[ubuntu-cloud-archive/havana-proposed] xen (Accepted)
James Page
james.page at ubuntu.com
Mon Aug 5 11:23:30 UTC 2013
xen (4.2.2-1ubuntu1~cloud1) precise-havana; urgency=low
.
* New upstream release for the Ubuntu Cloud Archive.
.
xen (4.2.2-1ubuntu1~cloud0) precise-havana; urgency=low
.
* New upstream release for the Ubuntu Cloud Archive.
.
xen (4.2.2-1ubuntu1) saucy; urgency=low
.
* Merge with Debian unstable. Dropping the following patches in favour
of Debian ones:
- xsa52-4.2-unstable.patch
- xsa53-4.2.patch
- xsa54.patch
- xsa56.patch
* Remaining changes:
- Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
- Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Remaining additional patches:
- qemu-fix-librt-test.patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
- tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition.
- tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
- APIC Register Virtualization (backported from Xen 4.3)
- 0001-xen-enable-APIC-Register-Virtualization.patch
- 0002-xen-enable-Virtual-interrupt-delivery.patch
- 0003-xen-add-virtual-x2apic-support-for-apicv.patch
- TSC Adjust Support (backported from Xen 4.3)
- 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
- 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
- 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
- Fix FTBS on i386
- 0007-x86-Fix-i386-virtual-apic.patch
- silence-gcc-warnings.patch: Silence gcc warnings.
.
xen (4.2.2-1) unstable; urgency=low
.
* New upstream release.
- Fix build with gcc 4.8. (closes: #712376)
* Build-depend on libssl-dev. (closes: #712366)
* Enable hardening as much as possible.
* Re-enable ocaml build fixes. (closes: #695176)
* Check for out-of-bound values in CPU affinity setup.
CVE-2013-2072
* Fix information leak on AMD CPUs.
CVE-2013-2076
* Recover from faults on XRSTOR.
CVE-2013-2077
* Properly check guest input to XSETBV.
CVE-2013-2078
.
xen (4.2.1-2ubuntu2) saucy; urgency=low
.
* Applying Xen Security Advisories:
- CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55
* libelf: abolish libelf-relocate.c
* libxc: introduce xc_dom_seg_to_ptr_pages
* libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
* libelf: add `struct elf_binary*' parameter to elf_load_image
* libelf: abolish elf_sval and elf_access_signed
* libelf: move include of <asm/guest_access.h> to top of file
* libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised
* libelf: introduce macros for memory access and pointer handling
* tools/xcutils/readnotes: adjust print_l1_mfn_valid_note
* libelf: check nul-terminated strings properly
* libelf: check all pointer accesses
* libelf: Check pointer references in elf_is_elfbinary
* libelf: Make all callers call elf_check_broken
* libelf: use C99 bool for booleans
* libelf: use only unsigned integers
* libelf: check loops for running away
* libelf: abolish obsolete macros
* libxc: Add range checking to xc_dom_binloader
* libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
* libxc: check return values from malloc
* libxc: range checks in xc_dom_p2m_host and _guest
* libxc: check blob size before proceeding in xc_dom_check_gzip
* libxc: Better range check in xc_dom_alloc_segment
- CVE-XXXX-XXXX / XSA57
* libxl: Restrict permissions on PV console device xenstore nodes
.
xen (4.2.1-2ubuntu1) saucy; urgency=low
.
* Merge with Debian unstable. Dropping the following patches in favour
of Debian ones:
- xsa33-4.2-unstable.patch
- xsa36-4.2.patch
- xsa44-4.2.patch
- xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch
- xsa45-4.2-02-new-guest-cr3-preemptible.patch
- xsa45-4.2-03-new-user-base-preemptible.patch
- xsa45-4.2-04-vcpu-reset-preemptible.patch
- xsa45-4.2-05-set-info-guest-preemptible.patch
- xsa45-4.2-06-unpin-preemptible.patch
- xsa45-4.2-07-mm-error-paths-preemptible.patch
- xsa46-4.2.patch
- xsa47-4.2-unstable.patch
- xsa49-4.2.patch
* Remaining changes:
- debian/control: Depend on libssl-dev
- Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
- Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Remaining additional patches:
- qemu-cve-2012-6075-1.patch / qemu-cve-2012-6075-2.patch
- xsa34-4.2.patch
- xsa35-4.2-with-xsa34.patch
- xsa38.patch
- xsa52-4.2-unstable.patch
- xsa53-4.2.patch
- xsa54.patch
- xsa56.patch
- qemu-fix-librt-test.patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
- tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition.
- tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
- APIC Register Virtualization (backported from Xen 4.3)
- 0001-xen-enable-APIC-Register-Virtualization.patch
- 0002-xen-enable-Virtual-interrupt-delivery.patch
- 0003-xen-add-virtual-x2apic-support-for-apicv.patch
- TSC Adjust Support (backported from Xen 4.3)
- 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
- 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
- 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
- Fix FTBS on i386
- 0007-x86-Fix-i386-virtual-apic.patch
- Fix HVM regression when host supports SMEP
- 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
- 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
- 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
- silence-gcc-warnings.patch: Silence gcc warnings.
- gcc48-ftbfs.patch
- gcc48-ftbfs-2.patch
.
xen (4.2.1-2) unstable; urgency=low
.
* Actually upload to unstable.
.
xen (4.2.1-1) experimental; urgency=low
.
* New upstream release.
* Enable usage of seabios.
* Fix some toolchain issues.
.
xen (4.2.1-0ubuntu4) saucy; urgency=low
.
[ Stefan Bader ]
* Applying Xen Security Advisories:
- CVE-2013-1918 / XSA-45
* x86: make vcpu_destroy_pagetables() preemptible
* x86: make new_guest_cr3() preemptible
* x86: make MMUEXT_NEW_USER_BASEPTR preemptible
* x86: make vcpu_reset() preemptible
* x86: make arch_set_info_guest() preemptible
* x86: make page table unpinning preemptible
* x86: make page table handling error paths preemptible
- CVE-2013-1952 / XSA-49
* VT-d: don't permit SVT_NO_VERIFY entries for known device types
- CVE-2013-2076 / XSA-52
* x86/xsave: fix information leak on AMD CPUs
- CVE-2013-2077 / XSA-53
* x86/xsave: recover from faults on XRSTOR
- CVE-2013-2078 / XSA-54
* x86/xsave: properly check guest input to XSETBV
- CVE-2013-2072 / XSA-56
* libxc: limit cpu values when setting vcpu affinity
.
[ Marc Deslauriers ]
* debian/patches/gcc48-ftbfs.patch: Add -Wno-unused-local-typedefs to
CFLAGS.
* debian/patches/gcc48-ftbfs-2.patch: fix memset(&p,0,sizeof(p)) idiom in
several places.
.
xen (4.2.1-0ubuntu3.1) raring-security; urgency=low
.
* Applying Xen Security Advisories:
- CVE-2013-1917 / XSA-44
x86: clear EFLAGS.NT in SYSENTER entry path
- CVE-2013-1919 / XSA-46
x86: fix various issues with handling guest IRQs
- CVE-2013-1920 / XSA-47
defer event channel bucket pointer store until after XSM checks
.
xen (4.2.1-0ubuntu3) raring; urgency=low
.
* Fix FTBS on i386
- 0007-x86-Fix-i386-virtual-apic.patch
* Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
- 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
- 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
- 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
.
xen (4.2.1-0ubuntu2) raring; urgency=low
.
* Backporting support for Intel APIC virtualization (LP: #1160373)
- 0001-xen-enable-APIC-Register-Virtualization.patch
- 0002-xen-enable-Virtual-interrupt-delivery.patch
- 0003-xen-add-virtual-x2apic-support-for-apicv.patch
* Backporting support for Intel TSC adjust (LP: #1160378)
- 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
- 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
- 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
.
xen (4.2.1-0ubuntu1) raring; urgency=low
.
* New upstream stable release. Remaining changes:
- Fix to qemu for CVE-2012-6075
- Patches for XSA33-36 and 38
- qemu-fix-librt-test.patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
- tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition.
- tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
- Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
- Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
- Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
- debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
.
xen (4.2.0-2) experimental; urgency=low
.
* Support JSON output in domain init script helper.
.
xen (4.2.0-1ubuntu6) raring; urgency=low
.
* Applying Xen Security Advisory:
- VT-d: fix interrupt remapping source validation for devices behind
legacy bridges
CVE-2012-5634 / XSA-33
- x86_32: don't allow use of nested HVM
CVE-2013-0151 / XSA-34
- xen: Do not allow guests to enable nested HVM on themselves
CVE-2013-0152 / XSA-35
- ACPI: acpi_table_parse() should return handler's error code
CVE-2013-0153 / XSA-36
- oxenstored incorrect handling of certain Xenbus ring states
CVE-2013-0215 / XSA-38
* Applying qemu security fixes:
- e1000: Discard packets that are too long if !SBP and !LPE
CVE-2012-6075 / XSA-41
- Discard packets longer than 16384 when !SBP to match the hardware
behavior.
CVE-2012-6075 / XSA-41
* qemu-fix-librt-test.patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
* tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition.
.
xen (4.2.0-1ubuntu5) raring; urgency=low
.
* Add libssl-dev to Build-Depends.
.
xen (4.2.0-1ubuntu4) raring; urgency=low
.
* Applying Xen Security fixes (LP: #1086875)
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_on_demand()
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525
.
xen (4.2.0-1ubuntu3) raring; urgency=low
.
* tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
.
xen (4.2.0-1ubuntu2) raring; urgency=low
.
* Drop replaces and conflicts for xen3 packages (they are no longer
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544
.
xen (4.2.0-1ubuntu1) raring; urgency=low
.
* Merge from Debian Experimental, Remaining changes:
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/patches/config-etherboot.diff.
- debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
.
xen (4.2.0-1) experimental; urgency=low
.
* New upstream release.
.
xen (4.2.0~rc3-1) experimental; urgency=low
.
* New upstream snapshot.
.
xen (4.2.0~rc2-1) experimental; urgency=low
.
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
.
xen (4.1.4-4) unstable; urgency=high
.
* Make several long runing operations preemptible.
CVE-2013-1918
* Fix source validation for VT-d interrupt remapping.
CVE-2013-1952
.
xen (4.1.4-3) unstable; urgency=high
.
* Fix return from SYSENTER.
CVE-2013-1917
* Fix various problems with guest interrupt handling.
CVE-2013-1919
* Only save pointer after access checks.
CVE-2013-1920
* Fix domain locking for transitive grants.
CVE-2013-1964
.
xen (4.1.4-2) unstable; urgency=low
.
* Use pre-device interrupt remapping mode per default. Fix removing old
remappings.
CVE-2013-0153
.
xen (4.1.4-1) unstable; urgency=low
.
* New upstream release.
- Disable process-context identifier support in newer CPUs for all
domains.
- Add workarounds for AMD errata.
- Don't allow any non-canonical addresses.
- Use Multiboot memory map if BIOS emulation does not provide one.
- Fix several problems in tmem.
CVE-2012-3497
- Fix error handling in domain creation.
- Adjust locking and interrupt handling during S3 resume.
- Tighten more resource and memory range checks.
- Reset performance counters. (closes: #698651)
- Remove special-case for first IO-APIC.
- Fix MSI handling for HVM domains. (closes: #695123)
- Revert cache value of disks in HVM domains.
.
xen (4.1.3-8) unstable; urgency=high
.
* Fix error in VT-d interrupt remapping source validation.
CVE-2012-5634
* Fix buffer overflow in qemu e1000 emulation.
CVE-2012-6075
* Update patch, mention second CVE.
CVE-2012-5511, CVE-2012-6333
.
xen (4.1.3-7) unstable; urgency=low
.
* Fix clock jump due to incorrect annotated inline assembler.
(closes: #599161)
* Add support for XZ compressed Linux kernels to hypervisor and userspace
based loaders, it is needed for any Linux kernels newer then Wheezy.
(closes: #695056)
.
xen (4.1.3-6) unstable; urgency=high
.
* Fix error handling in physical to machine memory mapping.
CVE-2012-5514
.
xen (4.1.3-5) unstable; urgency=high
.
* Fix state corruption due to incomplete grant table switch.
CVE-2012-5510
* Check range of arguments to several HVM operations.
CVE-2012-5511, CVE-2012-6333
* Check array index before using it in HVM memory operation.
CVE-2012-5512
* Check memory range in memory exchange operation.
CVE-2012-5513
* Don't allow too large memory size and avoid busy looping.
CVE-2012-5515
.
xen (4.1.3-4) unstable; urgency=high
.
* Use linux 3.2.0-4 stuff.
* Fix overflow in timer calculations.
CVE-2012-4535
* Check value of physical interrupts parameter before using it.
CVE-2012-4536
* Error out on incorrect memory mapping updates.
CVE-2012-4537
* Check if toplevel page tables are present.
CVE-2012-4538
* Fix infinite loop in compatibility code.
CVE-2012-4539
* Limit maximum kernel and ramdisk size.
CVE-2012-2625, CVE-2012-4544
.
xen (4.1.3-3ubuntu1) quantal; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3.
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Change depend back to ipxe as we do not have ipxe-qemu.
- etherboot: Change the config back to include the 8086100e.rom
- Dropped:
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc. Right now there seem to be no LDFLAGS passed.
* Backported AMD specific improvements from upstream Xen (LP: #1009098):
- svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
- x86: Use deep C states for off-lined CPUs
- x86/AMD: Add support for AMD's OSVW feature in guests.
- hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors
.
xen (4.1.3-3) unstable; urgency=low
.
* Xen domain init script:
- Make sure Open vSwitch is started before any domain.
- Properly handle and show output of failed migration and save.
- Ask all domains to shut down before checking them.
.
xen (4.1.3-2) unstable; urgency=medium
.
* Don't allow writing reserved bits in debug register.
CVE-2012-3494
* Fix error handling in interrupt assignment.
CVE-2012-3495
* Don't trigger bug messages on invalid flags.
CVE-2012-3496
* Check array bounds in interrupt assignment.
CVE-2012-3498
* Properly check bounds while setting the cursor in qemu.
CVE-2012-3515
* Disable monitor in qemu by default.
CVE-2012-4411
.
xen (4.1.3-1) unstable; urgency=medium
.
* New upstream release: (closes: #683286)
- Don't leave the x86 emulation in a bad state. (closes: #683279)
CVE-2012-3432
- Only check for shared pages while any exist on teardown.
CVE-2012-3433
- Fix error handling for unexpected conditions.
- Update CPUID masking to latest Intel spec.
- Allow large ACPI ids.
- Fix IOMMU support for PCI-to-PCIe bridges.
- Disallow access to some sensitive IO-ports.
- Fix wrong address in IOTLB.
- Fix deadlock on CPUs without working cpufreq driver.
- Use uncached disk access in qemu.
- Fix buffer size on emulated e1000 device in qemu.
* Fixup broken and remove applied patches.
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
.
[ Ian Campbell ]
* Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
* Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
.
[ Bastian Blank ]
* Actually build-depend on new enough version of dpkg-dev.
* Add xen-sytem-* meta-packages. We are finally in a position to do
automatic upgrades and this package is missing. (closes: #681376)
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4ubuntu1) quantal; urgency=low
.
[ Ubuntu Merge-o-Matic ]
* Merge from Debian unstable. Remaining changes:
- Thanks to Stefan Bader.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3.
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Change depend back to ipxe as we do not have ipxe-qemu.
- etherboot: Change the config back to include the 8086100e.rom
- Dropped:
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc. Right now there seem to be no LDFLAGS passed.
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
.
* Add Build-Using info to xen-utils package.
* Fix build-arch target.
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
.
* Remove /usr/lib/xen-default. It breaks systems if xenstored is not
compatible.
* Fix init script usage.
* Fix udev rules for emulated network devices:
- Force names of emulated network devices to a predictable name.
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
.
* Fix pointer missmatch in interrupt functions. Fixes build on i386.
.
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
.
* New upstream snapshot.
- Fix privilege escalation and syscall/sysenter DoS while using
non-canonical addresses by untrusted PV guests. (closes: #677221)
CVE-2012-0217
CVE-2012-0218
- Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
cause a DoS of the host.
CVE-2012-2934
* Don't fail if standard toolstacks are not available. (closes: #677244)
.
xen (4.1.2-7) unstable; urgency=low
.
* Really use ucf.
* Update init script dependencies:
- Start $syslog before xen.
- Start drbd and iscsi before xendomains. (closes: #626356)
- Start corosync and heartbeat after xendomains.
* Remove /var/log/xen on purge. (closes: #656216)
.
xen (4.1.2-6) unstable; urgency=low
.
* Fix generation of architectures for hypervisor packages.
* Remove information about loop devices, it is incorrect. (closes: #503044)
* Update xendomains init script:
- Create directory for domain images only root readable. (closes: #596048)
- Add missing sanity checks for variables. (closes: #671750)
- Remove not longer supported config options.
- Don't fail if no config is available.
- Remove extra output if domain was restored.
.
xen (4.1.2-5) unstable; urgency=low
.
* Actually force init script rename. (closes: #669341)
* Fix long output from xl.
* Move complete init script setup.
* Rewrite xendomains init script:
- Use LSB output functions.
- Make output more clear.
- Use xen toolstack wrapper.
- Use a python script to properly read domain details.
* Set name for Domain-0.
.
xen (4.1.2-4) unstable; urgency=low
.
[ Bastian Blank ]
* Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
* Don't longer use a4wide latex package.
* Use ucf for /etc/default/xen.
* Remove handling for old udev rules link and xenstored directory.
* Rename xend init script to xen.
.
[ Lionel Elie Mamane ]
* Fix toolstack script to work with old dash. (closes: #648029)
.
xen (4.1.2-3) unstable; urgency=low
.
* Merge xen-common source package.
* Remove xend wrapper, it should not be called by users.
* Support xl in init script.
* Restart xen daemons on upgrade.
* Restart and stop xenconsoled in init script.
* Load xen-gntdev module.
* Create /var/lib/xen. (closes: #658101)
* Cleanup udev rules. (closes: #657745)
Date: Wed, 24 Jul 2013 12:58:13 -0400
Changed-By: Chuck Short <zulcss at ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
Published-By: James Page <james.page at ubuntu.com>
More information about the Cloud-archive-changes
mailing list