libvirt (11.1.0-2) experimental; urgency=medium

  As part of the big package reorganization that has been
  implemented in libvirt 10.6.0-2, ownership of several conffiles
  had to be transferred between binary packages.

  As an example, /etc/libvirt/qemu.conf is now owned by
  libvirt-daemon-driver-qemu instead of libvirt-daemon-system.

  Depending on the order in which packages are unpacked and
  configured during the upgrade process, which is something that we
  have limited control over, the old package might still list the
  involved files as "obsolete" conffiles owned by it.

  The following packages might be affected by the issue:

    * libvirt-client
    * libvirt-daemon-system
    * libvirt-daemon-system-sysv
    * libvirt-sanlock

  To check whether a specific package is affected:

    $ dpkg-query --showformat='${Conffiles}\n' \
                 --show libvirt-daemon-system | grep obsolete
    /etc/libvirt/qemu.conf 8da3a97d2d4fe0870a810c7433efef31 obsolete

  To address the issue once detected:

    $ sudo apt reinstall libvirt-daemon-system

  Some files might still show up in the list even after reinstalling
  the package: for example, /etc/libvirt/lxc.conf will end up in
  this situation if you didn't have the libvirt-daemon-driver-lxc
  package installed before upgrading. To finish cleaning up,
  manually delete the remaining files from the system and reinstall
  the package once again.

 -- Andrea Bolognani <eof@kiyuko.org>  Sun, 23 Mar 2025 18:10:38 +0100

libvirt (10.10.0-4) unstable; urgency=medium

  nftables support is now available in the network driver.

  The default backend is still iptables for now, since the nftables
  backend is incompatible with popular software such as Docker and
  ufw (see #1090355 for details). Additionally, the nwfilter driver
  only supports iptables at this time.

  Users for whom these caveats are not relevant can switch to the
  nftables backend by editing /etc/libvirt/network.conf; after doing
  so, they'll be able to safely uninstall the iptables package.

 -- Andrea Bolognani <eof@kiyuko.org>  Fri, 27 Dec 2024 15:33:13 +0100

libvirt (10.6.0-2) experimental; urgency=medium

  The package has been reworked significantly.

  All the various drivers and storage backends come in their own
  separate binary packages now, which makes it possible to install
  exactly as many or as few as desired.

  The system-wide configuration for the libvirtd daemon is no longer
  shipped separately from the daemon itself, as was the case until
  today; the libvirt-daemon package now contains everything
  necessary to run libvirtd as a system daemon.

  The libvirt-daemon-system package still exists, but it's now
  simply a convenient way to install the "typical" libvirt
  deployment consisting of all the components needed to run a
  QEMU-based hypervisor, and it is completely safe to uninstall it
  if you would rather have a more tailored deployment or if QEMU
  is not available on your architecture.

 -- Andrea Bolognani <eof@kiyuko.org>  Sat, 24 Aug 2024 11:01:43 +0200

libvirt (9.6.0-1) unstable; urgency=medium

  Local overrides for AppArmor abstractions are now expected to
  be /etc/apparmor.d/abstractions/libvirt-{qemu,lxc}.d/... instead
  of /etc/apparmor.d/local/abstractions/libvirt-{qemu,lxc}.

  The old locations are still accepted for now, but support for
  them will be dropped in a future release.

 -- Andrea Bolognani <eof@kiyuko.org>  Wed, 02 Aug 2023 21:41:19 +0200

libvirt (8.10.0-2) experimental; urgency=medium

  Localization for libvirt has been moved to the libvirt-l10n
  package, which gets installed by default but can later be
  removed if a smaller footprint is desired.

 -- Andrea Bolognani <eof@kiyuko.org>  Thu, 08 Dec 2022 18:48:24 +0100

libvirt (7.6.0-1) unstable; urgency=medium

  netcf support is now disabled in libvirt.

  This results in most virInterface* APIs, as well as the
  corresponding iface-* virsh commands, becoming non-functional,
  and mirrors upstream's decision to deprecate the feature.

 -- Andrea Bolognani <eof@kiyuko.org>  Tue, 17 Aug 2021 20:56:14 +0200

libvirt (7.0.0-3) unstable; urgency=medium

  The $libvirtd_opts variable in /etc/default/libvirtd has been
  renamed to $LIBVIRTD_ARGS to match upstream and other daemons
  that are part of libvirt.

  Other changes have been made to the file as well, so it's
  recommended to pay extra attention if prompted by dpkg about
  it during an upgrade.

 -- Andrea Bolognani <eof@kiyuko.org>  Mon, 15 Feb 2021 00:45:40 +0100

libvirt (6.9.0-4) unstable; urgency=medium

  The configuration for the default network and the default set
  of nwfilters have been moved from the libvirt-daemon-system
  package to the new libvirt-daemon-config-network and
  libvirt-daemon-config-nwfilter packages respectively.

 -- Andrea Bolognani <eof@kiyuko.org>  Thu, 21 Jan 2020 21:54:03 +0100

libvirt (6.9.0-2) experimental; urgency=medium

  The virt-login-shell tool has been moved from the libvirt-clients
  package to the new libvirt-login-shell package: this change makes
  it possible to uninstall this seldomly-used tool if desired.

 -- Andrea Bolognani <eof@kiyuko.org>  Sun, 15 Nov 2020 03:45:44 +0100

libvirt (6.0.0-2) unstable; urgency=medium

  Since sysv init scripts were split into a separate
  package, systems not using systemd as init system need to install
  libvirt-daemon-system-sysv.  This helps to support init system specific
  features on both sysv and systemd based systems.

 -- Guido Günther <agx@sigxcpu.org>  Sat, 14 Mar 2020 12:38:09 +0100

libvirt (5.6.0-3) unstable; urgency=medium

  Just as version 3.7.0-3 separated the storage drivers into individual
  binary packages - for a smaller amount of default dependencies and the
  ability to reduce the active codebase for security concerns - this is
  now done for the connection drivers as well.

  Internal drivers such as interface, network and storage stay part of the
  libvirt-daemon package for now. But lxc, qemu, vbox and xen are in packages
  like libvirt-daemon-driver-<type>.
  By default libvirt-daemon depends on the qemu connection (most common
  use case) and recommends the further formerly integrated connection types.
  This allows users concerned about size or active codebase to remove those
  drivers they do not use.

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 04 Apr 2019 15:07:34 +0200

libvirt (5.0.0-1) unstable; urgency=medium

  Sheepdog support has been removed since sheepdog is unmaintained
  in Debian. See #918947.

 -- Guido Günther <agx@sigxcpu.org>  Sun, 13 Jan 2019 13:20:54 +0100

libvirt (2.5.0-2) unstable; urgency=medium

  libvirt-daemon-system now uses the allocated uid and gid 64055
  for the libvirt-qemu user and group on new installations, when
  the uid/gid is available (otherwise a debconf warning is shown).

  On existing installations, which have different uid/gid values
  assigned, the recommended procedure is to reassign the uid/gid
  (might require considerations for ownership/permission changes).
  No debconf warning is shown in this case; only this NEWS entry.

  This change is in order to prevent I/O errors during migration
  of guests with disk image files shared over NFS, caused by the
  different uid/gid ownership between the source and destination
  host systems, which leads to access/permission errors with NFS.

  If guest migration over NFS is not a requirement in the system,
  there should not be any impact to the guests for not using the
  allocated uid/gid.

 -- Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>  Thu, 18 Nov 2016 13:56:38 -0200

libvirt (1.2.9~rc1-1) experimental; urgency=medium

  libvirtd now uses PolicyKit instead of unix socket domain permissions for r/w
  connections. This has the advantage of requiring less reconfiguration when
  using ACL based access and bringing us closer to upstream's recommendations.
  In order to keep old configurations working we're still allowing all members
  of the libvirt group full access via /etc/polkit-1/rules.d/60-libvirt.rules.

  If you want to continue to use socket permission based access control you can
  still configure it in /etc/libvirt/libvirtd.conf.

 -- Guido Günther <agx@sigxcpu.org>  Sat, 27 Sep 2014 19:22:46 +0200

libvirt (1.1.4-2) unstable; urgency=low

  If you're using cgroups make sure you're using a different mount per cgroup
  controller (cpu, memory, ...) that is mounted to /sys/fs/cgroup/<controller>.
  This can be achieved using mount_cgroups in /etc/default/libvirt-bin or by
  using systemd. Using a single mount point /sys/fs/cgroup for all controllers
  will no longer work and will prevent vms from starting. See

  http://libvirt.org/cgroups.html

  for more information. If you're not using cgroups nothing has to be changed.

 -- Guido Günther <agx@sigxcpu.org>  Sun, 01 Dec 2013 19:33:56 +0100

libvirt (1.0.2-3) experimental; urgency=low

  For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This
  makes sure image files and volumes aren't accessible by users in the more
  general and previously used kvm group. To change this behaviour adjust the
  group option in /etc/libvirt/qemu.conf.

 -- Guido Günther <agx@sigxcpu.org>  Tue, 26 Feb 2013 06:30:48 +0100

libvirt (0.8.3-2) unstable; urgency=low

  Disk format probing is disabled now by default for security reasons
  (CVE-2010-2237). You need to explicitly add a driver type element to your
  disk devices in the domain XML:

      <disk ...>
         <driver name='qemu' type='qcow2'/>
         ...
      </disk>

  Alternatively you can re-enable probing by setting
  allow_disk_format_probing=1 in /etc/libvirt/qemu.conf but this is insecure.

 -- Guido Günther <agx@sigxcpu.org>  Wed, 29 Sep 2010 13:10:02 +0200

libvirt (0.8.1-2) unstable; urgency=low

  If you're using a script such as /etc/qemu-ifup to set up QEMU network
  interfaces, have a look at README.Debian about the new config option
  clear_emulator_capabilities in /etc/libvirt/qemu.conf.
  When using NAT via libvirt's default network you don't have to change
  anything.

 -- Guido Günther <agx@sigxcpu.org>  Mon, 12 Jul 2010 19:58:35 +0200