xen (4.11.3+24-g14b62ab3e5-1ubuntu2.3) focal-security; urgency=medium * SECURITY UPDATE: Fix multiple vulnerabilities - d/p/xsa312-4.11.patch: Place a speculation barrier sequence following an eret instruction - d/p/CVE-2020-11740-and-CVE-2020-11741-1.patch: clear buffer intended to be shared with guests - d/p/CVE-2020-11740-and-CVE-2020-11741-2.patch: limit consumption of shared buffer data - d/p/CVE-2020-11739.patch: Add missing memory barrier in the unlock path of rwlock - d/p/CVE-2020-11743.patch: Fix error path in map_grant_ref() - d/p/CVE-2020-11742.patch: fix GNTTABOP_copy continuation handling - d/p/CVE-2020-0543-1.patch: CPUID/MSR definitions for Special Register Buffer Data Sampling - d/p/CVE-2020-0543-2.patch: Mitigate the Special Register Buffer Data Sampling sidechannel - d/p/CVE-2020-0543-3.patch: Allow the RDRAND/RDSEED features to be hidden - d/p/CVE-2020-15566.patch: Don't ignore error in get_free_port() - d/p/CVE-2020-15563.patch: correct an inverted conditional in dirty VRAM tracking - d/p/CVE-2020-15565-1.patch: improve IOMMU TLB flush - d/p/CVE-2020-15565-2.patch: prune (and rename) cache flush functions - d/p/CVE-2020-15565-3.patch: introduce a cache sync hook - d/p/CVE-2020-15565-4.patch: don't assume addresses are aligned in sync_cache - d/p/CVE-2020-15564.patch: Check the alignment of the offset passed via VCPUOP_register_vcpu_info - d/p/CVE-2020-15567-1.patch: ept_set_middle_entry() related adjustments - d/p/CVE-2020-15567-2.patch: atomically modify entries in ept_next_level - d/p/CVE-2020-25602.patch: Handle the Intel-specific MSR_MISC_ENABLE correctly - d/p/CVE-2020-25604.patch: fix race when migrating timers between vCPUs - d/p/CVE-2020-25595-1.patch: get rid of read_msi_msg - d/p/CVE-2020-25595-2.patch: restrict reading of table/PBA bases from BARs - d/p/CVE-2020-25597.patch: relax port_is_valid() - d/p/CVE-2020-25596.patch: Avoid double exception injection - d/p/CVE-2020-25603.patch: Add missing barriers when accessing/allocating an event channel - d/p/CVE-2020-25600.patch: enforce correct upper limit for 32-bit guests - d/p/CVE-2020-25599-1.patch: evtchn_reset() shouldn't succeed with still-open ports - d/p/CVE-2020-25599-2.patch: convert per-channel lock to be IRQ-safe - d/p/CVE-2020-25599-3.patch: address races with evtchn_reset() - d/p/CVE-2020-25601-1.patch: arrange for preemption in evtchn_destroy() - d/p/CVE-2020-25601-2.patch: arrange for preemption in evtchn_reset() - CVE-2020-11740 - CVE-2020-11741 - CVE-2020-11739 - CVE-2020-11743 - CVE-2020-11742 - CVE-2020-0543 - CVE-2020-15566 - CVE-2020-15563 - CVE-2020-15565 - CVE-2020-15564 - CVE-2020-15567 - CVE-2020-25602 - CVE-2020-25604 - CVE-2020-25595 - CVE-2020-25597 - CVE-2020-25596 - CVE-2020-25603 - CVE-2020-25600 - CVE-2020-25599 - CVE-2020-25601 -- Luís Infante da Câmara Mon, 22 Aug 2022 11:20:03 +0200 xen (4.11.3+24-g14b62ab3e5-1ubuntu2.2) focal; urgency=medium * Fix FTBFS on armhf/arm64 due to missing : - d/p/lp1956166-0006-fix-ftbfs-arm-lzo-unaligned.h.patch -- Mauricio Faria de Oliveira Thu, 07 Jul 2022 13:53:37 -0300 xen (4.11.3+24-g14b62ab3e5-1ubuntu2.1) focal; urgency=medium * Add support for zstd compressed kernels for Dom0/DomU on x86 (LP: #1956166) - d/p/lp1956166-0001-introduce-unaligned.h.patch - d/p/lp1956166-0002-lib-introduce-xxhash.patch - d/p/lp1956166-0003-x86-Dom0-support-zstd-compressed-kernels.patch - d/p/lp1956166-0004-libxenguest-add-get_unaligned_le32.patch - d/p/lp1956166-0005-libxenguest-support-zstd-compressed-kernels.patch - d/control: add libzstd-dev as build-dep -- Mauricio Faria de Oliveira Mon, 04 Jul 2022 16:02:20 -0300 xen (4.11.3+24-g14b62ab3e5-1ubuntu2) focal; urgency=medium * Update: Building hypervisor with cf-protection enabled * Set python2 for xen-init-name and xen-init-list scripts -- Stefan Bader Mon, 09 Mar 2020 16:17:56 +0100 xen (4.11.3+24-g14b62ab3e5-1ubuntu1) focal; urgency=medium * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages -- Stefan Bader Thu, 06 Feb 2020 15:45:33 +0100 xen (4.11.3+24-g14b62ab3e5-1) unstable; urgency=high * Update to new upstream version 4.11.3+24-g14b62ab3e5, which also contains the following security fixes: (Closes: #947944) - Unlimited Arm Atomics Operations XSA-295 CVE-2019-17349 CVE-2019-17350 - VCPUOP_initialise DoS XSA-296 CVE-2019-18420 - missing descriptor table limit checking in x86 PV emulation XSA-298 CVE-2019-18425 - Issues with restartable PV type change operations XSA-299 CVE-2019-18421 - add-to-physmap can be abused to DoS Arm hosts XSA-301 CVE-2019-18423 - passed through PCI devices may corrupt host memory after deassignment XSA-302 CVE-2019-18424 - ARM: Interrupts are unconditionally unmasked in exception handlers XSA-303 CVE-2019-18422 - x86: Machine Check Error on Page Size Change DoS XSA-304 CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305 CVE-2019-11135 - Device quarantine for alternate pci assignment methods XSA-306 CVE-2019-19579 - find_next_bit() issues XSA-307 CVE-2019-19581 CVE-2019-19582 - VMX: VMentry failure with debug exceptions and blocked states XSA-308 CVE-2019-19583 - Linear pagetable use / entry miscounts XSA-309 CVE-2019-19578 - Further issues with restartable PV type change operations XSA-310 CVE-2019-19580 - Bugs in dynamic height handling for AMD IOMMU pagetables XSA-311 CVE-2019-19577 * Add missing CVE numbers to previous changelog entries -- Hans van Kranenburg Wed, 08 Jan 2020 12:41:42 +0100 xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high * Mention MDS and the need for updated microcode and disabling hyper-threading in NEWS. * Mention the ucode=scan option in the grub.d/xen documentation. -- Hans van Kranenburg Sat, 22 Jun 2019 11:15:08 +0200 xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high * Update to new upstream version 4.11.1+92-g6c33308a8d, which also contains the following security fixes: - Fix: grant table transfer issues on large hosts XSA-284 CVE-2019-17340 (Closes: #929991) - Fix: race with pass-through device hotplug XSA-285 CVE-2019-17341 (Closes: #929998) - Fix: x86: steal_page violates page_struct access discipline XSA-287 CVE-2019-17342 (Closes: #930001) - Fix: x86: Inconsistent PV IOMMU discipline XSA-288 CVE-2019-17343 (Closes: #929994) - Fix: missing preemption in x86 PV page table unvalidation XSA-290 CVE-2019-17344 (Closes: #929996) - Fix: x86/PV: page type reference counting issue with failed IOMMU update XSA-291 CVE-2019-17345 (Closes: #929995) - Fix: x86: insufficient TLB flushing when using PCID XSA-292 CVE-2019-17346 (Closes: #929993) - Fix: x86: PV kernel context switch corruption XSA-293 CVE-2019-17347 (Closes: #929999) - Fix: x86 shadow: Insufficient TLB flushing when using PCID XSA-294 CVE-2019-17348 (Closes: #929992) - Fix: Microarchitectural Data Sampling speculative side channel XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 (Closes: #929129) * Note that the fixes for XSA-297 will only have effect when also loading updated cpu microcode with MD_CLEAR functionality. When using the intel-microcode package to include microcode in the dom0 initrd, it has to be loaded by Xen. Please refer to the hypervisor command line documentation about the 'ucode=scan' option. * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the next upload. -- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200 xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium Minor useability improvements and fixes: * bash-completion: also complete 'xen' [Hans van Kranenburg] * /etc/default/xen: Handle with ucf again, like in stretch. Closes:#923401. [Ian Jackson] Build fix: * Fix FTBFS when building only arch-indep binaries (eg dpkg-buildpackage -A). Was due to dh-exec bug wrt not-installed. Closes:#923013. [Hans van Kranenburg; report from Santiago Vila] Documentation fix: * grub.d/xen.cfg: dom0_mem max IS needed [Hans van Kranenburg] -- Ian Jackson Thu, 28 Feb 2019 16:37:04 +0000 xen (4.11.1+26-g87f51bf366-2) unstable; urgency=medium * Packaging change: override spurious lintian warning about fsimage.so rpath. -- Ian Jackson Fri, 22 Feb 2019 16:07:37 +0000 xen (4.11.1+26-g87f51bf366-1) unstable; urgency=medium Significant changes: * Update to new upstream version 4.11.1+26-g87f51bf366. (This is from the upstream stable branch.) [Ian Jackson] * Build and use oxenstored rather than the C xenstored by default. [Ian Jackson and Hans van Kranenburg] * xen init script: rewrite and reorganise xenstored start logic. [Hans van Kranenburg] Documentation etc. improvements: * Refresh hypervisor and dom0 command line options documentation. (Closes: #919758) [Hans van Kranenburg; report from Gergely] * Ship /etc/default/xen, a striped and tidied version of upstream sysconfig.xencommons.in. [Hans van Kranenburg] Significant bugfixes: * xen init script: Do nothing if running for wrong Xen package. Avoids mystery loss of xenconsoled. Closes:#851654. [Ian Jackson; report from Wolodja Wentland] * Make pygrub work again (by fixing python module and shared library paths). Closes:#912381. [Ian Jackson; earlier, Bastian Blank; report from Dimitar Angelov, also Torben Schou Jensen] Packaging bugfixes: * Have xen-utils-common suggest xen-doc, because it contains a broken symlink to it. Closes:#911046. [Hans van Kranenburg; report from Andreas Beckmann] * Have xenstore-utils declare Breaks on xen-utils-common to make piuparts happy. Closes:#911045. [Hans van Kranenburg, report from Andreas Beckmann] * hotplug-common: Strip arch-specific libdir from config file Closes:#862236. [Ian Jackson; report from Stefan Bühler] * xendomains init script; Add dependency on $network. Closes:#798510. [Francois Lesueur] * xendomains init script; Add should-dependency on nfs-kernel-server Closes:#826871. [Geoffrey McRae] Packaging minor fixes and improvements [Hans van Kranenburg]: * debian/libxenstore3.0.symbols: revert ea2334dfe0 * debian/control: add dh-python build-dep * d/xen-utils-V...: override xen-shim-syms lintian * debian/control: bump debhelper builddep to 10 * debian/.gitignore: ignore more debhelper snippets * bash-completion: install completion rules for xl * xen init script: don't fail when being run in domU * Remove xend cruft from various init scripts etc. Packaging minor fixes and improvements [Ian Jackson]: * xen version/upgrade handling: Improve an error message * xen init script: silently exit status 0 if not running under xen * xen init script: Tidy up wrong/missing Xen version error handling * debian/rules: Fix tiny typos * hotplug-common: Do not adjust LD_LIBRARY_PATH -- Ian Jackson Fri, 22 Feb 2019 15:11:45 +0000 xen (4.11.1-1) unstable; urgency=medium * debian/control: Add Homepage, Vcs-Browser and Vcs-Git. (Closes: #911457) * grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086) * debian/rules: Don't exclude the actual pygrub script. * Update to new upstream version 4.11.1, which also contains: - Fix: insufficient TLB flushing / improper large page mappings with AMD IOMMUs XSA-275 CVE-2018-19961 CVE-2018-19962 - Fix: resource accounting issues in x86 IOREQ server handling XSA-276 CVE-2018-19963 - Fix: x86: incorrect error handling for guest p2m page removals XSA-277 CVE-2018-19964 - Fix: x86: Nested VT-x usable even when disabled XSA-278 CVE-2018-18883 - Fix: x86: DoS from attempting to use INVPCID with a non-canonical addresses XSA-279 CVE-2018-19965 - Fix for XSA-240 conflicts with shadow paging XSA-280 CVE-2018-19966 - Fix: guest use of HLE constructs may lock up host XSA-282 CVE-2018-19967 * Update version handling patching to put the team mailing list address in the first hypervisor log line and fix broken other substitutions. * Disable handle_iptable hook in vif-common script. See #894013 for more information. -- Hans van Kranenburg Wed, 02 Jan 2019 20:59:40 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium * debian/rules: Cope if xen-utils-common not being built (Fixes binary-indep FTBFS.) -- Ian Jackson Mon, 15 Oct 2018 18:07:11 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-4) unstable; urgency=medium * Many packaging fixes to fix FTBFS on all arches other than amd64. * xen-vbd-interface(7): Provide properly-formatted NAME section * Add pandoc and markdown to Build-Depends - fixes missing docs. * Revert "tools-xenstore-compatibility.diff" apropos of discussion https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg00838.html -- Ian Jackson Mon, 15 Oct 2018 12:15:36 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-3) unstable; urgency=medium * hypervisor package postinst: Actually install (avoids need to run update-grub by hand). * debian/control: Adding Section to source stanza * debian/control: Add missing Replaces on old xen-utils-common * debian/rules: Add a -n to a gzip rune to improve reproducibility -- Ian Jackson Fri, 12 Oct 2018 16:55:48 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-2) unstable; urgency=medium * Redo as an upload with binaries, because source-only uploads to NEW are not allowed. -- Ian Jackson Fri, 05 Oct 2018 19:38:52 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1) unstable; urgency=medium * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg; merging in 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1. -- Ian Jackson Fri, 05 Oct 2018 18:39:58 +0100 xen (4.11.1~pre+1.733450b39b-1) unstable; urgency=medium * Completely overhauled the packaging. In the source package, things are very much simpler now with only a few hundred loc of templating and scriptery. In the binary packages the resulting changes are: - We now provide -dbgsym packages in the standard way - Shared libraries with unstable ABI upstream (ie, whose ABI changes with the Xen version) are now in libxen-misc rather than libxen and have more conventional-looking filenames. - Shared libraries with a stable ABI upstream are now each in their own package, named after the soname (ABI version), as is conventional. The sonames and minor versions of these are no longer mangled. - xs.h, replaced upstream by xenstore.h, is now in /usr/include/xenstore-compat (as shipped upstream), with symlinks left behind. - fsimage*.h is no longer shipped (it's namespace-grabbish). - libxenvchan.h is in /usr/include as it is in upstream, not buried in /usr/include/xen/io - /etc/xen/cpupool, a not very interesting example config file, has been moved into /usr/share/doc/. - There is a new xen-doc package, in which the upstream HTML documentation, and various other bits, is now provided. This replaces the text format documentation previously provided in xen-utils-common (but the manpages are still there). - Utilities which use on libraries with stable ABIs upstream are no longer subjected to the Xen version wrapper. - Several utilities are now provided in /usr/bin which were previously only available buried in /usr/lib/xen-: xen-detect xenalyze xencons xencov_split xen-cpuid (version-wrapped, where necessary). - Likewise very many utilities and daemons in /usr/sbin: gdbsx xen-bugtool xen-ringwatch xen-tmem-list-parse xenmon xenpmd flask-* xen-kdd xen-diag xen-hptool xen-hvmcrash xen-hvmctx xen-livepatch xen-lowmemd xen-mfndump xenbaked xenconsoled xencov xenlockprof xenstored xenwatchdogd - xend and xm are long gone, so remove the support for the TOOLSTACK setting in /etc/default/xen. /usr/sbin/xen just runs xl now. Remove mentions of xend-config.sxp and all *.sxp files. Drop the xend init script. - There is no longer any Built-Using. This is no longer true for seabios, which is depended on and used at runtime, rather than being embedded into hvmloader. (The source package also previously tried to mention ipxe-qemu in Built-Using but that's (i) dependent upstream on CONFIG_ROMBIOS which we disable, and not a build-dependency either.) - The hvmloader and xen-shim binaries no longer have their .note and .comment section(s) stripped. .note is needed for xen-shim to work properly and to find the corresponding debug files. And .comment is tiny and harmless AFAICT. - Hypervisor debug map files are installed in /usr/lib/debug. - The xl bash_completion file from upstream is installed. - libxenvchan.h is installed. - We install xen-*.efi in /boot. - Sections of some packages have been rationalised. - We install a doc-base control file. -- Ian Jackson Wed, 03 Oct 2018 18:45:02 +0100 xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1) experimental; urgency=medium * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg. * Remove stubdom/grub.patches/00cvs from the upstream source because it's not DFSG compliant. (license-problem-gfdl-invariants) * Override statically-linked-binary lintian error about usr/lib/xen-4.11/boot/xen-shim -- Hans van Kranenburg Tue, 11 Sep 2018 15:34:34 +0200 xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium [ Hans van Kranenburg ] * Update to 4.11.1-pre commit 733450b39b, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages XSA-248 CVE-2017-17566 - Fix broken x86 shadow mode refcount overflow check XSA-249 CVE-2017-17563 - Fix improper x86 shadow mode refcount error handling XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 - Fix: DoS via non-preemptable L3/L4 pagetable freeing XSA-252 CVE-2018-7540 - Fix x86: memory leak with MSR emulation XSA-253 CVE-2018-5244 - Multiple parts of fixes for... Information leak via side effects of speculative execution XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - Branch predictor hardening for ARM CPUs - Support compiling with indirect branch thunks (e.g. retpoline) - Report details of speculative mitigations in boot logging - Fix: grant table v2 -> v1 transition may crash Xen XSA-255 CVE-2018-7541 - Fix: x86 PVH guest without LAPIC may DoS the host XSA-256 CVE-2018-7542 - The "Comet" shim, which can be used as a mitigation for Meltdown to shield the hypervisor against 64-bit PV guests. - Fix: Information leak via crafted user-supplied CDROM XSA-258 CVE-2018-10472 - Fix: x86: PV guest may crash Xen with XPTI XSA-259 CVE-2018-10471 - Fix: x86: mishandling of debug exceptions XSA-260 CVE-2018-8897 - Fix: x86 vHPET interrupt injection errors XSA-261 CVE-2018-10982 - Fix: qemu may drive Xen into unbounded loop XSA-262 CVE-2018-10981 - Fix: Speculative Store Bypass XSA-263 CVE-2018-3639 - Fix: preemption checks bypassed in x86 PV MM handling XSA-264 CVE-2018-12891 - Fix: x86: #DB exception safety check can be triggered by a guest XSA-265 CVE-2018-12893 - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266 CVE-2018-12892 - Fix: Speculative register leakage from lazy FPU context switching XSA-267 CVE-2018-3665 - Fix: Use of v2 grant tables may cause crash on ARM XSA-268 CVE-2018-15469 - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS XSA-269 CVE-2018-15468 - Fix: oxenstored does not apply quota-maxentity XSA-272 CVE-2018-15470 - Fix: L1 Terminal Fault speculative side channel XSA-273 CVE-2018-3620 * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: - Add a call to build common tool headers. - Add a call to install common tool headers. - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff: - Add additional modifications for new libxendevicemodel. - debian/patches/tools-fake-xs-restrict.patch: - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command * Rebase patches against 4.10 upstream source. * Rebase patches against 4.11 upstream source. * Add README.source.md to document how the packaging works. * This package builds correctly with gcc 7. (Closes: #853710) * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545) * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751) * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error [ Mark Pryor ] * Fix shared library build dependencies for the new xentoolcore library. [ John Keates ] * Enable OVMF (Closes: #858962) -- Hans van Kranenburg Sun, 08 Jul 2018 14:30:32 +0200 xen (4.9.2-0ubuntu7) focal; urgency=medium * No-change rebuild with fixed binutils on arm64. -- Matthias Klose Sat, 08 Feb 2020 11:21:18 +0000 xen (4.9.2-0ubuntu6) focal; urgency=medium * Build-depend on python2-dev. * Depend on python2. * Build using python2. * Build-depend on lmodern. -- Matthias Klose Mon, 13 Jan 2020 14:51:35 +0100 xen (4.9.2-0ubuntu5) disco; urgency=medium * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch -- Stefan Bader Wed, 11 Dec 2019 17:23:34 +0100 xen (4.9.2-0ubuntu2) cosmic; urgency=medium * No-change rebuild for ncurses soname changes. -- Matthias Klose Thu, 03 May 2018 14:20:24 +0000 xen (4.9.2-0ubuntu1) bionic; urgency=medium * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream) -- Stefan Bader Thu, 12 Apr 2018 11:54:57 +0200 xen (4.9.0-0ubuntu4) bionic; urgency=medium * Compile and ship vhd-util. * Add dh-python to build-depends. -- Dimitri John Ledkov Fri, 06 Apr 2018 17:35:43 +0100 xen (4.9.0-0ubuntu3) artful; urgency=medium * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers -- Stefan Bader Tue, 10 Oct 2017 11:24:52 +0200 xen (4.9.0-0ubuntu2) artful; urgency=medium * Add libxendevicemodel references to d/libxen-dev.install -- Stefan Bader Fri, 18 Aug 2017 17:22:20 +0200 xen (4.9.0-0ubuntu1) artful; urgency=medium * Update to upstream 4.9.0 release. Changes include numerous bugfixes, including security fixes for: XSA-213 / CVE-2017-8903 XSA-214 / CVE-2017-8904 XSA-217 / CVE-2017-10912 XSA-218 / CVE-2017-10913, CVE-2017-10914 XSA-219 / CVE-2017-10915 XSA-220 / CVE-2017-10916 XSA-221 / CVE-2017-10917 XSA-222 / CVE-2017-10918 XSA-223 / CVE-2017-10919 XSA-224 / CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 XSA-225 / CVE-2017-10923 * Additional CVE's: - XSA-226 / CVE-2017-12135 - XSA-227 / CVE-2017-12137 - XSA-228 / CVE-2017-12136 - XSA-230 / CVE-2017-12855 * Additional fixes: - debian/rules.real: - Add a call to build common tool headers - Add a call to install common tool headers - Add checking of return values of asprintf calls. - d/p/ubuntu/tools-xs-test-hardening.patch - Add additional modifications for new libxendevicemodel - d/p/ubuntu/tools-libs-abiname.diff - Fix a segmentation fault when mmio_hole is set in hvm.cfg (from 4.9.y) - d/p/upstream-4.9.1-tools-libxl-Fix-a-segment-fault-when-mmio_hole... - Enable Local MCE feature - d/p/.../0001-x86-mce-make-mce-barriers-private-to-their-users.patch - d/p/.../0002-x86-mce-make-found_error-and-mce_fatal_cpus-private-.patch - d/p/.../0003-x86-mce-fix-comment-of-struct-mc_telem_cpu_ctl.patch - d/p/.../0004-x86-mce-allow-mce_barrier_-enter-exit-to-return-with.patch - d/p/.../0005-x86-mce-handle-host-LMCE.patch - d/p/.../0006-x86-mce_intel-detect-and-enable-LMCE-on-Intel-host.patch - d/p/.../0007-x86-domctl-generalize-the-restore-of-vMCE-parameters.patch - d/p/.../0008-x86-vmce-emulate-MSR_IA32_MCG_EXT_CTL.patch - d/p/.../0009-x86-vmce-enable-injecting-LMCE-to-guest-on-Intel-hos.patch - d/p/.../0010-x86-vmx-expose-LMCE-feature-via-guest-MSR_IA32_FEATU.patch - d/p/.../0011-x86-vmce-tools-libxl-expose-LMCE-capability-in-guest.patch - d/p/.../0012-x86-mce-add-support-of-vLMCE-injection-to-XEN_MC_inj.patch - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - d/p/ubuntu/tools-fake-xs-restrict.patch - debian/libxenstore3.0.symbols: - Added xs_control_command - xen-4.9.0/debian/xen-hypervisor-4.9.xen.cfg: - Modified GRUB_DEFAULT setting to be dynamic (like update-grub does) which should handle non English environments (LP: #1321144) -- Stefan Bader Thu, 17 Aug 2017 11:37:11 +0200 xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high * Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2 plus a number of bugfixes and security fixes. Result is that we now include security fixes for: XSA-231 CVE-2017-14316 XSA-232 CVE-2017-14318 XSA-233 CVE-2017-14317 XSA-234 CVE-2017-14319 (235 already included in 4.8.1-1+deb9u3) XSA-236 CVE-2017-15597 XSA-237 CVE-2017-15590 XSA-238 CVE-2017-15591 XSA-239 CVE-2017-15589 XSA-240 CVE-2017-15595 XSA-241 CVE-2017-15588 XSA-242 CVE-2017-15593 XSA-243 CVE-2017-15592 XSA-244 CVE-2017-15594 XSA-245 CVE-2017-17046 and a number of upstream functionality fixes, which are not easily disentangled from the security fixes. * Apply two more security fixes: XSA-246 CVE-2017-17044 XSA-247 CVE-2017-17045 -- Ian Jackson Sat, 25 Nov 2017 11:26:37 +0000 xen (4.8.1-1+deb9u3) stretch-security; urgency=high * Security fixes for XSA-226 CVE-2017-12135 XSA-227 CVE-2017-12137 XSA-228 CVE-2017-12136 XSA-230 CVE-2017-12855 XSA-235 CVE-2017-15596 * Adjust changelog entry for 4.8.1-1+deb9u2 to record that XSA-225 fix was indeed included. * Security fix for XSA-229 not included as that bug is in Linux, not Xen. * Security fixes for XSA-231..234 inc. not inclued as still embargoed. -- Ian Jackson Thu, 07 Sep 2017 19:17:58 +0100 xen (4.8.1-1+deb9u2) stretch-security; urgency=high * Security fixes for XSA-216 XSA-217 XSA-218 XSA-219 XSA-220 XSA-221 XSA-222 XSA-223 XSA-224 XSA-225 -- Ian Jackson Tue, 20 Jun 2017 14:06:34 +0100 xen (4.8.1-1+deb9u1) unstable; urgency=medium * Security fixes for XSA-213 (Closes:#861659) and XSA-214 (Closes:#861660). (Xen 4.7 and later is not affected by XSA-215.) -- Ian Jackson Tue, 02 May 2017 12:19:57 +0100 xen (4.8.1-1) unstable; urgency=high * Update to upstream 4.8.1 release. Changes include numerous bugfixes, including security fixes for: XSA-212 / CVE-2017-7228 Closes:#859560 XSA-207 / no cve yet Closes:#856229 XSA-206 / no cve yet no Debian bug -- Ian Jackson Tue, 18 Apr 2017 18:05:00 +0100 xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre). Contains bugfixes. * debian/control-real etc.: debian.py: Allow version numbers like this. -- Ian Jackson Mon, 23 Jan 2017 16:03:31 +0000 xen (4.8.0-1ubuntu2) zesty; urgency=medium * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760) -- Stefan Bader Tue, 14 Mar 2017 09:27:04 +0100 xen (4.8.0-1ubuntu1) zesty; urgency=medium * Merge from Debian unstable. Remaining changes: - Add transitional package definitions to debian/control and debian/rules.gen (force hypervisor upgrade). - Split xen.init into xenstored.init and xen.init * xen.init depends in xenstored.init and optionally schedules itself before libvirtd. * xenstored.init additionally modprobes xen-acpi-processor - Remove update-alternatives call from xen utils (postinst/prerm) scripts. - Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670). -- Stefan Bader Thu, 26 Jan 2017 12:40:13 +0100 xen (4.8.0-1) unstable; urgency=high * Update to upstream Xen 4.8.0. Includes the following security fixes: XSA-201 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 XSA-198 CVE-2016-9379 CVE-2016-9380 XSA-196 CVE-2016-9378 CVE-2016-9377 Closes:#845669 XSA-195 CVE-2016-9383 XSA-194 CVE-2016-9384 Closes:#845667 XSA-193 CVE-2016-9385 XSA-192 CVE-2016-9382 XSA-191 CVE-2016-9386 Includes other bugfixes too: Closes:#812166, Closes:#818525. Cherry picks from upstream: * Security fixes: XSA-204 CVE-2016-10013 Closes:#848713 XSA-203 CVE-2016-10025 XSA-202 CVE-2016-10024 For completeness, the following XSAs do not apply here: XSA-197 CVE-2016-9381 Bug is in qemu XSA-199 CVE-2016-9637 Bug is in qemu XSA-200 CVE-2016-9932 Xen 4.8 is not affected * Cherry pick a build failure fix: "x86/emul: add likely()/unlikely() to test harness" [ Ian Jackson ] * Drop -lcrypto search from upstream configure, and from our Build-Depends. Closes:#844419. * Change my own email address to my work (Citrix) address. When uploading, I will swap hats to effectively sponsor my own upload. [ Ian Campbell ] * Start a qemu process in dom0 to service the toolstacks loopback disk attaches. (Closes: #770456) * Remove correct pidfile when stopping xenconsoled. * Check that xenstored has actually started before talking to it. Incorporate a timeout so as not to block boot (Mitigates #737613) * Correct syntax error in xen-init-list when running with xend (Closes: #763102) * Apply SELinux labels to directories created by initscripts. Patch from Russell Coker. (Closes: #764912) * Include a reportbug control file to redirect bugs to src:xen for packages which contain the Xen version in the name. Closes:#796370. [ Lubomir Host ] * Fix xen-init-name to not fail looking for a nonexistent 'config' entry in xl's JSON output. Closes:#818129. -- Ian Jackson Thu, 22 Dec 2016 14:51:46 +0000 xen (4.8.0~rc5-1) unstable; urgency=medium * New upstream version, Xen 4.8.0 RC5. -- Ian Jackson Fri, 11 Nov 2016 15:26:58 +0000 xen (4.8.0~rc3-1) unstable; urgency=medium * Upload 4.8.0~rc3 to unstable. (RC5 is out upstream, but let's not update to that in the middle of the Xen 4.6 -> 4.8 transition.) * No source changes. -- Ian Jackson Sat, 05 Nov 2016 15:08:47 +0000 xen (4.8.0~rc3-0exp2) experimental; urgency=medium * Build-Depend on iasl on all architectures. ARM has ACPI now. Fixes FTBFS on arm64 (at least). * Add qemu-utils and seabios to Suggests. * Pass -no-pie -fno-pic to x86 emulator test build. (Patch also submitted upstream.) Fixes FTBFS on i386 with GCC6. * Add myself to Uploaders. -- Ian Jackson Tue, 01 Nov 2016 18:00:25 +0000 xen (4.8.0~rc3-0exp1) experimental; urgency=high * New upstream version, Xen 4.8.0 RC3. Fixes many outstanding CVEs. * Incorporated many changes from 4.8.0-0ubuntu2 - libxen-dev is M-A: same - Work around grep bug http://bugs.launchpad.net/bugs/1547466 - debian/xen-hypervisor-4.6.xen.cfg: Additional config file to simplify grub configuration. - Use new library/abiname scheme. - Document what xl and xm are in default.xen - Add libvirtd dependency to xendomains init script (Thanks to Stefan Bader and others.) -- Ian Jackson Mon, 24 Oct 2016 17:31:27 +0100 xen (4.7.0-0ubuntu2) yakkety; urgency=low * Applying Xen Security Advisories: - CVE-2016-6258 / XSA-182 * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath - CVE-2016-6259 / XSA-183 * x86/entry: Avoid SMAP violation in compat_create_bounce_frame() - CVE-2016-7092 / XSA-185 * x86/32on64: don't allow recursive page tables from L3 - CVE-2016-7093 / XSA-186 * x86/emulate: Correct boundary interactions of emulated instructions * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary - CVE-2016-7094 / XSA-187 * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] - CVE-2016-7777 / XSA-190 * x86emul: honor guest CR0.TS and CR0.EM -- Stefan Bader Thu, 06 Oct 2016 15:24:46 +0200 xen (4.7.0-0ubuntu1) yakkety; urgency=low * Rebasing to upstream Xen release 4.7 (LP: #1621618) - Renamed all *-4.6* files into *-4.7*. Also moved references within various files from 4.6 to 4.7. - Follow previous abiname patches to create individual run-time libs for the versioned libxen package for libxencall, libxenevtchn, libxenforeignmemory, libxengnttab, and libxentoollog. - Modified debian/libxen-dev.install to pick up the additional headers and drop one which is no longer present. And also add the new libs. - Refreshed Debian patchesS - Dropped transitional packages <4.6, added a set for 4.6. - Dropped tools-allow-configure-time-choice-of-libexec-subdire.patch (upstream) - Dropped ubuntu-config-prefix-fix.patch (unnecessary) - Dropped all security patches since those were all included in the new upstream release. - Added fix for FTBS on Arm due to unused static variables and hardening flags turned on. - Switched dependencies of sysvinit scripts from libvirt-bin to libvirtd. - Added modprobe for xen-acpi-processor (no auto-load alias) to xenstrore init script. Otherwise there is no frequency scaling if the driver is compiled as a module. - Added proposed upstream fix for regression to save PV guests with more than 1G of memory. -- Stefan Bader Wed, 31 Aug 2016 16:12:26 +0200 xen (4.6.0-1+nmu2) unstable; urgency=medium * Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of 4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be installed. -- Ian Campbell Tue, 09 Feb 2016 16:41:16 +0000 xen (4.6.0-1+nmu1) unstable; urgency=medium * Non-maintainer upload. * Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR) which are no longer used by the upstream build system. * Use correct/consistent LIBEXEC dirs throughout build (Closes: #805508). -- Ian Campbell Tue, 19 Jan 2016 14:43:54 +0000 xen (4.6.0-1ubuntu5) yakkety; urgency=low * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated -- Stefan Bader Tue, 07 Jun 2016 16:30:19 +0200 xen (4.6.0-1ubuntu4) xenial; urgency=low * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug. -- Stefan Bader Fri, 19 Feb 2016 12:08:31 +0100 xen (4.6.0-1ubuntu3) xenial; urgency=low * Fix unmount error message on shutdown and init script ordering issues: - d/xen-utils-common.xenstored.init: Introduce new init script which only starts xenstored (but also shuts it down on stop). Prevent this one to be run on upgrade. - d/xen-utils-common.xen.init: * Add X-Start-Before/X-Stop-After dependencies on libvirt-bin * Remove xenstored related code * d/scripts/xen-init-list: Revert back to unmodified version from Debian. With the ordering fixed, libvirt guests should be handled by its own script before xendomains is run. * d/control, d/libxen-dev.install and d/rules.real: Add xenlight.pc and xlutil.pc to be packaged as part of libxen-dev in multi-arch suitable location. Also declare libxen-dev as multi-arch same. * Additional Security Patches: - CVE-2016-2270 / XSA-154 * x86: enforce consistent cachability of MMIO mappings - CVE-2016-1570 / XSA-167 * x86/mm: PV superpage handling lacks sanity checks - CVE-2016-1571 / XSA-168 * x86/VMX: prevent INVVPID failure due to non-canonical guest address - CVE-2015-8615 / XSA-169 * x86: make debug output consistent in hvm_set_callback_via - CVE-2016-2271 / XSA-170 * x86/VMX: sanitize rIP before re-entering guest -- Stefan Bader Thu, 18 Feb 2016 18:20:38 +0100 xen (4.6.0-1ubuntu2) xenial; urgency=low * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once -- Stefan Bader Wed, 16 Dec 2015 12:06:10 +0100 xen (4.6.0-1ubuntu1) xenial; urgency=low * Merge of Xen-4.6 from Debian. Remaining changes: - debian/control, debian/rules.gen: Generate transitional xen-hypervisor packages. - debian/rules.real: Install the grub.d config file. - debian/scripts/xen-init-list: Ignore libxl guests not created by the xl toolstack (e.g. libvirt). - debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen: Minor readability improvements (maybe get rid of those) - debian/xen-hypervisor-4.6.xen.cfg: Additional config file to simplify grub configuration. - debian/xen-utils-4.6.postinst, debian/xen-utils-4.6.prerm: Remove update-alternatives call. - debian/xen-utils-common.xen.init: Fix consoled_stop_real and additional code to start and attach a qemu instance to dom0 (needed for pygrub booting QCOW2 PVM guests). Note: Also contains a work-around for a kernel bug which should be dropped in the next release. - debian/patches/ubuntu-config-prefix-fix.patch: Modifies configure and tools/configure to use the correct (versioned) libexec path. - Additional security fixes: * XSA-156 / CVE-2015-5307 x86/HVM: always intercept #AC and #DB -- Stefan Bader Wed, 02 Dec 2015 18:57:48 +0100 xen (4.6.0-1) unstable; urgency=medium * New upstream release. * CVE-2015-7812 * CVE-2015-7813 * CVE-2015-7814 * CVE-2015-7835 * CVE-2015-7969 * CVE-2015-7970 * CVE-2015-7971 * CVE-2015-7972 -- Bastian Blank Sun, 01 Nov 2015 21:49:07 +0100 xen (4.5.1-0ubuntu2) xenial; urgency=low * Applying Xen Security Advisories: - CVE-2015-7311 / XSA-142 * libxl: handle read-only drives with qemu-xen - CVE-2015-7812 / XSA-145 * xen/arm: Support hypercall_create_continuation for multicall - CVE-2015-7813 / XSA-146 * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. - CVE-2015-7814 / XSA-147 * xen: arm: handle races between relinquish_memory and free_domheap_pages - CVE-2015-7835 / XSA-148 * x86: guard against undue super page PTE creation - CVE-2015-7969 / XSA-149 * xen: free domain's vcpu array - CVE-2015-7970 / XSA-150 * x86/PoD: Eager sweep for zeroed pages - CVE-2015-7969 / XSA-151 * xenoprof: free domain's vcpu array - CVE-2015-7971 / XSA-152 * x86: rate-limit logging in do_xen{oprof,pmu}_op() - CVE-2015-7972 / XSA-153 * libxl: adjust PoD target by memory fudge, too - CVE-2015-5307 / XSA-156 * x86/HVM: always intercept #AC and #DB -- Stefan Bader Tue, 03 Nov 2015 08:39:07 -0600 xen (4.5.1-0ubuntu1) wily; urgency=low * New upstream stable release (4.5.1) - Replacing the following security changes by upstream versions: * CVE-2014-3969 / XSA-98 (update), CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118, CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121, CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123, CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127 - Included security changes which where not yet applied: * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136 * Applying additional Xen Security Advisories: - CVE-2015-3259 / XSA-137 * xl: Sane handling of extra config file arguments - CVE-2015-6654 / XSA-141 * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn -- Stefan Bader Wed, 02 Sep 2015 16:37:39 +0200 xen (4.5.1~rc1-1) experimental; urgency=medium [ Ian Campbell ] * Use xen-init-dom0 from initscript when it is available. * Install some user facing docs in xen-utils-common. (Closes: #688308) [ Bastian Blank ] * New upstream release candidate. -- Bastian Blank Sun, 31 May 2015 21:59:56 +0200 xen (4.5.0-1ubuntu4) vivid; urgency=low * Applying Xen Security Advisories: * CVE-2014-3969 / XSA-98 (update) - xen: arm: correct arm64 version of gva_to_ma_par * CVE-2015-2752 / XSA-125 - Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64 GFNs (or less) * CVE-2015-2751 / XSA-127 - domctl: don't allow a toolstack domain to call domain_pause() on itself -- Stefan Bader Wed, 08 Apr 2015 10:10:27 +0200 xen (4.5.0-1ubuntu3) vivid; urgency=low * Applying Xen Security Advisories: - CVE-2015-0268 / XSA-117 * xen/arm: vgic-v2: Don't crash the hypervisor if the SGI target mode is invalid - CVE-2015-1563 / XSA-118 * xen/arm: vgic: message in the emulation code should be rate-limited - CVE-2015-2152 / XSA-119 * tools: libxl: Explicitly disable graphics backends on qemu cmdline - CVE-2015-2044 / XSA-121 * x86/HVM: return all ones on wrong-sized reads of system device I/O ports - CVE-2015-2045 / XSA-122 * pre-fill structures for certain HYPERVISOR_xen_version sub-ops - CVE-2015-2151 / XSA-123 * x86emul: fully ignore segment override for register-only operations -- Stefan Bader Wed, 04 Mar 2015 12:34:49 +0100 xen (4.5.0-1ubuntu2) vivid; urgency=low * Really add a transitional package for xen-hypervisor-4.4-amd64 for i386. -- Stefan Bader Fri, 27 Feb 2015 15:47:49 +0100 xen (4.5.0-1ubuntu1) vivid; urgency=low * Merge lastest upstream release from Debian experimental. Remaining changes: - d/rules.real: * Remove reference to OCAMLDESTDIR [minor cleanup] * Install xen.cfg into /etc/default/grub.d * Declare transitional packages for hypervisor. - d/rules.gen: * Add rules for transitional hypervisor packages. - d/scripts/xen-init-list: * Ignore domains not managed by xl (also works around a bug in xl list -l). - d/tree/xen-utils-common/usr/share/xen-utils-common/default.xen: * Add a little more explanation to a config file. - d/xen-hypervisor-4.5.xen.cfg - d/xen-utils-4.5.postinst and d/xen-utils-4.5.prerm: * Remove call to update-alternatives since we did not have those created in any release in the upgrade-path. - d/xen-utils-common.xen.init (picked from Debian packaging xen.git): * Fix removal of xenconsoled pid file. * Add code to start a qemu process for dom0. * Replace xenstore-writes by xen-init-dom0 call. -- Stefan Bader Thu, 22 Jan 2015 11:35:47 +0100 xen (4.5.0-1) experimental; urgency=medium [ Ian Campbell ] * New upstream release -- Bastian Blank Wed, 21 Jan 2015 20:21:45 +0100 xen (4.5.0~rc3-1) experimental; urgency=medium * New upstream release candidate. * Re-add xend config. -- Bastian Blank Wed, 17 Dec 2014 22:37:23 +0100 xen (4.4.1-6) unstable; urgency=medium * Fix starvation of writers in locks. CVE-2014-9065 -- Bastian Blank Thu, 11 Dec 2014 15:56:08 +0100 xen (4.4.1-5) unstable; urgency=medium * Fix excessive checks of hypercall arguments. CVE-2014-8866 * Fix boundary checks of emulated MMIO access. CVE-2014-8867 * Fix additional memory leaks in xl. (closes: #767295) -- Bastian Blank Sun, 30 Nov 2014 20:13:32 +0100 xen (4.4.1-4) unstable; urgency=medium [ Bastian Blank ] * Make operations pre-emptible. CVE-2014-5146, CVE-2014-5149 * Don't allow page table updates from non-PV page tables. CVE-2014-8594 * Enforce privilege level while loading code segment. CVE-2014-8595 * Fix reference counter leak. CVE-2014-9030 * Use linux 3.16.0-4 stuff. * Fix memory leak in xl. (closes: #767295) [ Ian Campbell ] * Add licensing for tools/python/logging to debian/copyright. (Closes: #759384) * Correctly include xen-init-name in xen-utils-common. (Closes: #769543) * xen-utils recommends grub-xen-host package (Closes: #770460) -- Bastian Blank Thu, 27 Nov 2014 20:17:36 +0100 xen (4.4.1-3ubuntu2) vivid; urgency=low * Applying Xen Security Advisories: - CVE-2014-8594 / XSA-109 * x86: don't allow page table updates on non-PV page tables in do_mmu_update() - CVE-2014-8595 / XSA-110 * x86emul: enforce privilege level restrictions when loading CS - CVE-2014-8866 / XSA-111 * x86: limit checks in hypercall_xlat_continuation() to actual arguments - CVE-2014-8867 / XSA-112 * x86/HVM: confine internally handled MMIO to solitary regions - CVE-2014-9030 / XSA-113 * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE * Pulling in Debian change to start qemu in dom0 (LP: #1396068) * Picking up Debian change to recommend grub-xen-host from xen-utils. * Picking up Debian change to really include xen-init-name. -- Stefan Bader Wed, 19 Nov 2014 13:47:12 +0100 xen (4.4.1-3ubuntu1) vivid; urgency=low * Merge from Debian unstable. Remaining changes: - d/p/series: Completely non-build-affecting additional comments. Just helpful hints for maintenance. - d/rules.real: * Use a separate grub config file in /etc/default/grub.d which auto- matically sets the default boot to Xen. * Remove OCAMLDESTDIR since all the xend/xm support is gone now. - d/scripts/xen-init-list: Avoid calling "xen list -l" without arguments as that breaks if there are guests started by libvirt are running. - d/xen-utils-4.4.postinst and d/xen-utils-4.4.prerm: Remove call to update-alternatives as this has not been used for several releases now. - d/tree/xen-utils-common/usr/share/xen-utils-common/default.xen: Be a bit more verbose in the comments of the file and also point out that xm is gone now. -- Stefan Bader Tue, 28 Oct 2014 17:32:56 +0100 xen (4.4.1-3) unstable; urgency=medium [ Bastian Blank ] * Remove unused build-depencencies. * Extend list affected systems for broken interrupt assignment. CVE-2013-3495 * Fix race in hvm memory management. CVE-2014-7154 * Fix missing privilege checks on instruction emulation. CVE-2014-7155, CVE-2014-7156 * Fix uninitialized control structures in FIFO handling. CVE-2014-6268 * Fix MSR range check in emulation. CVE-2014-7188 [ Ian Campbell ] * Install xen.efi into /boot for amd64 builds. -- Bastian Blank Fri, 17 Oct 2014 16:27:46 +0200 xen (4.4.1-2) unstable; urgency=medium * Re-build with correct content. * Use dh_lintian. -- Bastian Blank Wed, 24 Sep 2014 20:23:14 +0200 xen (4.4.1-1) unstable; urgency=medium * New upstream release. - Fix several vulnerabilities. (closes: #757724) CVE-2014-2599, CVE-2014-3124, CVE-2014-3967, CVE-2014-3968, CVE-2014-4021 -- Bastian Blank Sun, 21 Sep 2014 10:45:47 +0200 xen (4.4.0-5) unstable; urgency=medium [ Ian Campbell ] * Expand on the descriptions of some packages. (Closes: #466683) * Clarify where xen-utils-common is required. (Closes: #612403) * No longer depend on gawk. Xen can now use any awk one of which is always present. (Closes: #589176) * Put core dumps in /var/lib/xen/dump and ensure it exists. (Closes: #444000) [ Bastian Blank ] * Handle JSON output from xl in xendomains init script. -- Bastian Blank Sat, 06 Sep 2014 22:11:20 +0200 xen (4.4.0-4) unstable; urgency=medium [ Bastian Blank ] * Also remove unused OCaml packages from control file. * Make library packages multi-arch: same. (closes: #730417) * Use debhelper compat level 9. (closes: #692352) [ Ian Campbell ] * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283) * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847) * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143) -- Bastian Blank Sat, 30 Aug 2014 13:34:04 +0200 xen (4.4.0-3) unstable; urgency=medium [ Ian Campbell ] * Use correct SeaBIOS binary which supports Xen (Closes: #737905). [ Bastian Blank ] * Really update config.{sub,guess}. -- Bastian Blank Fri, 29 Aug 2014 16:33:19 +0200 xen (4.4.0-2) unstable; urgency=medium * Remove broken and unused OCaml-support. -- Bastian Blank Mon, 18 Aug 2014 15:18:42 +0200 xen (4.4.0-1) unstable; urgency=medium [ Bastian Blank ] * New upstream release. - Update scripts for compatiblity with latest coreutils. (closes: #718898) - Fix guest reboot with xl toolstack. (closes: #727100) - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code. (closes: #730254) - xl support for global VNC options. (closes: #744157) - vif scripts can now be named relative to /etc/xen/scripts. (closes: #744160) - Support for arbitrary sized SeaBIOS binaries. (closes: #737905) - pygrub searches for extlinux.conf in the expected places. (closes: #697407) - Update scripts to use correct syntax for ip command. (closes: #705659) * Fix install of xend configs to not break compatibility. [ Ian Campbell ] * Disable blktap1 support using new configure option instead of by patching. * Disable qemu-traditional and rombios support using new configure option instead of by patching. No need to build-depend on ipxe any more. * Use system qemu-xen via new configure option instead of patching. * Use system seabios via new configure option instead of patching. * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build. * Add support for armhf and arm64. * Update config.{sub,guess}. -- Bastian Blank Sat, 09 Aug 2014 13:09:00 +0200 xen (4.4.0-0ubuntu9) utopic; urgency=low * debian/scripts/xen-init-list: Modify code to only list domains started by the xl command (when using libxl). Also working around a bug in the "list -l" command of the xl toolstack which causes it to fail if there are domains running which are not created by xl (like via libvirt) (LP: #1377960). -- Stefan Bader Tue, 07 Oct 2014 11:05:44 +0200 xen (4.4.0-0ubuntu8) utopic; urgency=low * Applying Xen Security Advisories: - CVE-2014-5147 / XSA-102 * xen: arm: handle AArch32 userspace when dumping 64-bit guest state. * xen: arm: Correctly handle exception injection from userspace on 64-bit. * xen: arm: Handle traps from 32-bit userspace on 64-bit kernel as undef - CVE-2014-5148 / XSA-103 * xen: arm: Correctly handle do_sysreg exception injection from 64-bit userspace - CVE-2014-7154 / XSA-104 * x86/shadow: fix race condition sampling the dirty vram state - CVE-2014-7155 / XSA-105 * x86/emulate: check cpl for all privileged instructions - CVE-2014-7156 / XSA-106 * x86emul: only emulate software interrupt injection for real mode - CVE-2014-6268 / XSA-107 * evtchn: check control block exists when using FIFO-based events - CVE-2014-7188 / XSA-108 * x86/HVM: properly bound x2APIC MSR range -- Stefan Bader Fri, 26 Sep 2014 09:55:15 +0200 xen (4.4.0-0ubuntu7) utopic; urgency=low * d/xen-utils-.postinst: Remove xend config conversion script. * d/p/ubuntu-use-seabios-256.patch: Pick the 256K seabios image for hvmloader because the 128K default image dropped Xen support. (LP: #1370123) -- Stefan Bader Tue, 16 Sep 2014 17:35:24 +0200 xen (4.4.0-0ubuntu6) utopic; urgency=low * Applying Xen Security Advisories: - CVE-2014-2599 / XSA-89 * x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access() - CVE-2014-3125 / XSA-91 * xen/arm: Correctly save/restore CNTKCTL_EL1 - CVE-2014-3124 / XSA-92 * x86/HVM: restrict HVMOP_set_mem_type - CVE-2014-2915 / XSA-93 * xen/arm: Inject an undefined instruction when the coproc/sysreg is not handled * xen/arm: Don't let the guest access the coprocessors registers * xen/arm: Upgrade DCISW into DCCISW * xen/arm: Trap cache and TCM lockdown registers * xen/arm: Don't expose implementation defined registers (Cp15 c15) to the guest * xen/arm: Don't let guess access to Debug and Performance Monitor registers - CVE-2014-2986 / XSA-94 * xen/arm: vgic: Check rank in GICD_ICFGR* emulation before locking - CVE-2014-3714, CVE-2014-3715, CVE-2014-3716, CVE-2014-3717 / XSA-95 * tools: arm: remove code to check for a DTB appended to the kernel - CVE-2014-3967,CVE-2014-3968 / XSA-96 * x86/HVM: eliminate vulnerabilities from hvm_inject_msi() - CVE-2014-3969 / XSA-98 * xen: arm: check permissions when copying to/from guest virtual addresses * xen: arm: ensure we hold a reference to guest pages while we copy to/from them - CVE-2014-4021 / XSA-100 * AMD IOMMU: don't free page table prematurely * page-alloc: scrub pages used by hypervisor upon freeing - CVE-2014-4022 / XSA-101 * xen: arm: initialise the grant_table_gpfn array on allocation -- Stefan Bader Mon, 23 Jun 2014 15:40:16 +0200 xen (4.4.0-0ubuntu5) trusty; urgency=low * Minimal changes to make arm64 build. It produces packages, whatever can be done with those is somebody elses problem. -- Stefan Bader Fri, 11 Apr 2014 15:12:47 +0200 xen (4.4.0-0ubuntu4) trusty; urgency=low * Fix up some more stale 4.3 references in xen-utils-4.4 debian packaging files. * Remove update-alternatives for postinst and prerm of xen-utils- as there is no xen-default anymore. * debian/rules.real: Add etc/default/grub.d and install xen.cfg into it. This adds a place to set Xen grub arguments and makes booting into Xen the default (with a warning message on running update-grub). * debian/rules.real, debian/xen-utils-$(VERSION).postinst, xen-sxp2xm, and xen-migrate-xend-managed-domains: Add migration scripts to the xen-utils-$(VERSION) package (LP: #1303886). * Add transitional packages for migrating xen-hypervisor-4.1-(i386|amd64) and xen-hypervisor-4.3-amd64 to add the xen-system-amd64 meta-package which is the preferred/recommeded way of installing Xen now. -- Stefan Bader Wed, 26 Mar 2014 19:25:53 +0100 xen (4.4.0-0ubuntu3) trusty; urgency=low * Fixing up changelog history and preparing for FFE (LP: #1290743). -- Stefan Bader Thu, 20 Mar 2014 12:53:21 +0100 xen (4.4.0-0ubuntu2) trusty; urgency=low * debian/patches/tools-ocaml-disable-test.patch: This disables the ocaml test build for now until linking issues are resolved. * debian/xen-utils-common.xen.init: Write domid for dom0 into xenstore (now required). -- Stefan Bader Tue, 11 Mar 2014 14:26:58 +0100 xen (4.4.0-0ubuntu1) trusty; urgency=low * New upstream release (Xen.4.4) * Refreshed patches: - debian/patches/tools-libxc-abiname.diff - debian/patches/tools-libxl-abiname.diff - debian/patches/tools-libxl-prefix.diff * debian/rules.real: Force xend to be built. * debian/rules.real: For utils_ installation move binaries from usr/sbin/ to usr/lib/xen-/bin. Several that used to go into the private bin directory moved to the public sbin directory. Not ideal but quicker to do without side-effects. * debian/rules.real: Hypervisor has no .gz type on armhf. * debian/control, debian/rules.gen: Manually update version from 4.3 to 4.4. * debian/control: Add build dependency for libfdt-dev on armhf. * debian/control: Only depend on qemu-system-x86 for i386 and amd64 builds. * debian/*: Also rename several versioned packaging files. * debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen: Add comment about toolstack names and make xl the default. -- Stefan Bader Tue, 11 Mar 2014 09:54:35 +0100 xen (4.3.0-3) unstable; urgency=low * Revive hypervisor on i386. -- Bastian Blank Fri, 18 Oct 2013 00:15:16 +0200 xen (4.3.0-2) unstable; urgency=low * Force proper install order. (closes: #721999) -- Bastian Blank Sat, 05 Oct 2013 15:03:36 +0000 xen (4.3.0-1ubuntu5) trusty; urgency=low * Applying Xen Security Advisories: - CVE-2014-1642 / XSA-83 * x86/irq: avoid use-after-free on error path in pirq_guest_bind() - CVE-2014-1891 / XSA-84 * flask: fix reading strings from guest memory - CVE-2014-1895 / XSA-85 * xsm/flask: correct off-by-one in flask_security_avc_cachestats cpu id check - CVE-2014-1896 / XSA-86 * libvchan: Fix handling of invalid ring buffer indices - CVE-2014-1666 / XSA-87 * x86: PHYSDEVOP_{prepare,release}_msix are privileged - CVE-2014-1950 / XSA-88 * libxc: Fix out-of-memory error handling in xc_cpupool_getinfo() -- Stefan Bader Mon, 17 Feb 2014 13:54:15 +0100 xen (4.3.0-1ubuntu4) trusty; urgency=medium * Rebuild for ocaml-4.01. -- Matthias Klose Mon, 23 Dec 2013 16:18:35 +0000 xen (4.3.0-1ubuntu3) trusty; urgency=low * Applying Xen Security Advisories: - CVE-2013-4553 / XSA-74 * Lock order reversal between page_alloc_lock and mm_rwlock - CVE-2013-4551 / XSA-75 * Host crash due to guest VMX instruction execution - CVE-2013-4554 / XSA-76 * Hypercalls exposed to privilege rings 1 and 2 of HVM guests - CVE-????-???? / XSA-77 * Disaggregated domain management security status - CVE-2013-6375 / XSA-78 * Insufficient TLB flushing in VT-d (iommu) code - CVE-2013-6400 / XSA-80 * IOMMU TLB flushing may be inadvertently suppressed - CVE-2013-6885 / XSA-82 * Guest triggerable AMD CPU erratum may cause host hang -- Stefan Bader Fri, 06 Dec 2013 17:51:24 +0100 xen (4.3.0-1ubuntu2) trusty; urgency=low * Applying Xen Security Advisories: - CVE-2013-1442 / XSA-62 * Information leak on AVX and/or LWP capable CPUs - CVE-2013-4355 / XSA-63 * Information leaks through I/O instruction emulation - CVE-2013-4356 / XSA-64 * Memory accessible by 64-bit PV guests under live migration - CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation - CVE-2013-4368 / XSA-67 * Information leak through outs instruction emulation - CVE-2013-4369 / XSA-68 * possible null dereference when parsing vif ratelimiting info - CVE-2013-4370 / XSA-69 * misplaced free in ocaml xc_vcpu_getaffinity stub - CVE-2013-4371 / XSA-70 * use-after-free in libxl_list_cpupool under memory pressure - CVE-2013-4416 / XSA-72 * ocaml xenstored mishandles oversized message replies - CVE-2013-4494 / XSA-73 * Lock order reversal between page allocation and grant table locks -- Stefan Bader Tue, 05 Nov 2013 16:16:05 +0100 xen (4.3.0-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - Add armhf to packages (except ocaml related) and create hypervisor and system-meta package. Modify build environment to produce Arm packages. * debian/control * debian/rules.gen * debian/rules.real * debian/patches/ubuntu-tools-armhf-without-ocaml.patch Ocaml source fail to build on Arm. - Re-introduce xen-hypervisor-amd64 for i386 builds. Otherwise i386 would be rendered uninstallable. * debian/arch/i386/defines * debian/control - Keep qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: * debian/patches/qemu-prefix.diff Modify LDFLAGS to point to lib dir for qemu-dm. * debian/patches/qemu-disable-blktap.diff Blktap never went upstream. * debian/patches/ubuntu-qemu-disable-qemu-upstream.diff We want to use the binary from qemu-system-x86. * debian/patches/ubuntu-qemu-upstream-location.patch Modify tools to look for qemu-system-i386 in public path. - Fixup hvmloader build to find the correct PXE boot roms. * ubuntu-tools-firmware-etherboot-kvm-ipxe.diff - Add packaging dependency on libxenstore to libxen (otherwise libtool fails to find references for libxenlight). * debian/rules.real - Add migration helper that removes private paths from xend domain configs. * debian/scripts/Makefile * debian/scripts/xend-domain-config-path-strip * debian/xen-utils-common.postinst - Fix for using ulong instead of unsigned long in gdbsx. * debian/patches/toolchain.diff * First test for suitable toolstack in xendomains before using the list command as that causes the xapi daemon to hang. - debian/xen-utils-common.xendomains.init -- Stefan Bader Fri, 27 Sep 2013 15:12:17 +0200 xen (4.3.0-1) unstable; urgency=low * New upstream release. - Fix HVM PCI passthrough. (closes: #706543) * Call configure with proper arguments. * Remove now empty xen-docs package. * Disable external code retrieval. * Drop all i386 hypervisor packages. * Drop complete blktap support. * Create /run/xen. * Make xen-utils recommend qemu-system-x86. (closes: #688311) - This version comes with audio support. (closes: #635166) * Make libxenlight and libxlutil public. (closes: #644390) - Set versioned ABI name. - Install headers. - Move libs into normal library path. * Use build flags in the tools build. - Fix fallout from harderning flags. * Update Standards-Version to 3.9.4. No changes. -- Bastian Blank Thu, 05 Sep 2013 13:54:03 +0200 xen (4.3.0-0ubuntu4) saucy; urgency=low * Re-introduce xen-hypervisor-amd64 for i386 builds. Otherwise i386 would be rendered uninstallable. -- Stefan Bader Thu, 19 Sep 2013 15:28:06 -0500 xen (4.3.0-0ubuntu3) saucy; urgency=low * Avoid building libxenlight with blktap support (at least for now). - ubuntu-tools-force-build-without-blktap2.patch - debian/rules.real: Do not install libblktapctl - debian/libxen-dev.install: Do not package libblktapctl -- Stefan Bader Thu, 15 Aug 2013 10:07:46 +0200 xen (4.3.0-0ubuntu2) saucy; urgency=low * debian/rules.real: Avoid ocaml install and trying to strip hvmload which does not exist on Arm. * debian/rules.gen: Remove i386 related rules for arch-flavour which would try to build the hypervisor (not supported anymore). * debian/rules.gen: Add rules for armhf builds. * debian/control: Add armhf to packages (except ocaml related) and create hypervisor and system-meta package. -- Stefan Bader Sat, 03 Aug 2013 10:23:42 +0100 xen (4.3.0-0ubuntu1) saucy; urgency=low * debian/rules.real: Drop installing pdf for docs. Upstream dropped the xen-abi documentation. * debian/rules.real: Add --prefix=/usr to configure calls. (Default prefix is now /usr/local) * debian/rules -> debian/rules.real: Move modification of LDFLAGS as the latter does the compile and since 4.2.2 includes default.mk which would set the values back (either to the gcc version or to nothing). * debian/rules.real: Hack around checks for wget which the Debian build does not allow to use. * debian/control: Drop i386 versions of xen-hypervisor and xen-system. Upstream dropped i386 support for those. * debian/control: Add recommends for qemu-system-x86 to xen-utils-4.3. Utils (xl stack) will use the generic qemu-system-i386 when being told to use qemu-xen and qemu-dm for qemu-xen-traditional. * xen-utils-common.xen.init: Create /var/run/xen if not present on startup (this directory is used by libxl for qmp sockets). * Add support to allow libvirt to build the libxl driver: - tools/libxl: Create versioned variants of libxenlight.so and libblktapctl.so - debian/rules.real: Add packaging dependency on libxenstore to libxen (otherwise libtool fails to find references). - debian/libxen-dev.install: Package headers and library files of libxenlight. * Carried over from previous versions: - Keep qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm) - qemu-disable-blktap (this is not present in upstream) - ubuntu-qemu-disable-qemu-upstream (breaks build and also should be provided by qemu/kvm package) -- Stefan Bader Tue, 25 Jun 2013 16:39:42 +0200 xen (4.2.2-1ubuntu1) saucy; urgency=low * Merge with Debian unstable. Dropping the following patches in favour of Debian ones: - xsa52-4.2-unstable.patch - xsa53-4.2.patch - xsa54.patch - xsa56.patch * Remaining changes: - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS. This will again use the Ubuntu specific LDFLAGS (using some hardening options). Older releases would always pass those options in the environment but that changed. - Ressurrect qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm) - qemu-disable-blktap (this is not present in upstream) - ubuntu-qemu-disable-qemu-upstream (breaks build and also should be provided by qemu/kvm package) * Remaining additional patches: - qemu-fix-librt-test.patch Fix build regression caused by glibc not requiring to link against librt for the clock_gettime function. Patch picked from xen-devel mailing list. - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch Add direct include to sys/types.h for xg_main.c which likely was indirectly done before. Needed to get ulong type definition. - tools-ocaml-fix-build: refresh and reenable (and fix the description of) this patch. Without it the ocam native libraries (*.cmxa) build in /build local paths rather than appropriatly versioned library references. - APIC Register Virtualization (backported from Xen 4.3) - 0001-xen-enable-APIC-Register-Virtualization.patch - 0002-xen-enable-Virtual-interrupt-delivery.patch - 0003-xen-add-virtual-x2apic-support-for-apicv.patch - TSC Adjust Support (backported from Xen 4.3) - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch - Fix FTBS on i386 - 0007-x86-Fix-i386-virtual-apic.patch - silence-gcc-warnings.patch: Silence gcc warnings. -- Stefan Bader Wed, 17 Jul 2013 09:41:37 +0200 xen (4.2.2-1) unstable; urgency=low * New upstream release. - Fix build with gcc 4.8. (closes: #712376) * Build-depend on libssl-dev. (closes: #712366) * Enable hardening as much as possible. * Re-enable ocaml build fixes. (closes: #695176) * Check for out-of-bound values in CPU affinity setup. CVE-2013-2072 * Fix information leak on AMD CPUs. CVE-2013-2076 * Recover from faults on XRSTOR. CVE-2013-2077 * Properly check guest input to XSETBV. CVE-2013-2078 -- Bastian Blank Thu, 11 Jul 2013 00:28:24 +0200 xen (4.2.1-2ubuntu2) saucy; urgency=low * Applying Xen Security Advisories: - CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55 * libelf: abolish libelf-relocate.c * libxc: introduce xc_dom_seg_to_ptr_pages * libxc: Fix range checking in xc_dom_pfn_to_ptr etc. * libelf: add `struct elf_binary*' parameter to elf_load_image * libelf: abolish elf_sval and elf_access_signed * libelf: move include of to top of file * libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised * libelf: introduce macros for memory access and pointer handling * tools/xcutils/readnotes: adjust print_l1_mfn_valid_note * libelf: check nul-terminated strings properly * libelf: check all pointer accesses * libelf: Check pointer references in elf_is_elfbinary * libelf: Make all callers call elf_check_broken * libelf: use C99 bool for booleans * libelf: use only unsigned integers * libelf: check loops for running away * libelf: abolish obsolete macros * libxc: Add range checking to xc_dom_binloader * libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range * libxc: check return values from malloc * libxc: range checks in xc_dom_p2m_host and _guest * libxc: check blob size before proceeding in xc_dom_check_gzip * libxc: Better range check in xc_dom_alloc_segment - CVE-XXXX-XXXX / XSA57 * libxl: Restrict permissions on PV console device xenstore nodes -- Stefan Bader Fri, 21 Jun 2013 14:23:14 +0200 xen (4.2.1-2ubuntu1) saucy; urgency=low * Merge with Debian unstable. Dropping the following patches in favour of Debian ones: - xsa33-4.2-unstable.patch - xsa36-4.2.patch - xsa44-4.2.patch - xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch - xsa45-4.2-02-new-guest-cr3-preemptible.patch - xsa45-4.2-03-new-user-base-preemptible.patch - xsa45-4.2-04-vcpu-reset-preemptible.patch - xsa45-4.2-05-set-info-guest-preemptible.patch - xsa45-4.2-06-unpin-preemptible.patch - xsa45-4.2-07-mm-error-paths-preemptible.patch - xsa46-4.2.patch - xsa47-4.2-unstable.patch - xsa49-4.2.patch * Remaining changes: - debian/control: Depend on libssl-dev - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS. This will again use the Ubuntu specific LDFLAGS (using some hardening options). Older releases would always pass those options in the environment but that changed. - Ressurrect qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm) - qemu-disable-blktap (this is not present in upstream) - ubuntu-qemu-disable-qemu-upstream (breaks build and also should be provided by qemu/kvm package) * Remaining additional patches: - qemu-cve-2012-6075-1.patch / qemu-cve-2012-6075-2.patch - xsa34-4.2.patch - xsa35-4.2-with-xsa34.patch - xsa38.patch - xsa52-4.2-unstable.patch - xsa53-4.2.patch - xsa54.patch - xsa56.patch - qemu-fix-librt-test.patch Fix build regression caused by glibc not requiring to link against librt for the clock_gettime function. Patch picked from xen-devel mailing list. - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch Add direct include to sys/types.h for xg_main.c which likely was indirectly done before. Needed to get ulong type definition. - tools-ocaml-fix-build: refresh and reenable (and fix the description of) this patch. Without it the ocam native libraries (*.cmxa) build in /build local paths rather than appropriatly versioned library references. - APIC Register Virtualization (backported from Xen 4.3) - 0001-xen-enable-APIC-Register-Virtualization.patch - 0002-xen-enable-Virtual-interrupt-delivery.patch - 0003-xen-add-virtual-x2apic-support-for-apicv.patch - TSC Adjust Support (backported from Xen 4.3) - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch - Fix FTBS on i386 - 0007-x86-Fix-i386-virtual-apic.patch - Fix HVM regression when host supports SMEP - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch - silence-gcc-warnings.patch: Silence gcc warnings. - gcc48-ftbfs.patch - gcc48-ftbfs-2.patch -- Stefan Bader Fri, 14 Jun 2013 10:01:32 +0200 xen (4.2.1-2) unstable; urgency=low * Actually upload to unstable. -- Bastian Blank Sun, 12 May 2013 00:20:58 +0200 xen (4.2.1-1) experimental; urgency=low * New upstream release. * Enable usage of seabios. * Fix some toolchain issues. -- Bastian Blank Sat, 11 May 2013 23:55:46 +0200 xen (4.2.1-0ubuntu4) saucy; urgency=low [ Stefan Bader ] * Applying Xen Security Advisories: - CVE-2013-1918 / XSA-45 * x86: make vcpu_destroy_pagetables() preemptible * x86: make new_guest_cr3() preemptible * x86: make MMUEXT_NEW_USER_BASEPTR preemptible * x86: make vcpu_reset() preemptible * x86: make arch_set_info_guest() preemptible * x86: make page table unpinning preemptible * x86: make page table handling error paths preemptible - CVE-2013-1952 / XSA-49 * VT-d: don't permit SVT_NO_VERIFY entries for known device types - CVE-2013-2076 / XSA-52 * x86/xsave: fix information leak on AMD CPUs - CVE-2013-2077 / XSA-53 * x86/xsave: recover from faults on XRSTOR - CVE-2013-2078 / XSA-54 * x86/xsave: properly check guest input to XSETBV - CVE-2013-2072 / XSA-56 * libxc: limit cpu values when setting vcpu affinity [ Marc Deslauriers ] * debian/patches/gcc48-ftbfs.patch: Add -Wno-unused-local-typedefs to CFLAGS. * debian/patches/gcc48-ftbfs-2.patch: fix memset(&p,0,sizeof(p)) idiom in several places. -- Marc Deslauriers Mon, 10 Jun 2013 15:03:13 -0400 xen (4.2.1-0ubuntu3.1) raring-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-1917 / XSA-44 x86: clear EFLAGS.NT in SYSENTER entry path - CVE-2013-1919 / XSA-46 x86: fix various issues with handling guest IRQs - CVE-2013-1920 / XSA-47 defer event channel bucket pointer store until after XSM checks -- Stefan Bader Wed, 10 Apr 2013 14:21:15 +0200 xen (4.2.1-0ubuntu3) raring; urgency=low * Fix FTBS on i386 - 0007-x86-Fix-i386-virtual-apic.patch * Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757) - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch -- Stefan Bader Fri, 05 Apr 2013 16:39:45 +0200 xen (4.2.1-0ubuntu2) raring; urgency=low * Backporting support for Intel APIC virtualization (LP: #1160373) - 0001-xen-enable-APIC-Register-Virtualization.patch - 0002-xen-enable-Virtual-interrupt-delivery.patch - 0003-xen-add-virtual-x2apic-support-for-apicv.patch * Backporting support for Intel TSC adjust (LP: #1160378) - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch -- Stefan Bader Tue, 26 Mar 2013 09:41:25 +0100 xen (4.2.1-0ubuntu1) raring; urgency=low * New upstream stable release. Remaining changes: - Fix to qemu for CVE-2012-6075 - Patches for XSA33-36 and 38 - qemu-fix-librt-test.patch Fix build regression caused by glibc not requiring to link against librt for the clock_gettime function. Patch picked from xen-devel mailing list. - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch Add direct include to sys/types.h for xg_main.c which likely was indirectly done before. Needed to get ulong type definition. - tools-ocaml-fix-build: refresh and reenable (and fix the description of) this patch. Without it the ocam native libraries (*.cmxa) build in /build local paths rather than appropriatly versioned library references. - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS. This will again use the Ubuntu specific LDFLAGS (using some hardening options). Older releases would always pass those options in the environment but that changed. - Ressurrect qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm) - qemu-disable-blktap (this is not present in upstream) - ubuntu-qemu-disable-qemu-upstream (breaks build and also should be provided by qemu/kvm package) - Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix up hvmloader build. kvm-ipxe contains a subset of the rom files from which the Xen build only uses two to be embedded in the hvmloader. - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings. -- Stefan Bader Fri, 08 Mar 2013 10:34:54 +0100 xen (4.2.0-2) experimental; urgency=low * Support JSON output in domain init script helper. -- Bastian Blank Mon, 01 Oct 2012 15:11:30 +0200 xen (4.2.0-1ubuntu6) raring; urgency=low * Applying Xen Security Advisory: - VT-d: fix interrupt remapping source validation for devices behind legacy bridges CVE-2012-5634 / XSA-33 - x86_32: don't allow use of nested HVM CVE-2013-0151 / XSA-34 - xen: Do not allow guests to enable nested HVM on themselves CVE-2013-0152 / XSA-35 - ACPI: acpi_table_parse() should return handler's error code CVE-2013-0153 / XSA-36 - oxenstored incorrect handling of certain Xenbus ring states CVE-2013-0215 / XSA-38 * Applying qemu security fixes: - e1000: Discard packets that are too long if !SBP and !LPE CVE-2012-6075 / XSA-41 - Discard packets longer than 16384 when !SBP to match the hardware behavior. CVE-2012-6075 / XSA-41 * qemu-fix-librt-test.patch Fix build regression caused by glibc not requiring to link against librt for the clock_gettime function. Patch picked from xen-devel mailing list. * tools-gdbsx-fix-build-failure-with-glibc-2.17.patch Add direct include to sys/types.h for xg_main.c which likely was indirectly done before. Needed to get ulong type definition. -- Stefan Bader Tue, 29 Jan 2013 15:48:47 +0100 xen (4.2.0-1ubuntu5) raring; urgency=low * Add libssl-dev to Build-Depends. -- Chris J Arges Tue, 15 Jan 2013 11:13:48 -0600 xen (4.2.0-1ubuntu4) raring; urgency=low * Applying Xen Security fixes (LP: #1086875) - gnttab: fix releasing of memory upon switches between versions CVE-2012-5510 - hvm: Limit the size of large HVM op batches CVE-2012-5511 - xen: add missing guest address range checks to XENMEM_exchange handlers CVE-2012-5513 - xen: fix error handling of guest_physmap_mark_populate_on_demand() CVE-2012-5514 - memop: limit guest specified extent order CVE-2012-5515 - x86: get_page_from_gfn() must return NULL for invalid GFNs CVE-2012-5525 -- Stefan Bader Wed, 05 Dec 2012 18:13:25 +0100 xen (4.2.0-1ubuntu3) raring; urgency=low * tools-ocaml-fix-build: refresh and reenable (and fix the description of) this patch. Without it the ocam native libraries (*.cmxa) build in /build local paths rather than appropriatly versioned library references. -- Andy Whitcroft Thu, 29 Nov 2012 21:49:00 +0000 xen (4.2.0-1ubuntu2) raring; urgency=low * Drop replaces and conflicts for xen3 packages (they are no longer in the upgrade path) from debian/control: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3 - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-3.3 * Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS. This will again use the Ubuntu specific LDFLAGS (using some hardening options). Older releases would always pass those options in the environment but that changed. * Ressurrect qemu-dm for now (upstream qemu would not support migration, yet). Forward-port some patches from the old Debian package which still included qemu-dm: - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm) - qemu-disable-blktap (this is not present in upstream) - ubuntu-qemu-disable-qemu-upstream (breaks build and also should be provided by qemu/kvm package) * Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix up hvmloader build. kvm-ipxe contains a subset of the rom files from which the Xen build only uses two to be embedded in the hvmloader. * XSA-20: Prevent overflow in calculations, leading to DoS vulnerability - CVE-2012-4535 * XSA-22: Prevent incorrect updates of m2p mappings - CVE-2012-4537 * XSA-23: check toplevel pagetables are present before unhooking them - CVE-2012-4538 * XSA-24: Prevent infinite loop in compat code - CVE-2012-4539 * XSA-25: limit maximum size of kernel/ramdisk - CVE-2012-4544 -- Stefan Bader Tue, 13 Nov 2012 09:03:58 +0100 xen (4.2.0-1ubuntu1) raring; urgency=low * Merge from Debian Experimental, Remaining changes: - debian/control: - Build depends on ipxe-qemu. - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3 - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. - disable debian/patches/config-etherboot.diff. - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings. -- Chuck Short Thu, 08 Nov 2012 12:14:30 -0600 xen (4.2.0-1) experimental; urgency=low * New upstream release. -- Bastian Blank Tue, 18 Sep 2012 13:54:30 +0200 xen (4.2.0~rc3-1) experimental; urgency=low * New upstream snapshot. -- Bastian Blank Fri, 07 Sep 2012 20:28:46 +0200 xen (4.2.0~rc2-1) experimental; urgency=low * New upstream snapshot. * Build-depend against libglib2.0-dev and libyajl-dev. * Disable seabios build for now. * Remove support for Lenny and earlier. * Support build-arch and build-indep make targets. -- Bastian Blank Sun, 13 May 2012 12:21:10 +0000 xen (4.1.4-4) unstable; urgency=high * Make several long runing operations preemptible. CVE-2013-1918 * Fix source validation for VT-d interrupt remapping. CVE-2013-1952 -- Bastian Blank Thu, 02 May 2013 14:30:29 +0200 xen (4.1.4-3) unstable; urgency=high * Fix return from SYSENTER. CVE-2013-1917 * Fix various problems with guest interrupt handling. CVE-2013-1919 * Only save pointer after access checks. CVE-2013-1920 * Fix domain locking for transitive grants. CVE-2013-1964 -- Bastian Blank Fri, 19 Apr 2013 13:01:57 +0200 xen (4.1.4-2) unstable; urgency=low * Use pre-device interrupt remapping mode per default. Fix removing old remappings. CVE-2013-0153 -- Bastian Blank Wed, 06 Feb 2013 13:04:52 +0100 xen (4.1.4-1) unstable; urgency=low * New upstream release. - Disable process-context identifier support in newer CPUs for all domains. - Add workarounds for AMD errata. - Don't allow any non-canonical addresses. - Use Multiboot memory map if BIOS emulation does not provide one. - Fix several problems in tmem. CVE-2012-3497 - Fix error handling in domain creation. - Adjust locking and interrupt handling during S3 resume. - Tighten more resource and memory range checks. - Reset performance counters. (closes: #698651) - Remove special-case for first IO-APIC. - Fix MSI handling for HVM domains. (closes: #695123) - Revert cache value of disks in HVM domains. -- Bastian Blank Thu, 31 Jan 2013 15:44:50 +0100 xen (4.1.3-8) unstable; urgency=high * Fix error in VT-d interrupt remapping source validation. CVE-2012-5634 * Fix buffer overflow in qemu e1000 emulation. CVE-2012-6075 * Update patch, mention second CVE. CVE-2012-5511, CVE-2012-6333 -- Bastian Blank Sat, 19 Jan 2013 13:55:07 +0100 xen (4.1.3-7) unstable; urgency=low * Fix clock jump due to incorrect annotated inline assembler. (closes: #599161) * Add support for XZ compressed Linux kernels to hypervisor and userspace based loaders, it is needed for any Linux kernels newer then Wheezy. (closes: #695056) -- Bastian Blank Tue, 11 Dec 2012 18:54:59 +0100 xen (4.1.3-6) unstable; urgency=high * Fix error handling in physical to machine memory mapping. CVE-2012-5514 -- Bastian Blank Tue, 04 Dec 2012 10:51:43 +0100 xen (4.1.3-5) unstable; urgency=high * Fix state corruption due to incomplete grant table switch. CVE-2012-5510 * Check range of arguments to several HVM operations. CVE-2012-5511, CVE-2012-6333 * Check array index before using it in HVM memory operation. CVE-2012-5512 * Check memory range in memory exchange operation. CVE-2012-5513 * Don't allow too large memory size and avoid busy looping. CVE-2012-5515 -- Bastian Blank Mon, 03 Dec 2012 19:37:38 +0100 xen (4.1.3-4) unstable; urgency=high * Use linux 3.2.0-4 stuff. * Fix overflow in timer calculations. CVE-2012-4535 * Check value of physical interrupts parameter before using it. CVE-2012-4536 * Error out on incorrect memory mapping updates. CVE-2012-4537 * Check if toplevel page tables are present. CVE-2012-4538 * Fix infinite loop in compatibility code. CVE-2012-4539 * Limit maximum kernel and ramdisk size. CVE-2012-2625, CVE-2012-4544 -- Bastian Blank Tue, 20 Nov 2012 15:51:01 +0100 xen (4.1.3-3ubuntu1) quantal; urgency=low * Merge from Debian unstable. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Change depend back to ipxe as we do not have ipxe-qemu. - etherboot: Change the config back to include the 8086100e.rom - Dropped: - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. Right now there seem to be no LDFLAGS passed. * Backported AMD specific improvements from upstream Xen (LP: #1009098): - svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware - x86: Use deep C states for off-lined CPUs - x86/AMD: Add support for AMD's OSVW feature in guests. - hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors -- Stefan Bader Thu, 27 Sep 2012 21:27:44 +0200 xen (4.1.3-3) unstable; urgency=low * Xen domain init script: - Make sure Open vSwitch is started before any domain. - Properly handle and show output of failed migration and save. - Ask all domains to shut down before checking them. -- Bastian Blank Tue, 18 Sep 2012 13:26:32 +0200 xen (4.1.3-2) unstable; urgency=medium * Don't allow writing reserved bits in debug register. CVE-2012-3494 * Fix error handling in interrupt assignment. CVE-2012-3495 * Don't trigger bug messages on invalid flags. CVE-2012-3496 * Check array bounds in interrupt assignment. CVE-2012-3498 * Properly check bounds while setting the cursor in qemu. CVE-2012-3515 * Disable monitor in qemu by default. CVE-2012-4411 -- Bastian Blank Fri, 07 Sep 2012 19:41:46 +0200 xen (4.1.3-1) unstable; urgency=medium * New upstream release: (closes: #683286) - Don't leave the x86 emulation in a bad state. (closes: #683279) CVE-2012-3432 - Only check for shared pages while any exist on teardown. CVE-2012-3433 - Fix error handling for unexpected conditions. - Update CPUID masking to latest Intel spec. - Allow large ACPI ids. - Fix IOMMU support for PCI-to-PCIe bridges. - Disallow access to some sensitive IO-ports. - Fix wrong address in IOTLB. - Fix deadlock on CPUs without working cpufreq driver. - Use uncached disk access in qemu. - Fix buffer size on emulated e1000 device in qemu. * Fixup broken and remove applied patches. -- Bastian Blank Fri, 17 Aug 2012 11:25:02 +0200 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low [ Ian Campbell ] * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018) * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528) [ Bastian Blank ] * Actually build-depend on new enough version of dpkg-dev. * Add xen-sytem-* meta-packages. We are finally in a position to do automatic upgrades and this package is missing. (closes: #681376) -- Bastian Blank Sat, 28 Jul 2012 10:23:26 +0200 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4ubuntu1) quantal; urgency=low [ Ubuntu Merge-o-Matic ] * Merge from Debian unstable. Remaining changes: - Thanks to Stefan Bader. - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Change depend back to ipxe as we do not have ipxe-qemu. - etherboot: Change the config back to include the 8086100e.rom - Dropped: - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. Right now there seem to be no LDFLAGS passed. -- Chuck Short Tue, 03 Jul 2012 08:43:03 -0400 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low * Add Build-Using info to xen-utils package. * Fix build-arch target. -- Bastian Blank Sun, 01 Jul 2012 19:52:30 +0200 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low * Remove /usr/lib/xen-default. It breaks systems if xenstored is not compatible. * Fix init script usage. * Fix udev rules for emulated network devices: - Force names of emulated network devices to a predictable name. -- Bastian Blank Sun, 01 Jul 2012 16:59:04 +0200 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low * Fix pointer missmatch in interrupt functions. Fixes build on i386. -- Bastian Blank Fri, 15 Jun 2012 18:00:51 +0200 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low * New upstream snapshot. - Fix privilege escalation and syscall/sysenter DoS while using non-canonical addresses by untrusted PV guests. (closes: #677221) CVE-2012-0217 CVE-2012-0218 - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can cause a DoS of the host. CVE-2012-2934 * Don't fail if standard toolstacks are not available. (closes: #677244) -- Bastian Blank Thu, 14 Jun 2012 17:06:25 +0200 xen (4.1.2-7) unstable; urgency=low * Really use ucf. * Update init script dependencies: - Start $syslog before xen. - Start drbd and iscsi before xendomains. (closes: #626356) - Start corosync and heartbeat after xendomains. * Remove /var/log/xen on purge. (closes: #656216) -- Bastian Blank Tue, 22 May 2012 10:44:41 +0200 xen (4.1.2-6) unstable; urgency=low * Fix generation of architectures for hypervisor packages. * Remove information about loop devices, it is incorrect. (closes: #503044) * Update xendomains init script: - Create directory for domain images only root readable. (closes: #596048) - Add missing sanity checks for variables. (closes: #671750) - Remove not longer supported config options. - Don't fail if no config is available. - Remove extra output if domain was restored. -- Bastian Blank Sun, 06 May 2012 20:07:41 +0200 xen (4.1.2-5) unstable; urgency=low * Actually force init script rename. (closes: #669341) * Fix long output from xl. * Move complete init script setup. * Rewrite xendomains init script: - Use LSB output functions. - Make output more clear. - Use xen toolstack wrapper. - Use a python script to properly read domain details. * Set name for Domain-0. -- Bastian Blank Mon, 23 Apr 2012 11:56:45 +0200 xen (4.1.2-4) unstable; urgency=low [ Bastian Blank ] * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070) * Don't longer use a4wide latex package. * Use ucf for /etc/default/xen. * Remove handling for old udev rules link and xenstored directory. * Rename xend init script to xen. [ Lionel Elie Mamane ] * Fix toolstack script to work with old dash. (closes: #648029) -- Bastian Blank Mon, 16 Apr 2012 08:47:29 +0000 xen (4.1.2-3) unstable; urgency=low * Merge xen-common source package. * Remove xend wrapper, it should not be called by users. * Support xl in init script. * Restart xen daemons on upgrade. * Restart and stop xenconsoled in init script. * Load xen-gntdev module. * Create /var/lib/xen. (closes: #658101) * Cleanup udev rules. (closes: #657745) -- Bastian Blank Wed, 01 Feb 2012 19:28:28 +0100 xen (4.1.2-2ubuntu2) precise; urgency=low * etherboot: Change the config back to include the 8086100e.rom (LP: #948333) -- Stefan Bader Tue, 06 Mar 2012 20:58:14 +0100 xen (4.1.2-2ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. - Dropped: - debian/patches/upstream-23044:d4ca456c0c25 - debian/patches/upstream-23104:1976adbf2b80 - debian/patches/upstream-changeset-23146.patch - debian/patches/upstream-changeset-23147.patch - debian/patches/xen-pirq-resubmit-irq.patch -- Chuck Short Thu, 22 Dec 2011 04:53:35 +0000 xen (4.1.2-2) unstable; urgency=low [ Jon Ludlam ] * Import (partially reworked) upstream changes for OCaml support. - Rename the ocamlfind packages. - Remove uuid and log libraries. - Fix 2 bit-twiddling bugs and an off-by-one * Fix build of OCaml libraries. * Add OCaml library and development package. * Include some missing headers. -- Bastian Blank Sat, 10 Dec 2011 19:13:25 +0000 xen (4.1.2-1) unstable; urgency=low * New upstream release. * Build-depend on pkg-config. * Add package libxen-4.1. Includes some shared libs. -- Bastian Blank Sat, 26 Nov 2011 18:28:06 +0100 xen (4.1.1-3ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. - debian/patches/upstream-changeset-23146.patch, debian/patches/upstream-changeset-23147.patch: Fix booting with hvm domU. (LP: #832207) - debian/patches/xen-pirq-resubmit-irq.patch: Retrigger pirq events when asserted while processing. (LP: #854829) -- Chuck Short Sun, 06 Nov 2011 05:51:08 +0000 xen (4.1.1-3) unstable; urgency=low [ Julien Danjou ] * Remove Julien Danjou from the Uploaders field. (closes: #590439) [ Bastian Blank ] * Use current version of python. (closes: #646660) * Build-depend against liblzma-dev, it is used if available. (closes: #646694) * Update Standards-Version to 3.9.2. No changes. * Don't use brace-expansion in debhelper install files. -- Bastian Blank Wed, 26 Oct 2011 14:42:33 +0200 xen (4.1.1-2ubuntu4.1) oneiric-proposed; urgency=low * debian/patches/xen-pirq-resubmit-irq.patch: Retrigger pirq events when asserted while processing. Thanks to Stefan Bader (LP: #854829) -- Chuck Short Mon, 10 Oct 2011 19:30:09 -0400 xen (4.1.1-2ubuntu4) oneiric; urgency=low * Rebuild to drop build records on armel and powerpc. LP: #823714. -- Matthias Klose Thu, 06 Oct 2011 14:15:35 +0200 xen (4.1.1-2ubuntu2) oneiric; urgency=low * Clean up patches. * debian/patches/upstream-changeset-23146.patch, debian/patches/upstream-changeset-23147.patch: Fix booting with hvm domU. (LP: #832207) -- Chuck Short Thu, 01 Sep 2011 13:13:47 -0400 xen (4.1.1-2ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. + Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. -- Chuck Short Thu, 11 Aug 2011 14:18:41 +0000 xen (4.1.1-2) unstable; urgency=low * Fix hvmloader with gcc 4.6. -- Bastian Blank Fri, 05 Aug 2011 23:58:36 +0200 xen (4.1.1-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: + Xen 3.3 -> Xen 4.1 migration: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. + Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. + Dropped upstream patches: - debian/patches/disable-unused-but-not-set-error.patch: Applied upstream. - debian/patches/xc-dom-restore-set-but-not-used.patch: Applied upstream. - debian/patches/xc-dom-restore-set-but-not-used.patch: Applied upstream. -- Chuck Short Tue, 19 Jul 2011 00:11:08 +0000 xen (4.1.1-1) unstable; urgency=low * New upstream release. * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.) * Use dh_python2. -- Bastian Blank Mon, 18 Jul 2011 19:38:38 +0200 xen (4.1.0-3ubuntu4) oneiric; urgency=low * Fix xen 3.3 -> xen 4.1 migration. -- Chuck Short Sat, 04 Jun 2011 15:37:17 -0400 xen (4.1.0-3ubuntu3) oneiric; urgency=low * debian/control: Use python2.7 as a build dependency. -- Chuck Short Tue, 31 May 2011 14:50:03 -0400 xen (4.1.0-3ubuntu2) oneiric; urgency=low * debian/control: + Move to python 2.7. + Xen 3.3 -> Xen4.1 migration: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-tuils: Conflict and replaces libxen3 - xen-utils-4.1: Confflict and replaces libxen3, python-xen3.3, and xen-utils-3.3 -- Chuck Short Tue, 31 May 2011 13:15:08 -0400 xen (4.1.0-3ubuntu1) oneiric; urgency=low * Make sure the LDFLAGS value passed is suitable for use by ld, rather than gcc. * Import a set of gcc 4.6 related build fixes from upstream hg. (disable-unused-but-not-set-error.patch, ioapic-uninitialised-variables.patch, patches/xc-dom-restore-set-but-not-used.patch, xc-tmem-set-but-not-used.patch) -- Soren Hansen Thu, 26 May 2011 14:27:18 +0200 xen (4.1.0-3) unstable; urgency=low * Add ghostscript to build-deps. * Enable qemu-dm build. - Add qemu as another orig tar. - Remove blktap1, bluetooth and sdl support from qemu. - Recommend qemu-keymaps and qemu-utils. -- Bastian Blank Thu, 28 Apr 2011 15:20:45 +0200 xen (4.1.0-2) unstable; urgency=low * Re-enable hvmloader: - Use packaged ipxe. * Workaround incompatibility with xenstored of Xen 4.0. -- Bastian Blank Fri, 15 Apr 2011 11:38:25 +0200 xen (4.1.0-1) unstable; urgency=low * New upstream release. -- Bastian Blank Sun, 27 Mar 2011 18:09:28 +0000 xen (4.1.0~rc6-1) unstable; urgency=low * New upstream release candidate. * Build documentation using pdflatex. * Use python 2.6. (closes: #596545) * Fix lintian override. * Install new tools: xl, xenpaging. * Enable blktap2. - Use own md5 implementation. - Fix includes. - Fix linking of blktap2 binaries. - Remove optimization setting. * Temporarily disable hvmloader, wants to download ipxe. * Remove xenstored pid check from xl. -- Bastian Blank Thu, 17 Mar 2011 16:12:45 +0100 xen (4.0.1-2) unstable; urgency=low * Fix races in memory management. * Make sure that frame-table compression leaves enough alligned. * Disable XSAVE support. (closes: #595490) * Check for dying domain instead of raising an assertion. * Add C6 state with EOI errata for Intel. * Make some memory management interrupt safe. Unsure if really needed. * Raise bar for inter-socket migrations on mostly-idle systems. * Fix interrupt handling for legacy routed interrupts. * Allow to set maximal domain memory even during a running change. * Support new partition name in pygrub. (closes: #599243) * Fix some comparisions "< 0" that may be optimized away. * Check for MWAIT support before using it. * Fix endless loop on interrupts on Nehalem cpus. * Don't crash upon direct GDT/LDT access. (closes: #609531) CVE-2010-4255 * Don't loose timer ticks after domain restore. * Reserve some space for IOMMU area in dom0. (closes: #608715) * Fix hypercall arguments after trace callout. * Fix some error paths in vtd support. Memory leak. * Reinstate ACPI DMAR table. -- Bastian Blank Wed, 12 Jan 2011 15:01:40 +0100 xen (4.0.1-1) unstable; urgency=low * New upstream release. - Fix IOAPIC S3 with interrupt remapping enabled. -- Bastian Blank Fri, 03 Sep 2010 17:14:28 +0200 xen (4.0.1~rc6-1) unstable; urgency=low * New upstream release candidate. - Add some missing locks for page table walk. - Fix NMU injection into guest. - Fix ioapic updates for vt-d. - Add check for GRUB2 commandline behaviour. - Fix handling of invalid kernel images. - Allow usage of powernow. * Remove lowlevel python modules usage from pygrub. (closes: #588811) -- Bastian Blank Tue, 17 Aug 2010 23:15:34 +0200 xen (4.0.1~rc5-1) unstable; urgency=low * New upstream release candidate. -- Bastian Blank Mon, 02 Aug 2010 17:06:27 +0200 xen (4.0.1~rc3-1) unstable; urgency=low * New upstream release candidate. * Call dh_pyversion with the correct version. * Restart xen daemon on upgrade. -- Bastian Blank Wed, 30 Jun 2010 16:30:47 +0200 xen (4.0.0-2) unstable; urgency=low * Fix python dependency. (closes: #586666) - Use python-support. - Hardcode to use python 2.5 for now. -- Bastian Blank Mon, 21 Jun 2010 17:23:16 +0200 xen (4.0.0-1) unstable; urgency=low * Update to unstable. * Fix spelling in README. * Remove unnecessary build-depends. * Fixup xend to use different filename lookup. -- Bastian Blank Thu, 17 Jun 2010 11:16:55 +0200 xen (4.0.0-1~experimental.2) experimental; urgency=low * Merge changes from 3.4.3-1. -- Bastian Blank Fri, 28 May 2010 12:58:12 +0200 xen (4.0.0-1~experimental.1) experimental; urgency=low * New upstream version. * Rename source package to xen. * Build depend against iasl and uuid-dev. * Disable blktap2 support, it links against OpenSSL. * Update copyright file. -- Bastian Blank Thu, 06 May 2010 15:47:38 +0200 xen-3 (3.4.3-1) unstable; urgency=low * New upstream version. * Disable blktap support, it is unusable with current kernels. * Disable libaio, was only used by blktap. * Drop device creation support. (closes: #583283) -- Bastian Blank Fri, 28 May 2010 11:43:18 +0200 xen-3 (3.4.3~rc6-1) unstable; urgency=low * New upstream release candidate. - Relocate multiboot modules. (closes: #580045) - Support grub2 in pygrub. (closes: #573311) -- Bastian Blank Sat, 08 May 2010 11:32:29 +0200 xen-3 (3.4.3~rc3-2) unstable; urgency=low * Again list the complete version in the hypervisor. * Fix path detection for bootloader, document it. (closes: #481105) * Rewrite README. -- Bastian Blank Thu, 08 Apr 2010 16:14:58 +0200 xen-3 (3.4.3~rc3-1) unstable; urgency=low * New upstream release candidate. * Use 3.0 (quilt) source format. * Always use current python version. -- Bastian Blank Mon, 01 Mar 2010 22:14:22 +0100 xen-3 (3.4.2-2) unstable; urgency=low * Remove Jeremy T. Bouse from uploaders. * Export blktap lib and headers. * Build amd64 hypervisor on i386. (closes: #366315) -- Bastian Blank Sun, 22 Nov 2009 16:54:47 +0100 xen-3 (3.4.2-1) unstable; urgency=low * New upstream version. * Strip hvmloader by hand. * Remove extra license file from libxen-dev. -- Bastian Blank Mon, 16 Nov 2009 20:57:07 +0100 xen-3 (3.4.1-1) unstable; urgency=low * New upstream version. -- Bastian Blank Fri, 21 Aug 2009 21:34:38 +0200 xen-3 (3.4.0-2) unstable; urgency=low * Add symbols file for libxenstore3.0. (closes: #536173) * Document that ioemu is currently unsupported. (closes: #536175) * Fix location of fsimage plugins. (closes: #536174) -- Bastian Blank Sat, 18 Jul 2009 18:05:35 +0200 xen-3 (3.4.0-1) unstable; urgency=low [ Bastian Blank ] * New upstream version. * Remove ioemu for now. (closes: #490409, #496367) * Remove non-pae hypervisor. * Use debhelper compat level 7. * Make the init script start all daemons. -- Bastian Blank Tue, 30 Jun 2009 22:33:22 +0200 xen-3 (3.2.1-2) unstable; urgency=low * Use e2fslibs based ext2 support for pygrub. (closes: #476366) * Fix missing checks in pvfb code. See CVE-2008-1952. (closes: #487095) * Add support for loading bzImage files. (closes: #474509) * Enable TLS support in ioemu code. * Drop libcrypto usage because of GPL-incompatibility. * Remove AES code from blktap drivers. Considered broken. -- Bastian Blank Sat, 28 Jun 2008 11:30:43 +0200 xen-3 (3.2.1-1) unstable; urgency=low * New upstream version. * Set rpath relative to ${ORIGIN}. * Add lintian override to xen-utils package. -- Bastian Blank Thu, 22 May 2008 14:01:47 +0200 xen-3 (3.2.0-5) unstable; urgency=low * Provide correct directory to dh_pycentral. -- Bastian Blank Mon, 14 Apr 2008 21:43:49 +0200 xen-3 (3.2.0-4) unstable; urgency=low * Pull in newer xen-utils-common. * Fix missing size checks in the ioemu block driver. (closes: #469654) See: CVE-2008-0928 -- Bastian Blank Fri, 07 Mar 2008 14:21:38 +0100 xen-3 (3.2.0-3) unstable; urgency=low * Clean environment for build. * Add packages libxenstore3.0 and xenstore-utils. * Move docs package in docs section to match overwrites. * Make the hypervisor only recommend the utils. * Cleanup installation. (closes: #462989) -- Bastian Blank Tue, 12 Feb 2008 12:40:56 +0000 xen-3 (3.2.0-2) unstable; urgency=low * Fix broken patch. (closes: #462522) -- Bastian Blank Sat, 26 Jan 2008 17:21:52 +0000 xen-3 (3.2.0-1) unstable; urgency=low * New upstream version. * Add package libxen-dev. Including public headers and static libs. (closes: #402249) * Don't longer install xenfb, removed upstream. -- Bastian Blank Tue, 22 Jan 2008 12:51:49 +0000 xen-3 (3.1.2-2) unstable; urgency=low * Add missing rpath definitions. * Fix building of pae version. -- Bastian Blank Sat, 08 Dec 2007 12:07:42 +0000 xen-3 (3.1.2-1) unstable; urgency=high * New upstream release: - Move shared file into /var/run. (closes: #447795) See CVE-2007-3919. - x86: Fix various problems with debug-register handling. (closes: #451626) See CVE-2007-5906. -- Bastian Blank Sat, 24 Nov 2007 13:24:45 +0000 xen-3 (3.1.1-1) unstable; urgency=low * New upstream release: - Don't use exec with untrusted values in pygrub. (closes: #444430) See CVE-2007-4993. -- Bastian Blank Fri, 19 Oct 2007 16:02:37 +0000 xen-3 (3.1.0-2) unstable; urgency=low * Switch to texlive for documentation. * Drop unused transfig. * Drop unused latex features from documentation. * Build depend against gcc-multilib for amd64. (closes: #439662) -- Bastian Blank Fri, 31 Aug 2007 08:15:50 +0000 xen-3 (3.1.0-1) unstable; urgency=low [ Julien Danjou ] * New upstream version. [ Ralph Passgang ] * Added graphviz to Build-Indeps [ Bastian Blank ] * Upstream removed one part of the version. Do it also. * Merge utils packages. * Install blktap support. * Install pygrub. * Install xenfb tools. * xenconsoled startup is racy, wait a little bit. -- Bastian Blank Mon, 20 Aug 2007 15:05:08 +0000 xen-3.0 (3.0.4-1-1) unstable; urgency=low [ Bastian Blank ] * New upstream version (closes: #394411) [ Guido Trotter ] * Actually try to build and release xen 3.0.4 * Update build dependencies -- Guido Trotter Wed, 23 May 2007 11:57:29 +0100 xen-3.0 (3.0.3-0-2) unstable; urgency=medium [Bastian Blank] * Remove device recreate code. * Remove build dependency on linux-support-X [ Guido Trotter ] * Add missing build dependency on zlib1g-dev (closes: #396557) * Add missing build dependencies on libncurses5-dev and x11proto-core-dev (closes: #396561, #396567) -- Guido Trotter Thu, 2 Nov 2006 16:38:02 +0000 xen-3.0 (3.0.3-0-1) unstable; urgency=low * New upstream version. -- Bastian Blank Fri, 20 Oct 2006 11:04:35 +0000 xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low * New upstream snapshot. * Ignore update-grub errors. (closes: #392534) -- Bastian Blank Sat, 14 Oct 2006 13:09:53 +0000 xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low * New upstream snapshot. * Rename ioemu package to include the complete version. * Fix name of hypervisor. (closes: #391771) -- Bastian Blank Mon, 9 Oct 2006 12:48:13 +0000 xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low * New upstream snapshot. * Rename hypervisor and utils packages to include the complete version. * Redo build environment. -- Bastian Blank Mon, 4 Sep 2006 18:43:12 +0000 xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low [ Guido Trotter ] * Update xen-utils' README.Debian (closes: #372524) [ Bastian Blank ] * Adopt new python policy. (closes: #380990) * Add patch to make new kernels working on the hypervisor. -- Bastian Blank Tue, 15 Aug 2006 19:20:08 +0000 xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low [ Guido Trotter ] * Update Standards Version * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes) [ Bastian Blank ] * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496) -- Guido Trotter Wed, 31 May 2006 10:50:05 +0200 xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae descriptions, specifying what the difference between the two packages is (closes: #366019) * Merge upstream fixes trunk -- Guido Trotter Thu, 18 May 2006 15:25:02 +0200 xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low * Merge upstream fixes trunk - This includes a fix for CVE-2006-1056 -- Guido Trotter Thu, 27 Apr 2006 17:34:03 +0200 xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low * Merge upstream fixes trunk * Fix PAE disabled in pae build (Closes: #364875) -- Julien Danjou Wed, 26 Apr 2006 13:19:39 +0200 xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low [ Guido Trotter ] * Merge upstream fixes trunk [ Bastian Blank ] * debian/patches/libdir.dpatch: Update to make xm save work -- Julien Danjou Mon, 24 Apr 2006 18:02:07 +0200 xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low * Merge upstream bug fixes * Fix bug with xend init.d script -- Julien Danjou Wed, 12 Apr 2006 17:35:35 +0200 xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low * New upstream release * Fix copyright file -- Julien Danjou Mon, 10 Apr 2006 17:02:55 +0200 xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low * The "preserve our homes" release * Now cooperatively maintained by the Debian Xen Team * New upstream release (closes: #327493, #342249) * Build depend on transfig (closes: #321157) * Use gcc rather than gcc-3.4 to compile (closes: #323698) * Split xen-hypervisor-3.0 and xen-utils-3.0 * Build both normal and pae hypervisor packages * Change maintainer and add uploaders field * Add force-reload support for init script xendomains * Remove dependency against bash * Bump standards version to 3.6.2.2 * xen-utils-3.0 conflicts and replaces xen * Add dpatch structure to the package * Remove build-dependency on gcc (it's build essential anyway) * Make SrvServer.py not executable * Create NEWS.Debian file with important upgrade notices * Update copyright file * Remove the linux-patch-xen package * Removed useless build-dependencies: libncurses5-dev, wget * Changed xendomains config path to /etc/default * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 & xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide xen-hypervisor * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading xen2 -> xen3 don't fail because of a running xen2 hypervisor * Updated the "Replaces & Conflicts" * Install only and correctly udev files * Compile date is no more in current locale * Add patch which add the debian version and maintainer in the version string and removes the banner. * Don't install unusable cruft in xen-utils * Remove libxen packages (no stable API/ABI) -- Julien Danjou Wed, 5 Apr 2006 16:05:07 +0200 xen (2.0.6-1) unstable; urgency=low * Patches applied upstream: non-xen-init-exit.patch, add-build.patch, python-install.patch, disable-html-docs.patch. * New upstream released. Closes: #311336. * Remove comparison to UML from xen short description. Closes: #317066. * Make packages conflicts with 1.2 doc debs. Closes: #304285. * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488, #317468. -- Adam Heath Wed, 06 Jul 2005 12:35:50 -0500 xen (2.0.5-3) experimental; urgency=low * Change priority/section to match the overrides file. -- Adam Heath Fri, 18 Mar 2005 12:43:50 -0600 xen (2.0.5-2) experimental; urgency=low * Mike McCallister , Tommi Virtanen , Tom Hibbert : Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384 -- Adam Heath Fri, 18 Mar 2005 11:39:56 -0600 xen (2.0.5-1) experimental; urgency=low * New upstream. * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch as they have been applied upstream(in various forms). * xend now starts at priority 20, stops at 21, while xendomains starts at 21, and stops at 20. -- Adam Heath Fri, 11 Mar 2005 14:33:33 -0600 xen (2.0.4-4) experimental; urgency=low * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will get shipped. Reported by Clint Adams . -- Adam Heath Tue, 15 Feb 2005 13:00:57 -0600 xen (2.0.4-3) experimental; urgency=low * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and xen-docs. Reported by Tupshin Harper . -- Adam Heath Sun, 06 Feb 2005 01:22:45 -0600 xen (2.0.4-2) experimental; urgency=low * Fix kernel patch generation. It was broken when I integrated with debian's kernel source. I used a symlink, and diff doesn't follow those. -- Adam Heath Sat, 05 Feb 2005 18:16:35 -0600 xen (2.0.4-1) experimental; urgency=low * New upstream. * xen.deb can now install on a plain kernel; that is, the init scripts exit successfully if /proc/xen/privcmd doesn't exist. This allows for dual-boot setups. * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend xfrd are daemons, and take little if any options. I've not had a need to use xenperf nor xensv yet. xm has nice built in help(xm help). * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is not yet in debian, disable the 2.4 patch generation. Closes: #271245. * Not certain how the kernel-patch-xen was empty. It's not now, with the repackaging. Closes: #272299. * Xen no longer produces kernel images, so problems about missing features are no longer valid. Closes: #253924. * Acknowledge nmu bugs: * No longer build-depend on gcc 3.3, as the default gcc works. Closes: #243048. -- Adam Heath Sat, 05 Feb 2005 18:04:27 -0600 xen (2.0.3-0.1) unstable; urgency=low * Changes from Tommi Virtanen: * Added dh-kpatches and libcurl3-dev to Build-Depends. * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py. * Add xmexample1 and xmexample2 to xen/doc/examples. -- Adam Heath Wed, 26 Jan 2005 10:55:07 -0600 xen (2.0.3-0) unstable; urgency=low * New upstream. Closes: #280733. * Repackaged from scratch. * Using unreleased patch management system. See debian/README.build. * After extracting the .dsc, there are no special steps needed * Those wanting to change the source, use the normal procedures for any package, including using interdiff(or other tool) to send a patch to me or the bts. * No longer try to do anything fancy with regard to the layout of the built kernels. Now, only patches are distributed. Please make use of the xen support in kernel-package. * Early preview release to #debian-devel. -- Adam Heath Tue, 25 Jan 2005 13:24:54 -0600 xen (1.2-4.1) unstable; urgency=high * NMU * Remove gcc-3.2 from Build-Depends as isn't used during build (Closes: #243048) -- Frank Lichtenheld Sat, 21 Aug 2004 17:42:28 +0200 xen (1.2-4) unstable; urgency=low * Added xen-docs.README.Debian, which explains the kernel image layout, and contains references on the locations differ from what is mentioned by the upstream documentation. Closes: #230345. -- Adam Heath Fri, 26 Mar 2004 17:36:41 -0600 xen (1.2-3) unstable; urgency=low * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to Build-Depends-Indep. -- Adam Heath Tue, 23 Mar 2004 20:14:39 -0600 xen (1.2-2) unstable; urgency=low * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in /usr/lib/kernels. * Add kernel-patch-nfs-swap deb. * Apply additional patches to kernel-image-xen: * nfs-group * nfs-swap -- Adam Heath Thu, 04 Mar 2004 12:47:47 -0600 xen (1.2-1) unstable; urgency=low * Initial version. -- Adam Heath Tue, 02 Mar 2004 13:21:52 -0600