + Add "XS-Debian-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - 9000-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - 9001-dont_clobber_existing_bridges.patch Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - 9002-better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - 9003-increase-logoutput-timeout.patch: increase timeout waiting for log output in src/qemu_driver.c, set to 30 seconds, which 10x longer than before, and matches the disk-wait in mdadm. (LP #344400) - 9004-better-default-arch.patch: If a domain does not specify its architecture, attempt to match the host. (LP #344913) - 9005-libvirtd-group-name.patch: Rename libvirt group to libvirtd. - We call libxen-dev libxen3-dev, so change all references.
|
Soren Hansen |
0.6.4-1ubuntu1 |
15 years ago
|
|
|
37
|
|
|
Soren Hansen |
0.6.1-0ubuntu1 |
15 years ago
|
|
|
34
|
|
|
Soren Hansen |
0.6.0-1ubuntu1 |
15 years ago
|
|
|