Ubuntu
libvirt package

Merge libvirt from Debian unstable for 22.04

Bug #1946869 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
Christian Ehrhardt 
Ubuntu ubuntu-22.01

Bug Description

Scheduled-For: 23.01
Upstream: tbd
Debian: 7.6.0-1
Ubuntu: 7.6.0-0ubuntu1

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### Old Ubuntu Delta ###

libvirt (7.6.0-0ubuntu1) impish; urgency=medium

  * Merge v7.6.0 from upstream and unreleased changes from Debian git.
    Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
    - New upstream version 7.5.0
    - New upstream version 7.6.0
    - symbols: Bump symbol versions
    - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
    - patches: Refresh patches
    - d/rules: disable the new Cloud Hypervisor driver
    - d/rules: enable more features explicitly
    - d/rules: use apparmor_profiles=enabled instead of the now rejected
      value true
    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
      XDR functions from glibc
  * d/control, d/rules: enable libssh (LP: #1939416)
  * refresh ubuntu patches for v7.6.0
  * Further fixups for v7.6.0 (thanks to Andrea Bolognani)
    - rules: Explicitly set remote_default_mode
    - rules: Rework installation of AppArmor-related files

 -- Christian Ehrhardt <email address hidden> Wed, 11 Aug 2021 08:11:16 +0200

libvirt (7.4.0-0ubuntu3) impish; urgency=medium

  * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
    was not enough)

 -- Christian Ehrhardt <email address hidden> Thu, 08 Jul 2021 14:20:53 +0200

libvirt (7.4.0-0ubuntu2) impish; urgency=medium

  * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)

 -- Christian Ehrhardt <email address hidden> Thu, 08 Jul 2021 09:33:49 +0200

libvirt (7.4.0-0ubuntu1) impish; urgency=medium

  * Merge v7.4.0 from upstream,
    among a lot of new features and fixes this closes a few of issues
    reported against Ubuntu
    - Toleration for qemu >=6.0 handling of props (LP: #1932264)
    - Persistent vfio-ccw device assignments (LP: #1887929)
    - Drop patches that are upstream in v7.4.0
      - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
      - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
      - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
      - d/p/u/lp-1913266-*: add vsock options to be usable with s390x
      - d/p/u/lp-1921754-*: EPYC-Rome-v2
      - d/p/u/lp-1921880-*: EPYC-Milan
    - d/libvirt-clients.install: completions no more are symlinked to vsh
    - Revert 'disable firewalld support (universe dependency)'
      This does not add a runtime dependency and while firewalld isn't in
      main that way users can install and use it from universe.
      (LP: #1928113)
    - d/libvirt0.symbols: bump symbol versions for 7.4.0
    - d/rules: disable the now auto-built vstorage backend
    - not-installed: split daemon man pages are no yet installed

 -- Christian Ehrhardt <email address hidden> Thu, 17 Jun 2021 10:33:27 +0200

libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200

libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium

  * Merge with Debian 7.0.0-1 from Debian unstable
    Remaining changes:
    - libvirt-uri.sh: Automatically switch default libvirt URI for users
      via user profile (xen URI on dom0, qemu:///system otherwise)
      [contains lintian fixups of 6.6.0-1ubuntu1]
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - d/control: add libzfslinux-dev to build-deps
    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
      (follows Debian, droppable >22.04)
    - debian/rules: disable the netcf backend. (LP: 1764314)
    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite a long time.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - Update README.Debian with Ubuntu changes
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - fix autopkgtests (LP 1899180)
      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
        vmlinuz available and accessible (Debian bug 848314)
      + d/t/control: fix smoke-qemu-session by ensuring the service will run
        installing libvirt-daemon-system
      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
        long as the following undefine succeeds
      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
        failing; This was flaky on some release/architectures
      + d/t/smoke-lxc: retry check_domain being flaky on arm64
    - dnsmasq related enhancements
      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
        on purge
      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
        libvirt-dnsmasq and adapt the self tests to expect that config
      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
      + Add dnsmasq configuration to work with system wide dnsmasq-base
    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
      machine type correctly with newer qemu/libvirt
    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
      (LP 1861125) fixups
    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
      recent ubuntu glibx 2.32 it is breaking the build
    - d/control: add libtirpc for rpc.h with glibc >=2.32
    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
      split into logical pieces. File names in debian/patches/ubuntu-aa/:
      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el
        (LP 1686621 LP 1680384 LP 1784023)
      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
      execution (LP 1913266)
  * Dropped Changes [in Debian now]
    - Avoid various issues around service/socket status after install/reinstall
      and on upgrades (LP 1914054).
      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
      - d/rules: --no-restart-after-upgrade does not prevent restarts
      - d/rules: avoid --no-start which breaks .sockets on re-install
      - d/rules: start, but do not restart libvirt-guests.service
    - Dependency improvements yet unreleased from salsa/debian/master thanks
      to Andrea Bolognani (Debian #981435).
      - control: Always explicitly depend on libvirt0
      - control: Always use versioned deps for libvirt components
    - d/control: extend demotion of libvirt-lxc related dependencies to
      libvirt-login-shell

 -- Christian Ehrhardt <email address hidden> Tue, 23 Feb 2021 12:16:08 +0100

Tags: needs-merge

CVE References

Christian Ehrhardt  (paelzer)
Changed in libvirt (Ubuntu):
assignee: nobody → Christian Ehrhardt  (paelzer)
Bryce Harrington (bryce)
Changed in libvirt (Ubuntu):
milestone: none → ubuntu-22.01
Christian Ehrhardt  (paelzer)
Changed in libvirt (Ubuntu):
status: New → In Progress
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

We got 8.0 (our target) into Debian now, starting a merge of that

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Just in case anyone wonders - this is ready a few days already - but blocked by bug 1959054 atm.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package libvirt - 8.0.0-1ubuntu3

---------------
libvirt (8.0.0-1ubuntu3) jammy; urgency=medium

  * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
    system services and sockets."
    Due to the fix being in debhelper we no more need this mitigation now.
    (LP: #1959054)

libvirt (8.0.0-1ubuntu2) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

libvirt (8.0.0-1ubuntu1) jammy; urgency=medium

  * Merge 8.0.0 from Debian unstable (LP: #1946869)
    Among many other fixes and improvements this fixes ceph usage
    in regard to apparmor (LP: #1588576)
    Remaining changes:
    - libvirt-uri.sh: Automatically switch default libvirt URI for users
      via user profile (xen URI on dom0, qemu:///system otherwise)
      [contains lintian fixups of 6.6.0-1ubuntu1]
    - Disable libssh2 support (universe dependency)
    - d/control: add libzfslinux-dev to build-deps
    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
      (follows Debian, droppable >22.04)
    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite a long time.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
    - Update README.Debian with Ubuntu changes
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - fix autopkgtests (LP 1899180)
      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
        vmlinuz available and accessible (Debian bug 848314)
      + d/t/control: fix smoke-qemu-session by ensuring the service will run
        installing libvirt-daemon-system
      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
        long as the following undefine succeeds
      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
        failing; This was flaky on some release/architectures
      + d/t/smoke-lxc: retry check_domain being flaky on arm64
    - dnsmasq related enhancements
      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user...

Changed in libvirt (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.