| 114
|
|
|
Serge Hallyn |
0.8.8-1ubuntu1 |
13 years ago
|
 |
|
| 108
|
|
|
Serge Hallyn |
0.8.5-0ubuntu1 |
13 years ago
|
|
|
| 93
|
|
* Merge from debian unstable with security fixes
* Fixes:
- LP: #588369
- LP: #585964
* Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Drop lvm2, qemu-kvm and qemu to Suggests
+ We call libxen-dev libxen3-dev, so change all references
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/apparmor:
- add TEMPLATE
- add libvirt-qemu abstraction
- add usr.lib.libvirt.virt-aa-helper
- add usr.sbin.libvirtd
- debian/patches/series:
+ don't apply 0002-qemu-disable-network.diff.patch
+ don't apply 0005-Terminate-nc-on-EOF.patch. Use
9009-autodetect-nc-params.patch instead
+ 9000-delayed_iff_up_bridge.patch (refreshed)
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch (refreshed)
+ 9003-better-default-arch.patch (refreshsed)
+ 9004-libvirtd-group-name.patch
+ 9005-increase-unix-socket-timeout.patch (refreshed)
+ 9006-default-config-test-case.patch
+ 9007-fix-daemon-conf-ftbfs.patch (updated)
+ 9008-run-as-root-by-default.patch (refreshed)
+ 9009-autodetect-nc-params.patch (refreshed)
+ 9010-dont-disable-ipv6.patch (refreshsed)
+ 9011-move-ebtables-script.patch (refreshed)
* Dropped the following patches included/fixed upstream:
- 9012-fix-nodeinfotest-ftbfs.patch
- 9013-apparmor-lp457716.patch
* Disable virtualbox support since virtualbox-ose is not in main
- debian/control: remove virtualbox-ose build dependency
- debian/rules: use --without-vbox
* debian/patches/9012-apparmor-dont-ignore-open.patch: fix logic when
using virDomainDiskDefForeachPath() and add tests. This can be removed
in 0.8.4.
* debian/apparmor/usr.sbin.libvirtd: add capability fsetid (LP: #613549)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to
@{PROC}/[0-9]*/net/psched
* debian/patches/9013-apparmor-chardev.patch: update for serial, parallel
and channels. This can be removed in 0.8.4. (LP: #609055, LP: #578527)
* migrate virtual machine definitions with non-raw disks and previously
unspecified disk format with a one time probe:
- add debian/libvirt-migrate-qemu-disks
- add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst: updated to run 'libvirt-migrate-qemu-disks
-a' on upgrades
- debian/rules: cp debian/libvirt-migrate-qemu-disks into place
- debian/libvirt-bin.manpages: install debian/libvirt-migrate-qemu-disks.1
- debian/README.Debian: updated for libvirt-migrate-qemu-disks
|
Jamie Strandboge |
0.8.3-1ubuntu1 |
14 years ago
|
|
|
| 92
|
|
* Merge from debian unstable. Remaining changes:
- Fixes:
LP: #522845
LP: #553737
LP: #520386
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Drop qemu-kvm and qemu to Suggests
+ We call libxen-dev libxen3-dev, so change all references
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/apparmor:
- add TEMPLATE
- add libvirt-qemu abstraction
- add usr.lib.libvirt.virt-aa-helper
- add usr.sbin.libvirtd
- debian/patches/series:
+ don't apply 0002-qemu-disable-network.diff.patch
+ don't apply 0005-Terminate-nc-on-EOF.patch. Use
9010-autodetect-nc-params.patch instead
+ 9000-delayed_iff_up_bridge.patch (refreshed)
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch (updated)
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch (refreshed)
+ 9007-default-config-test-case.patch (updated)
+ 9008-fix-daemon-conf-ftbfs.patch (rewritten)
+ 9009-run-as-root-by-default.patch (refreshed)
+ 9010-autodetect-nc-params.patch (refreshed, formerly 9015)
+ 9011-dont-disable-ipv6.patch (updated)
* Dropped following packaging changes, no longer required with upgrades
from Lucid:
- debian/control:
+ versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg
+ remove Build-Depends on libcap-ng-dev
- debian/libvirt-bin.postinst: virt-aa-helper profile migration to
/usr/lib/libvirt
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
* Dropped the following patches, included upstream:
- 0010-Use-base-16-for-product-vendor.patch
- 9003-increase-logoutput-timeout.patch
- 9010-apparmor-ftbfs.patch
- 9011-node_device_driver.patch
- 9012-dont-crash-on-restart.patch
- 9013-apparmor-dont-clear-caps.patch
- 9014-apparmor-remove-unloaded-profile-is-not-fatal.patch
- 9016-disk-cache-setting-xml.patch
- 9018-fix-pty-console.patch
- 9019-apparmor-fix-xauth.patch
- 9020-apparmor-fix-backingstore.patch
- 9021-apparmor-fix-hostdev.patch
- 9022-dont-leak-log-fd.path.patch
- 9023-virt-pki-validate_fixes.patch
- 9024-free-memory-for-invalid-devices.patch (use
0008-Fix-leaks-in-udev-device-add-remove.patch from Debian)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to ecryptfs
files (LP: #591769)
* debian/patches/9012-fix-nodeinfotest-ftbfs.patch: fix FTBFS in
nodeinfotest. Drop in 0.8.2.
* debian/patches/9013-apparmor-lp457716.patch: properly support/save and
restore (LP: #457716). Drop in 0.8.2.
* debian/apparmor/libvirt-qemu: remove workaround for LP: #457716
* don't create and run ebtables script in /tmp:
- debian/apparmor/usr.sbin.libvirt: allow ixr to /var/lib/libvirt/virtd*
for new ebtables functionality added in 0.8.0
- debian/patches/9014-move-ebtables-script.patch: update
nwfilter_ebiptables_driver.c /var/lib/libvirt to use /var/lib/libvirt
instead of /tmp
|
Jamie Strandboge |
0.8.1-2ubuntu1 |
14 years ago
|
|
|
| 64
|
|
* Merge from debian unstable. Remaining changes:
- debian/control:
+ Build-Depends on qemu-kvm, not qemu
+ Build-Depends on open-iscsi-utils, not open-iscsi
+ Build-Depends on libxml2-utils
+ Build-Depends on libapparmor-dev and Suggests apparmor (>=
2.3+1289-0ubuntu14)
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ temporarily remove Build-Depends on libcap-ng-dev, which isn't
available in Ubuntu main yet
+ Rename Vcs-* to XS-Debian-Vcs-*
- debian/libvirt-bin.postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
+ reload apparmor profiles
+ 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the
profile changed from usr.bin.virt-aa-helper to
usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- debian/libvirt-bin.postrm:
+ rename the libvirt group to libvirtd
+ remove apparmor symlinks on purge
- debian/libvirt-bin.preinst: added to force complain on certain
upgrades
- debian/README.Debian: add AppArmor section based on the upstream
documentation
- debian/rules:
+ update DEB_DH_INSTALLINIT_ARGS for upstart
+ add DEB_MAKE_CHECK_TARGET := check
+ use --with-apparmor
+ copy apparmor and apport hook to debian/tmp
- add debian/libvirt-bin.upstart
- debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
/etc/apparmor.d/libvirt, /etc/cron.daily and
/usr/share/apport/package-hooks
- add debian/libvirt-bin.cron.daily
- add debian/libvirt-bin.apport
- debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
+ 9000-delayed_iff_up_bridge.patch
+ 9001-dont_clobber_existing_bridges.patch
+ 9002-better_default_uri_virsh.patch
+ 9003-increase-logoutput-timeout.patch
+ 9004-better-default-arch.patch
+ 9005-libvirtd-group-name.patch
+ 9006-increase-unix-socket-timeout.patch
+ 9007-default-config-test-case.patch
+ 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016)
- Dropped the following patches now including upstream:
+ 0005-Fix-SELinux-linking-issues.patch
+ 9008-apparmor-caps-mockup.patch
+ 9009-apparmor-lp453335.patch
+ 9010-apparmor-lp460271.patch
+ 9011-apparmor-code-cleanups.patch
+ 9012-apparmor-add-virt-aa-helper-test.patch
+ 9013-apparmor-examples.patch
+ 9014-event-fuzz.patch
+ 9015-hal-startup-failure-is-nonfatal.patch
* debian/patches/9009-run-as-root-by-default.patch: run virtual machines
via qemu:///system as root. As of 0.7, upstream libvirt has the ability to
run VMs started via qemu:///system as an unprivileged user. Debian's
libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream
implementation is contentious among the community and while the it does
reduce the privileges of the VMs running under qemu:///system, all VMs
currently run under the same user, so there is no guest isolation. Even if
each user ran under its own user, an attacker could potentially break out
of the VM and have unconfined user access (albeit non-root). In Ubuntu,
Qemu/KVM virtual machines are already fully isolated and confined by the
AppArmor security driver so this feature has been disabled. Once there is
consensus among the community on the implementation and its use, changing
this default in Ubuntu can be considered as an additional protection to
the AppArmor driver.
* debian/README.Debian: add section discussing the security implications of
using qemu:///system
* debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in
virt-aa-helper.c and automake dependency declaration. This should be
dropped in 0.7.6 or higher.
|
Jamie Strandboge |
0.7.5-5ubuntu1 |
14 years ago
|
|
|
| 58
|
|
* Merge from debian testing. Remaining changes:
- debian/control:
+ Don't build-depend on QEmu
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ Build-Depends on libxml2-utils
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- debian/postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
- debian/libvirt-bin.postrm: rename the libvirt group to libvirtd
- debian/rules: add DEB_MAKE_CHECK_TARGET := check
- debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2
- debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
- AppArmor integration:
+ debian/control: Build-Depends on libapparmor-dev and Suggests
apparmor (>= 2.3+1289-0ubuntu14)
+ debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
/etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt,
/etc/cron.daily and /usr/share/apport/package-hooks
+ add debian/libvirt-bin.cron.daily (LP: #438165)
+ add debian/libvirt-bin.apport
+ debian/libvirt-bin.install: install apparmor profiles, abstractions
and apport hook
+ debian/postinst: reload apparmor profiles
+ debian/libvirt-bin.postrm: remove apparmor symlinks on purge
+ debian/libvirt-bin.preinst: added to force complain on certain
upgrades
+ debian/README.Debian: add AppArmor section based on the upstream
documentation
+ debian/rules: use --with-apparmor and copy apparmor and apport hook to
debian/tmp
- Dropped the following patches now included upstream:
+ 0005-Close-logfile-fd-after-spawning-qemu.patch
+ 9090-reenable-nonfile-labels.patch
+ 9091-apparmor.patch
+ 9092-apparmor-autoreconf.patch
* AppArmor integration updates:
- debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to
/usr/lib/libvirt/* (LP: #480478)
- debian/apparmor/libvirt-qemu: allow guests access to
/etc/pki/libvirt-vnc/** (LP: #484562)
- debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to
/usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper
to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
- update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in
0.7.4):
+ debian/patches/9008-apparmor-caps-mockup.patch
+ debian/patches/9009-apparmor-lp453335.patch
+ debian/patches/9010-apparmor-lp460271.patch
+ debian/patches/9011-apparmor-code-cleanups.patch
- add virt-aa-helper-test and examples/apparmor that were omitted from the
upstream tarball (can be dropped in 0.7.5):
+ debian/patches/9012-apparmor-add-virt-aa-helper-test.patch
+ debian/patches/9013-apparmor-examples.patch
+ debian/rules: add post-patches target to make virt-aa-helper-test
executable
* debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work
when both apparmor and selinux are available. This patch should be
dropped in 0.7.4.
* debian/patches/9007-default-config-test-case.patch: updated to not fail
if building in a deep directory
* debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite
so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels.
Can be dropped in 0.7.5.
* debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal
driver if hald is not running instead of dying. Can be dropped in
0.7.4.
* debian/control: temporarily remove Build-Depends on libcap-ng-dev, which
isn't available in Ubuntu main yet
* revert change to new source format 3.0 (quilt) since Launchpad can't
handle it yet (see LP: #293106)
|
Jamie Strandboge |
0.7.2-4ubuntu1 |
14 years ago
|
|
|
| 44
|
|
|
Jamie Strandboge |
0.7.0-1ubuntu2 |
15 years ago
|
|
|
| 42
|
|
* Merge from debian unstable, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
- 9000-delayed_iff_up_bridge.patch:
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_clobber_existing_bridges.patch
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_default_uri_virsh.patch:
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-logoutput-timeout.patch:
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-default-arch.patch:
If a domain does not specify its architecture, attempt to match the host.
(LP #344913)
- 9005-libvirtd-group-name.patch:
Rename libvirt group to libvirtd.
- We call libxen-dev libxen3-dev, so change all references.
|
Soren Hansen |
0.6.4-1ubuntu1 |
15 years ago
|
|
|
| 37
|
|
|
Soren Hansen |
0.6.1-0ubuntu1 |
15 years ago
|
|
|
| 34
|
|
|
Soren Hansen |
0.6.0-1ubuntu1 |
15 years ago
|
|
|
collapse all