This bug was fixed in the package libvirt - 8.6.0-0ubuntu1 --------------- libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1971289) Among many other fixes and improvements this fixes: - support for minor NFS versions (LP: #1980134) - launching VMs with SGX enabled (LP: #1982896) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). [8.1.0] - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. [8.1.0] - apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. [8.2.0] - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP 1968187) [8.3.0] - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP 1972075) [8.4.0] * Dropped changes [no more needed]: - d/control: breaks replaces for augeas lenses move in 6.0.0-1 * Added changes: - parallel-shutdown: upstream no more ships libvirt-guests defaults, so the Ubuntu customization of it moved to the file replacing it added in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default replacing the former "d/p/u/parallel-shutdown.patch: set parallel shutdown by default." - update patches to match 8.6.0 + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch + d/p/u/Allow-libvirt-group-to-access-the-socket.patch + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch + d/p/u/ovmf_paths.patch + d/p/u/swtpm-by-swtpm-user.patch + d/p/u/dnsmasq-as-priv-user libvirt (8.6.0-0) UNRELEASED; urgency=medium [ Christian Ehrhardt ] * [f35cf09] d/rules: update path of ci-dashboard removal [ Andrea Bolognani ] * [a54d904] New upstream version 8.6.0 libvirt (8.5.0-2) experimental; urgency=medium * [6c9bffb] Implement custom handling for systemd units - We've already moved away from dh_installsystemd due to #994204, and now we're refactoring the custom code so that it's easier to understand and maintain going forward libvirt (8.5.0-1) unstable; urgency=medium * [74b9b5c] New upstream version 8.5.0 * [94a98bd] control: Fix cross building - Explicitly request :native versions of several Build-Depends * [417c882] control: Bump Standards-Version to 4.6.1 - No changes needed libvirt (8.4.0-1) unstable; urgency=medium * [ef2fd0c] New upstream version 8.4.0 libvirt (8.3.0-1) unstable; urgency=medium * [f9dd871] New upstream version 8.3.0 libvirt (8.2.0-1) unstable; urgency=medium * [4d84203] New upstream version 8.2.0 - Fixes CVE-2022-0897 (Closes: #1009075) * [d1baa54] patches: Drop backports * [333c80a] control: Switch from fuse to fuse3 * [4793ac2] libvirt-dev: Drop dependency on libxen-dev - Thanks to Pino Toscano libvirt (8.1.0-2) unstable; urgency=medium * [ba504f6] systemd: Hardcode output of dh_installsystemd - Stop using dh_installsystemd and hardcode slightly tweaked versions of its output in maintainer scripts instead, as a temporary workaround for #994204 * [4c89356] systemd: Only ever restart libvirtd on upgrade - This avoids guests being stopped or crashing during upgrades libvirt (8.1.0-1) experimental; urgency=medium [ Andrea Bolognani ] * [224b64e] New upstream version 8.1.0 * [06dea7a] patches: Drop backports * [9f3a2e6] patches: Add backport/qemu-segmentation-fault-[...].patch - Fixes a regression introduced in 8.1.0 * [70e6209] control: Drop build dependency on dnsmasq-base - Availability is only checked at runtime [ Martin Pitt ] * [171a675] apparmor: Fix QEMU access for UEFI variable files - QEMU needs to read, write and lock the NVRAM *.fd files with UEFI firmware - Closes: #1006324 - LP: #1962035 [ Maximilian Engelhardt ] * [a06d5e5] control: Drop i386 from Xen arches - Starting with version 4.16, Xen is no longer built on the i386 architecture in Debian - Thanks to Diederik de Haas for helping get this fix merged - Closes: #1006300 -- Christian Ehrhardt