[ubuntu/raring-proposed] xen 4.2.0-1ubuntu4 (Accepted)
Stefan Bader
stefan.bader at canonical.com
Thu Dec 6 19:30:19 UTC 2012
xen (4.2.0-1ubuntu4) raring; urgency=low
* Applying Xen Security fixes (LP: #1086875)
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_on_demand()
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525
xen (4.2.0-1ubuntu3) raring; urgency=low
* tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
xen (4.2.0-1ubuntu2) raring; urgency=low
* Drop replaces and conflicts for xen3 packages (they are no longer
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544
xen (4.2.0-1ubuntu1) raring; urgency=low
* Merge from Debian Experimental, Remaining changes:
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/patches/config-etherboot.diff.
- debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
xen (4.2.0-1) experimental; urgency=low
* New upstream release.
xen (4.2.0~rc3-1) experimental; urgency=low
* New upstream snapshot.
xen (4.2.0~rc2-1) experimental; urgency=low
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
Date: Wed, 05 Dec 2012 18:13:25 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/raring/+source/xen/4.2.0-1ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Dec 2012 18:13:25 +0100
Source: xen
Binary: xen-docs-4.2 libxen-4.2 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.2 xen-hypervisor-4.2-amd64 xen-system-amd64 xen-hypervisor-4.2-i386 xen-system-i386
Architecture: source
Version: 4.2.0-1ubuntu4
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
libxen-4.2 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxen-ocaml - OCaml libraries for controlling Xen
libxen-ocaml-dev - OCaml libraries for controlling Xen (devel package)
libxenstore3.0 - Xenstore communications library for Xen
xen-docs-4.2 - Documentation for Xen
xen-hypervisor-4.2-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.2-i386 - Xen Hypervisor on i386
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-i386 - Xen System on i386 (meta-package)
xen-utils-4.2 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore utilities for Xen
Launchpad-Bugs-Fixed: 1086875
Changes:
xen (4.2.0-1ubuntu4) raring; urgency=low
.
* Applying Xen Security fixes (LP: #1086875)
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_on_demand()
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525
.
xen (4.2.0-1ubuntu3) raring; urgency=low
.
* tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
.
xen (4.2.0-1ubuntu2) raring; urgency=low
.
* Drop replaces and conflicts for xen3 packages (they are no longer
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544
.
xen (4.2.0-1ubuntu1) raring; urgency=low
.
* Merge from Debian Experimental, Remaining changes:
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/patches/config-etherboot.diff.
- debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
.
xen (4.2.0-1) experimental; urgency=low
.
* New upstream release.
.
xen (4.2.0~rc3-1) experimental; urgency=low
.
* New upstream snapshot.
.
xen (4.2.0~rc2-1) experimental; urgency=low
.
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
Checksums-Sha1:
a22bc5f263d314bdc614110413940ea6c42768df 3161 xen_4.2.0-1ubuntu4.dsc
de48277205328c7161ea7f1274fb54924ff6e7f3 3807019 xen_4.2.0.orig-qemu.tar.gz
0229722399694a3d79cba687817c2f92ee2af3c2 5842158 xen_4.2.0.orig.tar.gz
c305f594c82a4c49677250fb67923051450354ec 70852 xen_4.2.0-1ubuntu4.debian.tar.gz
Checksums-Sha256:
427ae9ef768e846ed4781dda86e557961972570a16c715b221826a256c588b5d 3161 xen_4.2.0-1ubuntu4.dsc
057f87b4a8ad5d373b58488e5fea3c2ce7f440ba37bd066d472ec3a7df037bc7 3807019 xen_4.2.0.orig-qemu.tar.gz
fd3a3c212296f67b2b1e87e2b2464ef6dd2e23ed9bb921784ca340c3339f3685 5842158 xen_4.2.0.orig.tar.gz
d1f57880058106516333e729221ca0eda58fae7cd547a7172f0e8e86bc2100b0 70852 xen_4.2.0-1ubuntu4.debian.tar.gz
Files:
a4c4d0e6670ea820648b51e24d3565d2 3161 kernel optional xen_4.2.0-1ubuntu4.dsc
43a6956a9d0437c8723d480318946090 3807019 kernel optional xen_4.2.0.orig-qemu.tar.gz
0f4f9fdb4983b0c265e0635e7a45e3f9 5842158 kernel optional xen_4.2.0.orig.tar.gz
83b611ffe17e86a7437eb9f528aa47d8 70852 kernel optional xen_4.2.0-1ubuntu4.debian.tar.gz
Original-Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJQwPB8AAoJEE/75Oku/epymOoP/3SO4R9mszjcy51602atDVYi
SsbA/+BCPLx+lZUU3mT8qkXIJtnIgDKuIB0gpqbbRKyka1EG5testR39BEJuXY8S
I2vP4xVFVCik1ZF6rOnzU2tFC/kx8+dnmSo9tmbudglCjOEvO1NLCzwc+iuOuoO3
XsHG3mjzbWCH7U34QSUkVfvAoIY1NI5jewS8cVZo9WpgKQNU1bWIC1Xux++bACvB
F0lp7a1DWCnFeKjQLqorBAstVXoUXvxuBCQyAo9s3WkrG4VZYW6ZsQGSI5QQd2z9
MK1oRoM4XOQPAEyS51SLrkAu+mGqmXEVvDmyCzvnFQrzgfjFIIdKRyzEZn4yQhSY
POrk+aarbRg1RjboWIttKFBUVZnFHi1y6qR/SpFlbdkUZZoRNCymWmIR+nXGAc2C
6WJ/sWw9SeOovtOmOyGSjOu6YIu6ao8LgXvR91+uHgjShIHEfvgtud+3xSluZkz9
j6lOYg2ytf6zL7t21X4CT+7kwPDWMHVmqRuQK6jrWl40QZIEHKBitBMIYhl8JBA6
cRVzNNOLb/Ha58CeTBfLcViIUtvoRzw5ATJVXRwVaKAGArJezogfns2TNj7x/BXD
FaMkodMpZrpAKd1GmGtNARcKMxHgANRIVZYJgtKjSvKR+K0PIprmQowCeh7ydkhB
YdvY2ThGmGGWgd02RhgJ
=4Bn6
-----END PGP SIGNATURE-----
More information about the Raring-changes
mailing list