xen (4.1.6.1-0ubuntu0.12.04.5) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2015-2152 / XSA-119 * tools: libxl: Explicitly disable graphics backends on qemu cmdline - CVE-2015-2044 / XSA-121 * x86/HVM: return all ones on wrong-sized reads of system device I/O ports - CVE-2015-2045 / XSA-122 * pre-fill structures for certain HYPERVISOR_xen_version sub-ops - CVE-2015-2151 / XSA-123 * x86emul: fully ignore segment override for register-only operations -- Stefan Bader Wed, 04 Mar 2015 10:59:53 +0100 xen (4.1.6.1-0ubuntu0.12.04.4) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2014-8594 / XSA-109 * x86: don't allow page table updates on non-PV page tables in do_mmu_update() - CVE-2014-8595 / XSA-110 * x86emul: enforce privilege level restrictions when loading CS - CVE-2014-8866 / XSA-111 * x86: limit checks in hypercall_xlat_continuation() to actual arguments - CVE-2014-8867 / XSA-112 * x86/HVM: confine internally handled MMIO to solitary regions - CVE-2014-9030 / XSA-113 * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE -- Stefan Bader Fri, 21 Nov 2014 15:29:19 +0100 xen (4.1.6.1-0ubuntu0.12.04.3) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2014-7154 / XSA-104 * x86/shadow: fix race condition sampling the dirty vram state - CVE-2014-7155 / XSA-105 * x86/emulate: check cpl for all privileged instructions - CVE-2014-7156 / XSA-106 * x86emul: only emulate software interrupt injection for real mode - CVE-2014-7188 / XSA-108 * x86/HVM: properly bound x2APIC MSR range -- Stefan Bader Mon, 29 Sep 2014 20:00:39 +0200 xen (4.1.6.1-0ubuntu0.12.04.2) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-2599 / XSA-89 * x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access() - CVE-2014-3124 / XSA-92 * x86/HVM: restrict HVMOP_set_mem_type - CVE-2014-4021 / XSA-100 * page-alloc: scrub pages used by hypervisor upon freeing -- Stefan Bader Tue, 29 Jul 2014 15:05:23 +0200 xen (4.1.6.1-0ubuntu0.12.04.1) precise-proposed; urgency=low * Updating to lastest upstream stable release (LP: #1293993). * Update to upstream 4.1.6.1 (4.1.6 failed to build and was skipped): - Replacing the following security changes by upstream versions: * CVE-2013-1918 / XSA-45, CVE-2013-1952 / XSA-49, CVE-2013-2076 / XSA-52, CVE-2013-2077 / XSA-53, CVE-2013-2078 / XSA-54, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55, CVE-2013-2072 / XSA-56, CVE-2013-2211 / XSA-57, CVE-2013-1432 / XSA-58, XSA-61 - Bug fixes: * addressing a regression from the fix for XSA-21 * addressing a regression from the fix for XSA-46 * bug fixes to low level system state handling, including certain hardware errata workarounds * Purged unused patches from debian/patches: - xen-backport-per-device-vector-map.patch - xen-introduce-xzalloc.patch -- Stefan Bader Fri, 14 Mar 2014 13:55:27 +0100 xen (4.1.5-0ubuntu0.12.04.3) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2014-1892, CVE-2014-1893 / XSA-84 * flask: restrict allocations done by hypercall interface - CVE-2014-1666 / XSA-87 * x86: PHYSDEVOP_{prepare,release}_msix are privileged - CVE-2014-1950 / XSA-88 * libxc: Fix out-of-memory error handling in xc_cpupool_getinfo() -- Stefan Bader Mon, 17 Feb 2014 16:33:25 +0100 xen (4.1.5-0ubuntu0.12.04.2) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-1432 / XSA-58 * Page reference counting error due to XSA-45/CVE-2013-1918 fixes - CVE-2013-4329 / XSA-61 * libxl partially sets up HVM passthrough even with disabled iommu - CVE-2013-1442 / XSA-62 * Information leak on AVX and/or LWP capable CPUs - CVE-2013-4355 / XSA-63 - CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation - CVE-2013-4368 / XSA-67 * Information leak through outs instruction emulation - CVE-2013-4370 / XSA-69 * misplaced free in ocaml xc_vcpu_getaffinity stub - CVE-2013-4416 / XSA-72 * ocaml xenstored mishandles oversized message replies - CVE-2013-4494 / XSA-73 * Lock order reversal between page allocation and grant table locks - CVE-2013-4553 / XSA-74 * Lock order reversal between page_alloc_lock and mm_rwlock - CVE-2013-4554 / XSA-76 * Hypercalls exposed to privilege rings 1 and 2 of HVM guests - CVE-2013-6885 / XSA-82 * Guest triggerable AMD CPU erratum may cause host hang -- Stefan Bader Mon, 09 Dec 2013 19:32:56 +0100 xen (4.1.5-0ubuntu0.12.04.1) precise-proposed; urgency=low * Updating to lastest upstream stable release (LP: #1180396). * Update to upstream 4.1.5: - Replacing the following security changes by upstream versions: * CVE-2012-5634 / XSA-33, CVE-2013-0153 / XSA-36, CVE-2013-0215 / XSA-38, CVE-2012-6075 / XSA-41, CVE-2013-1917 / XSA-44, CVE-2013-1919 / XSA-46, CVE-2013-1920 / XSA-47, CVE-2013-1964 / XSA-50 - Bug fixes: * ACPI APEI/ERST finally working on production systems * Bug fixes for other low level system state handling * Support for xz compressed Dom0 and DomU kernels * Update to upstream 4.1.4: - Replacing the following security changes by upstream versions: * CVE-2012-3494 / XSA-12, CVE-2012-3495 / XSA-13, CVE-2012-3496 / XSA-14, CVE-2012-3498 / XSA-16, CVE-2012-3515 / XSA-17, CVE-2012-4411 / XSA-19, CVE-2012-4535 / XSA-20, CVE-2012-4536 / XSA-21, CVE-2012-4537 / XSA-22, CVE-2012-4538 / XSA-23, CVE-2012-4539 / XSA-24, CVE-2012-4544 / XSA-25, CVE-2012-2625 / XSA-25, CVE-2012-5510 / XSA-26, CVE-2012-5511 / XSA-27, CVE-2012-5512 / XSA-28, CVE-2012-5513 / XSA-29, CVE-2012-5514 / XSA-30, CVE-2012-5515 / XSA-31 - Bug fixes: * A fix for a long standing time management issue * Bug fixes for S3 (suspend to RAM) handling * Bug fixes for other low level system state handling * Update to upstream 4.1.3: - Replacing the following security changes by upstream versions: * CVE-2012-0217 / XSA-7, CVE-2012-0218 / XSA-8, CVE-2012-2934 / XSA-9, CVE-2012-3432 / XSA-10, CVE-2012-3433 / XSA-11 - Bug fixes: * Updates for the latest Intel/AMD CPU revisions * Bug fixes and improvements to the libxl tool stack * Bug fixes for IOMMU handling (device passthrough to HVM guests) * Bug fixes for host kexec/kdump * Dropping the following patches previously added as they are included in the upstream stable release: - upstream-24883-adcd6ab160fa.patch - xen-introduce-xzalloc.patch - xen-backport-per-device-vector-map.patch - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch * Fix translation import problem caused by duplicate message ID (LP: #1176209). - tools-xm-fix-duplicate-msgid.patch -- Stefan Bader Fri, 21 Jun 2013 14:55:54 +0200 xen (4.1.2-2ubuntu2.10) precise-security; urgency=low * Applying Xen Security Advisories - CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55 * libelf: abolish libelf-relocate.c * libxc: introduce xc_dom_seg_to_ptr_pages * libxc: Fix range checking in xc_dom_pfn_to_ptr etc. * libelf: abolish elf_sval and elf_access_signed * libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised * libelf: introduce macros for memory access and pointer handling * tools/xcutils/readnotes: adjust print_l1_mfn_valid_note * libelf: check nul-terminated strings properly * libelf: check all pointer accesses * libelf: Check pointer references in elf_is_elfbinary * libelf: Make all callers call elf_check_broken * libelf: use C99 bool for booleans * libelf: use only unsigned integers * libxc: Introduce xc_bitops.h * libelf: check loops for running away * libelf: abolish obsolete macros * libxc: Add range checking to xc_dom_binloader * libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range * libxc: check return values from malloc * libxc: range checks in xc_dom_p2m_host and _guest * libxc: check blob size before proceeding in xc_dom_check_gzip - CVE-XXXX-XXXX / XSA57 * libxl: Restrict permissions on PV console device xenstore nodes -- Stefan Bader Fri, 21 Jun 2013 14:52:44 +0200 xen (4.1.2-2ubuntu2.9) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-1918 / XSA-45 * x86: make vcpu_destroy_pagetables() preemptible * x86: make new_guest_cr3() preemptible * x86: make MMUEXT_NEW_USER_BASEPTR preemptible * x86: make vcpu_reset() preemptible * x86: make arch_set_info_guest() preemptible * x86: make page table unpinning preemptible * x86: make page table handling error paths preemptible - CVE-2013-1952 / XSA-49 * VT-d: don't permit SVT_NO_VERIFY entries for known device types - CVE-2013-1964 / XSA-50 * Fix rcu domain locking for transitive grants - CVE-2013-2076 / XSA-52 * x86/xsave: fix information leak on AMD CPUs - CVE-2013-2077 / XSA-53 * x86/xsave: recover from faults on XRSTOR - CVE-2013-2078 / XSA-54 * x86/xsave: properly check guest input to XSETBV - CVE-2013-2072 / XSA-56 * libxc: limit cpu values when setting vcpu affinity -- Stefan Bader Thu, 06 Jun 2013 16:06:34 +0200 xen (4.1.2-2ubuntu2.8) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-1917 / XSA-44 x86: clear EFLAGS.NT in SYSENTER entry path - CVE-2013-1919 / XSA-46 x86: fix various issues with handling guest IRQs - CVE-2013-1920 / XSA-47 defer event channel bucket pointer store until after XSM checks -- Stefan Bader Thu, 11 Apr 2013 17:18:46 +0200 xen (4.1.2-2ubuntu2.7) precise-proposed; urgency=low * Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757) - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch -- Stefan Bader Mon, 08 Apr 2013 17:53:45 +0200 xen (4.1.2-2ubuntu2.6) precise-security; urgency=low * Applying Xen Security Advisories: - ACPI: acpi_table_parse() should return handler's error code CVE-2013-0153 / XSA-36 - oxenstored incorrect handling of certain Xenbus ring states CVE-2013-0215 / XSA-38 * xen-introduce-xzalloc.patch Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36 * xen-backport-per-device-vector-map.patch Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36 Also fixes issues on AMD systems which could cause Dom0 to loose disks under heavy I/O (because PCI-E devices could use the same IOAPIC vector as the SMBus). -- Stefan Bader Wed, 30 Jan 2013 12:36:41 +0100 xen (4.1.2-2ubuntu2.5) precise-security; urgency=low * Applying Xen Security Advisory: - VT-d: fix interrupt remapping source validation for devices behind legacy bridges CVE-2012-5634 * Applying qemu security fixes: - e1000: Discard packets that are too long if !SBP and !LPE CVE-2012-6075 - Discard packets longer than 16384 when !SBP to match the hardware behavior. CVE-2012-6075 -- Stefan Bader Mon, 07 Jan 2013 18:58:27 +0100 xen (4.1.2-2ubuntu2.4) precise-security; urgency=low * SECURITY UPDATE: denial of service via MMIO regions - debian/patches/CVE-2012-3432.patch: don't leave emulator in an inconsistent state in xen/arch/x86/hvm/io.c. - CVE-2012-3432 * SECURITY UPDATE: denial of service via excessive shared page search time during the p2m teardown - debian/patches/CVE-2012-3433.patch: only check for shared pages while any exist on teardown in xen/arch/x86/mm/p2m.c. - CVE-2012-3433 * SECURITY UPDATE: denial of service via DR7 reserved bits - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in xen/include/asm-x86/debugreg.h. - CVE-2012-3494 * SECURITY UPDATE: denial of service and possible privilege escalation via physdev_get_free_pirq hypercall. - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition correctly in xen/arch/x86/physdev.c. - CVE-2012-3495 * SECURITY UPDATE: denial of service via via invalid flags - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on a non-translated guest in xen/arch/x86/mm/p2m.c. - CVE-2012-3496 * SECURITY UPDATE: denial of service and possibly hypervisor memory disclosure via PHYSDEVOP_map_pirq - debian/patches/CVE-2012-3498.patch: add validation before using in xen/arch/x86/physdev.c. - CVE-2012-3498 * SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence - debian/patches/CVE-2012-3515.patch: bounds check whenever changing the cursor due to an escape code in qemu/console.c. - CVE-2012-3515 * SECURITY UPDATE: host info disclosure via qemu monitor - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default in qemu/vl.c. - CVE-2012-4411 -- Marc Deslauriers Tue, 11 Dec 2012 10:13:24 -0500 xen (4.1.2-2ubuntu2.3) precise-security; urgency=low * Applying Xen Security fixes (LP: #1086801, #1086875) - VCPU/timers: Prevent overflow in calculations, leading to DoS vulnerability CVE-2012-4535 - x86/physdev: Range check pirq parameter from guests CVE-2012-4536 - x86/physmap: Prevent incorrect updates of m2p mappings CVE-2012-4537 - xen/mm/shadow: check toplevel pagetables are present before unhooking them CVE-2012-4538 - compat/gnttab: Prevent infinite loop in compat code CVE-2012-4539 - libxc: builder: limit maximum size of kernel/ramdisk CVE-2012-4544 - gnttab: fix releasing of memory upon switches between versions CVE-2012-5510 - hvm: Limit the size of large HVM op batches CVE-2012-5511 - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use CVE-2012-5512 - xen: add missing guest address range checks to XENMEM_exchange handlers CVE-2012-5513 - xen: fix error handling of guest_physmap_mark_populate_on_demand() CVE-2012-5514 - memop: limit guest specified extent order CVE-2012-5515 -- Stefan Bader Wed, 05 Dec 2012 15:04:25 +0100 xen (4.1.2-2ubuntu2.2) precise-proposed; urgency=low * upstream-24883:adcd6ab160fa x86/mm: Don't check for invalid bits in non-present PTEs. Cherry-pick from xen-4.1 unstable to fix corrupted page table issues observed on 32 bit guests (LP: #1023365). -- Stefan Bader Tue, 10 Jul 2012 19:48:15 +0200 xen (4.1.2-2ubuntu2.1) precise-security; urgency=low * x86-64: detect processors subject to AMD erratum #121 and refuse to boot CVE-2006-0744 * x86_64: Do not execute sysret with a non-canonical return address CVE-2012-0218 * x86-64: fix #GP generation in assembly code CVE-2012-0217 -- Stefan Bader Wed, 06 Jun 2012 13:59:39 +0200 xen (4.1.2-2ubuntu2) precise; urgency=low * etherboot: Change the config back to include the 8086100e.rom (LP: #948333) -- Stefan Bader Tue, 06 Mar 2012 20:58:14 +0100 xen (4.1.2-2ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. - Dropped: - debian/patches/upstream-23044:d4ca456c0c25 - debian/patches/upstream-23104:1976adbf2b80 - debian/patches/upstream-changeset-23146.patch - debian/patches/upstream-changeset-23147.patch - debian/patches/xen-pirq-resubmit-irq.patch -- Chuck Short Thu, 22 Dec 2011 04:53:35 +0000 xen (4.1.2-2) unstable; urgency=low [ Jon Ludlam ] * Import (partially reworked) upstream changes for OCaml support. - Rename the ocamlfind packages. - Remove uuid and log libraries. - Fix 2 bit-twiddling bugs and an off-by-one * Fix build of OCaml libraries. * Add OCaml library and development package. * Include some missing headers. -- Bastian Blank Sat, 10 Dec 2011 19:13:25 +0000 xen (4.1.2-1) unstable; urgency=low * New upstream release. * Build-depend on pkg-config. * Add package libxen-4.1. Includes some shared libs. -- Bastian Blank Sat, 26 Nov 2011 18:28:06 +0100 xen (4.1.1-3ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. - Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. - debian/patches/upstream-changeset-23146.patch, debian/patches/upstream-changeset-23147.patch: Fix booting with hvm domU. (LP: #832207) - debian/patches/xen-pirq-resubmit-irq.patch: Retrigger pirq events when asserted while processing. (LP: #854829) -- Chuck Short Sun, 06 Nov 2011 05:51:08 +0000 xen (4.1.1-3) unstable; urgency=low [ Julien Danjou ] * Remove Julien Danjou from the Uploaders field. (closes: #590439) [ Bastian Blank ] * Use current version of python. (closes: #646660) * Build-depend against liblzma-dev, it is used if available. (closes: #646694) * Update Standards-Version to 3.9.2. No changes. * Don't use brace-expansion in debhelper install files. -- Bastian Blank Wed, 26 Oct 2011 14:42:33 +0200 xen (4.1.1-2ubuntu4.1) oneiric-proposed; urgency=low * debian/patches/xen-pirq-resubmit-irq.patch: Retrigger pirq events when asserted while processing. Thanks to Stefan Bader (LP: #854829) -- Chuck Short Mon, 10 Oct 2011 19:30:09 -0400 xen (4.1.1-2ubuntu4) oneiric; urgency=low * Rebuild to drop build records on armel and powerpc. LP: #823714. -- Matthias Klose Thu, 06 Oct 2011 14:15:35 +0200 xen (4.1.1-2ubuntu2) oneiric; urgency=low * Clean up patches. * debian/patches/upstream-changeset-23146.patch, debian/patches/upstream-changeset-23147.patch: Fix booting with hvm domU. (LP: #832207) -- Chuck Short Thu, 01 Sep 2011 13:13:47 -0400 xen (4.1.1-2ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. + Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. -- Chuck Short Thu, 11 Aug 2011 14:18:41 +0000 xen (4.1.1-2) unstable; urgency=low * Fix hvmloader with gcc 4.6. -- Bastian Blank Fri, 05 Aug 2011 23:58:36 +0200 xen (4.1.1-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: + Xen 3.3 -> Xen 4.1 migration: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-utils: Conflict and replaces libxen3. - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, and xen-utils-4.1. + Make sure the LDFLAGS value passed is suitable for use by ld rather than gcc. + Dropped upstream patches: - debian/patches/disable-unused-but-not-set-error.patch: Applied upstream. - debian/patches/xc-dom-restore-set-but-not-used.patch: Applied upstream. - debian/patches/xc-dom-restore-set-but-not-used.patch: Applied upstream. -- Chuck Short Tue, 19 Jul 2011 00:11:08 +0000 xen (4.1.1-1) unstable; urgency=low * New upstream release. * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.) * Use dh_python2. -- Bastian Blank Mon, 18 Jul 2011 19:38:38 +0200 xen (4.1.0-3ubuntu4) oneiric; urgency=low * Fix xen 3.3 -> xen 4.1 migration. -- Chuck Short Sat, 04 Jun 2011 15:37:17 -0400 xen (4.1.0-3ubuntu3) oneiric; urgency=low * debian/control: Use python2.7 as a build dependency. -- Chuck Short Tue, 31 May 2011 14:50:03 -0400 xen (4.1.0-3ubuntu2) oneiric; urgency=low * debian/control: + Move to python 2.7. + Xen 3.3 -> Xen4.1 migration: - libxenstore3.0: Conflict and replaces libxen3. - libxen-dev: Conflict and replaces libxen3-dev. - xenstore-tuils: Conflict and replaces libxen3 - xen-utils-4.1: Confflict and replaces libxen3, python-xen3.3, and xen-utils-3.3 -- Chuck Short Tue, 31 May 2011 13:15:08 -0400 xen (4.1.0-3ubuntu1) oneiric; urgency=low * Make sure the LDFLAGS value passed is suitable for use by ld, rather than gcc. * Import a set of gcc 4.6 related build fixes from upstream hg. (disable-unused-but-not-set-error.patch, ioapic-uninitialised-variables.patch, patches/xc-dom-restore-set-but-not-used.patch, xc-tmem-set-but-not-used.patch) -- Soren Hansen Thu, 26 May 2011 14:27:18 +0200 xen (4.1.0-3) unstable; urgency=low * Add ghostscript to build-deps. * Enable qemu-dm build. - Add qemu as another orig tar. - Remove blktap1, bluetooth and sdl support from qemu. - Recommend qemu-keymaps and qemu-utils. -- Bastian Blank Thu, 28 Apr 2011 15:20:45 +0200 xen (4.1.0-2) unstable; urgency=low * Re-enable hvmloader: - Use packaged ipxe. * Workaround incompatibility with xenstored of Xen 4.0. -- Bastian Blank Fri, 15 Apr 2011 11:38:25 +0200 xen (4.1.0-1) unstable; urgency=low * New upstream release. -- Bastian Blank Sun, 27 Mar 2011 18:09:28 +0000 xen (4.1.0~rc6-1) unstable; urgency=low * New upstream release candidate. * Build documentation using pdflatex. * Use python 2.6. (closes: #596545) * Fix lintian override. * Install new tools: xl, xenpaging. * Enable blktap2. - Use own md5 implementation. - Fix includes. - Fix linking of blktap2 binaries. - Remove optimization setting. * Temporarily disable hvmloader, wants to download ipxe. * Remove xenstored pid check from xl. -- Bastian Blank Thu, 17 Mar 2011 16:12:45 +0100 xen (4.0.1-2) unstable; urgency=low * Fix races in memory management. * Make sure that frame-table compression leaves enough alligned. * Disable XSAVE support. (closes: #595490) * Check for dying domain instead of raising an assertion. * Add C6 state with EOI errata for Intel. * Make some memory management interrupt safe. Unsure if really needed. * Raise bar for inter-socket migrations on mostly-idle systems. * Fix interrupt handling for legacy routed interrupts. * Allow to set maximal domain memory even during a running change. * Support new partition name in pygrub. (closes: #599243) * Fix some comparisions "< 0" that may be optimized away. * Check for MWAIT support before using it. * Fix endless loop on interrupts on Nehalem cpus. * Don't crash upon direct GDT/LDT access. (closes: #609531) CVE-2010-4255 * Don't loose timer ticks after domain restore. * Reserve some space for IOMMU area in dom0. (closes: #608715) * Fix hypercall arguments after trace callout. * Fix some error paths in vtd support. Memory leak. * Reinstate ACPI DMAR table. -- Bastian Blank Wed, 12 Jan 2011 15:01:40 +0100 xen (4.0.1-1) unstable; urgency=low * New upstream release. - Fix IOAPIC S3 with interrupt remapping enabled. -- Bastian Blank Fri, 03 Sep 2010 17:14:28 +0200 xen (4.0.1~rc6-1) unstable; urgency=low * New upstream release candidate. - Add some missing locks for page table walk. - Fix NMU injection into guest. - Fix ioapic updates for vt-d. - Add check for GRUB2 commandline behaviour. - Fix handling of invalid kernel images. - Allow usage of powernow. * Remove lowlevel python modules usage from pygrub. (closes: #588811) -- Bastian Blank Tue, 17 Aug 2010 23:15:34 +0200 xen (4.0.1~rc5-1) unstable; urgency=low * New upstream release candidate. -- Bastian Blank Mon, 02 Aug 2010 17:06:27 +0200 xen (4.0.1~rc3-1) unstable; urgency=low * New upstream release candidate. * Call dh_pyversion with the correct version. * Restart xen daemon on upgrade. -- Bastian Blank Wed, 30 Jun 2010 16:30:47 +0200 xen (4.0.0-2) unstable; urgency=low * Fix python dependency. (closes: #586666) - Use python-support. - Hardcode to use python 2.5 for now. -- Bastian Blank Mon, 21 Jun 2010 17:23:16 +0200 xen (4.0.0-1) unstable; urgency=low * Update to unstable. * Fix spelling in README. * Remove unnecessary build-depends. * Fixup xend to use different filename lookup. -- Bastian Blank Thu, 17 Jun 2010 11:16:55 +0200 xen (4.0.0-1~experimental.2) experimental; urgency=low * Merge changes from 3.4.3-1. -- Bastian Blank Fri, 28 May 2010 12:58:12 +0200 xen (4.0.0-1~experimental.1) experimental; urgency=low * New upstream version. * Rename source package to xen. * Build depend against iasl and uuid-dev. * Disable blktap2 support, it links against OpenSSL. * Update copyright file. -- Bastian Blank Thu, 06 May 2010 15:47:38 +0200 xen-3 (3.4.3-1) unstable; urgency=low * New upstream version. * Disable blktap support, it is unusable with current kernels. * Disable libaio, was only used by blktap. * Drop device creation support. (closes: #583283) -- Bastian Blank Fri, 28 May 2010 11:43:18 +0200 xen-3 (3.4.3~rc6-1) unstable; urgency=low * New upstream release candidate. - Relocate multiboot modules. (closes: #580045) - Support grub2 in pygrub. (closes: #573311) -- Bastian Blank Sat, 08 May 2010 11:32:29 +0200 xen-3 (3.4.3~rc3-2) unstable; urgency=low * Again list the complete version in the hypervisor. * Fix path detection for bootloader, document it. (closes: #481105) * Rewrite README. -- Bastian Blank Thu, 08 Apr 2010 16:14:58 +0200 xen-3 (3.4.3~rc3-1) unstable; urgency=low * New upstream release candidate. * Use 3.0 (quilt) source format. * Always use current python version. -- Bastian Blank Mon, 01 Mar 2010 22:14:22 +0100 xen-3 (3.4.2-2) unstable; urgency=low * Remove Jeremy T. Bouse from uploaders. * Export blktap lib and headers. * Build amd64 hypervisor on i386. (closes: #366315) -- Bastian Blank Sun, 22 Nov 2009 16:54:47 +0100 xen-3 (3.4.2-1) unstable; urgency=low * New upstream version. * Strip hvmloader by hand. * Remove extra license file from libxen-dev. -- Bastian Blank Mon, 16 Nov 2009 20:57:07 +0100 xen-3 (3.4.1-1) unstable; urgency=low * New upstream version. -- Bastian Blank Fri, 21 Aug 2009 21:34:38 +0200 xen-3 (3.4.0-2) unstable; urgency=low * Add symbols file for libxenstore3.0. (closes: #536173) * Document that ioemu is currently unsupported. (closes: #536175) * Fix location of fsimage plugins. (closes: #536174) -- Bastian Blank Sat, 18 Jul 2009 18:05:35 +0200 xen-3 (3.4.0-1) unstable; urgency=low [ Bastian Blank ] * New upstream version. * Remove ioemu for now. (closes: #490409, #496367) * Remove non-pae hypervisor. * Use debhelper compat level 7. * Make the init script start all daemons. -- Bastian Blank Tue, 30 Jun 2009 22:33:22 +0200 xen-3 (3.2.1-2) unstable; urgency=low * Use e2fslibs based ext2 support for pygrub. (closes: #476366) * Fix missing checks in pvfb code. See CVE-2008-1952. (closes: #487095) * Add support for loading bzImage files. (closes: #474509) * Enable TLS support in ioemu code. * Drop libcrypto usage because of GPL-incompatibility. * Remove AES code from blktap drivers. Considered broken. -- Bastian Blank Sat, 28 Jun 2008 11:30:43 +0200 xen-3 (3.2.1-1) unstable; urgency=low * New upstream version. * Set rpath relative to ${ORIGIN}. * Add lintian override to xen-utils package. -- Bastian Blank Thu, 22 May 2008 14:01:47 +0200 xen-3 (3.2.0-5) unstable; urgency=low * Provide correct directory to dh_pycentral. -- Bastian Blank Mon, 14 Apr 2008 21:43:49 +0200 xen-3 (3.2.0-4) unstable; urgency=low * Pull in newer xen-utils-common. * Fix missing size checks in the ioemu block driver. (closes: #469654) See: CVE-2008-0928 -- Bastian Blank Fri, 07 Mar 2008 14:21:38 +0100 xen-3 (3.2.0-3) unstable; urgency=low * Clean environment for build. * Add packages libxenstore3.0 and xenstore-utils. * Move docs package in docs section to match overwrites. * Make the hypervisor only recommend the utils. * Cleanup installation. (closes: #462989) -- Bastian Blank Tue, 12 Feb 2008 12:40:56 +0000 xen-3 (3.2.0-2) unstable; urgency=low * Fix broken patch. (closes: #462522) -- Bastian Blank Sat, 26 Jan 2008 17:21:52 +0000 xen-3 (3.2.0-1) unstable; urgency=low * New upstream version. * Add package libxen-dev. Including public headers and static libs. (closes: #402249) * Don't longer install xenfb, removed upstream. -- Bastian Blank Tue, 22 Jan 2008 12:51:49 +0000 xen-3 (3.1.2-2) unstable; urgency=low * Add missing rpath definitions. * Fix building of pae version. -- Bastian Blank Sat, 08 Dec 2007 12:07:42 +0000 xen-3 (3.1.2-1) unstable; urgency=high * New upstream release: - Move shared file into /var/run. (closes: #447795) See CVE-2007-3919. - x86: Fix various problems with debug-register handling. (closes: #451626) See CVE-2007-5906. -- Bastian Blank Sat, 24 Nov 2007 13:24:45 +0000 xen-3 (3.1.1-1) unstable; urgency=low * New upstream release: - Don't use exec with untrusted values in pygrub. (closes: #444430) See CVE-2007-4993. -- Bastian Blank Fri, 19 Oct 2007 16:02:37 +0000 xen-3 (3.1.0-2) unstable; urgency=low * Switch to texlive for documentation. * Drop unused transfig. * Drop unused latex features from documentation. * Build depend against gcc-multilib for amd64. (closes: #439662) -- Bastian Blank Fri, 31 Aug 2007 08:15:50 +0000 xen-3 (3.1.0-1) unstable; urgency=low [ Julien Danjou ] * New upstream version. [ Ralph Passgang ] * Added graphviz to Build-Indeps [ Bastian Blank ] * Upstream removed one part of the version. Do it also. * Merge utils packages. * Install blktap support. * Install pygrub. * Install xenfb tools. * xenconsoled startup is racy, wait a little bit. -- Bastian Blank Mon, 20 Aug 2007 15:05:08 +0000 xen-3.0 (3.0.4-1-1) unstable; urgency=low [ Bastian Blank ] * New upstream version (closes: #394411) [ Guido Trotter ] * Actually try to build and release xen 3.0.4 * Update build dependencies -- Guido Trotter Wed, 23 May 2007 11:57:29 +0100 xen-3.0 (3.0.3-0-2) unstable; urgency=medium [Bastian Blank] * Remove device recreate code. * Remove build dependency on linux-support-X [ Guido Trotter ] * Add missing build dependency on zlib1g-dev (closes: #396557) * Add missing build dependencies on libncurses5-dev and x11proto-core-dev (closes: #396561, #396567) -- Guido Trotter Thu, 2 Nov 2006 16:38:02 +0000 xen-3.0 (3.0.3-0-1) unstable; urgency=low * New upstream version. -- Bastian Blank Fri, 20 Oct 2006 11:04:35 +0000 xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low * New upstream snapshot. * Ignore update-grub errors. (closes: #392534) -- Bastian Blank Sat, 14 Oct 2006 13:09:53 +0000 xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low * New upstream snapshot. * Rename ioemu package to include the complete version. * Fix name of hypervisor. (closes: #391771) -- Bastian Blank Mon, 9 Oct 2006 12:48:13 +0000 xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low * New upstream snapshot. * Rename hypervisor and utils packages to include the complete version. * Redo build environment. -- Bastian Blank Mon, 4 Sep 2006 18:43:12 +0000 xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low [ Guido Trotter ] * Update xen-utils' README.Debian (closes: #372524) [ Bastian Blank ] * Adopt new python policy. (closes: #380990) * Add patch to make new kernels working on the hypervisor. -- Bastian Blank Tue, 15 Aug 2006 19:20:08 +0000 xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low [ Guido Trotter ] * Update Standards Version * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes) [ Bastian Blank ] * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496) -- Guido Trotter Wed, 31 May 2006 10:50:05 +0200 xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae descriptions, specifying what the difference between the two packages is (closes: #366019) * Merge upstream fixes trunk -- Guido Trotter Thu, 18 May 2006 15:25:02 +0200 xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low * Merge upstream fixes trunk - This includes a fix for CVE-2006-1056 -- Guido Trotter Thu, 27 Apr 2006 17:34:03 +0200 xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low * Merge upstream fixes trunk * Fix PAE disabled in pae build (Closes: #364875) -- Julien Danjou Wed, 26 Apr 2006 13:19:39 +0200 xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low [ Guido Trotter ] * Merge upstream fixes trunk [ Bastian Blank ] * debian/patches/libdir.dpatch: Update to make xm save work -- Julien Danjou Mon, 24 Apr 2006 18:02:07 +0200 xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low * Merge upstream bug fixes * Fix bug with xend init.d script -- Julien Danjou Wed, 12 Apr 2006 17:35:35 +0200 xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low * New upstream release * Fix copyright file -- Julien Danjou Mon, 10 Apr 2006 17:02:55 +0200 xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low * The "preserve our homes" release * Now cooperatively maintained by the Debian Xen Team * New upstream release (closes: #327493, #342249) * Build depend on transfig (closes: #321157) * Use gcc rather than gcc-3.4 to compile (closes: #323698) * Split xen-hypervisor-3.0 and xen-utils-3.0 * Build both normal and pae hypervisor packages * Change maintainer and add uploaders field * Add force-reload support for init script xendomains * Remove dependency against bash * Bump standards version to 3.6.2.2 * xen-utils-3.0 conflicts and replaces xen * Add dpatch structure to the package * Remove build-dependency on gcc (it's build essential anyway) * Make SrvServer.py not executable * Create NEWS.Debian file with important upgrade notices * Update copyright file * Remove the linux-patch-xen package * Removed useless build-dependencies: libncurses5-dev, wget * Changed xendomains config path to /etc/default * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 & xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide xen-hypervisor * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading xen2 -> xen3 don't fail because of a running xen2 hypervisor * Updated the "Replaces & Conflicts" * Install only and correctly udev files * Compile date is no more in current locale * Add patch which add the debian version and maintainer in the version string and removes the banner. * Don't install unusable cruft in xen-utils * Remove libxen packages (no stable API/ABI) -- Julien Danjou Wed, 5 Apr 2006 16:05:07 +0200 xen (2.0.6-1) unstable; urgency=low * Patches applied upstream: non-xen-init-exit.patch, add-build.patch, python-install.patch, disable-html-docs.patch. * New upstream released. Closes: #311336. * Remove comparison to UML from xen short description. Closes: #317066. * Make packages conflicts with 1.2 doc debs. Closes: #304285. * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488, #317468. -- Adam Heath Wed, 06 Jul 2005 12:35:50 -0500 xen (2.0.5-3) experimental; urgency=low * Change priority/section to match the overrides file. -- Adam Heath Fri, 18 Mar 2005 12:43:50 -0600 xen (2.0.5-2) experimental; urgency=low * Mike McCallister , Tommi Virtanen , Tom Hibbert : Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384 -- Adam Heath Fri, 18 Mar 2005 11:39:56 -0600 xen (2.0.5-1) experimental; urgency=low * New upstream. * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch as they have been applied upstream(in various forms). * xend now starts at priority 20, stops at 21, while xendomains starts at 21, and stops at 20. -- Adam Heath Fri, 11 Mar 2005 14:33:33 -0600 xen (2.0.4-4) experimental; urgency=low * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will get shipped. Reported by Clint Adams . -- Adam Heath Tue, 15 Feb 2005 13:00:57 -0600 xen (2.0.4-3) experimental; urgency=low * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and xen-docs. Reported by Tupshin Harper . -- Adam Heath Sun, 06 Feb 2005 01:22:45 -0600 xen (2.0.4-2) experimental; urgency=low * Fix kernel patch generation. It was broken when I integrated with debian's kernel source. I used a symlink, and diff doesn't follow those. -- Adam Heath Sat, 05 Feb 2005 18:16:35 -0600 xen (2.0.4-1) experimental; urgency=low * New upstream. * xen.deb can now install on a plain kernel; that is, the init scripts exit successfully if /proc/xen/privcmd doesn't exist. This allows for dual-boot setups. * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend xfrd are daemons, and take little if any options. I've not had a need to use xenperf nor xensv yet. xm has nice built in help(xm help). * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is not yet in debian, disable the 2.4 patch generation. Closes: #271245. * Not certain how the kernel-patch-xen was empty. It's not now, with the repackaging. Closes: #272299. * Xen no longer produces kernel images, so problems about missing features are no longer valid. Closes: #253924. * Acknowledge nmu bugs: * No longer build-depend on gcc 3.3, as the default gcc works. Closes: #243048. -- Adam Heath Sat, 05 Feb 2005 18:04:27 -0600 xen (2.0.3-0.1) unstable; urgency=low * Changes from Tommi Virtanen: * Added dh-kpatches and libcurl3-dev to Build-Depends. * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py. * Add xmexample1 and xmexample2 to xen/doc/examples. -- Adam Heath Wed, 26 Jan 2005 10:55:07 -0600 xen (2.0.3-0) unstable; urgency=low * New upstream. Closes: #280733. * Repackaged from scratch. * Using unreleased patch management system. See debian/README.build. * After extracting the .dsc, there are no special steps needed * Those wanting to change the source, use the normal procedures for any package, including using interdiff(or other tool) to send a patch to me or the bts. * No longer try to do anything fancy with regard to the layout of the built kernels. Now, only patches are distributed. Please make use of the xen support in kernel-package. * Early preview release to #debian-devel. -- Adam Heath Tue, 25 Jan 2005 13:24:54 -0600 xen (1.2-4.1) unstable; urgency=high * NMU * Remove gcc-3.2 from Build-Depends as isn't used during build (Closes: #243048) -- Frank Lichtenheld Sat, 21 Aug 2004 17:42:28 +0200 xen (1.2-4) unstable; urgency=low * Added xen-docs.README.Debian, which explains the kernel image layout, and contains references on the locations differ from what is mentioned by the upstream documentation. Closes: #230345. -- Adam Heath Fri, 26 Mar 2004 17:36:41 -0600 xen (1.2-3) unstable; urgency=low * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to Build-Depends-Indep. -- Adam Heath Tue, 23 Mar 2004 20:14:39 -0600 xen (1.2-2) unstable; urgency=low * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in /usr/lib/kernels. * Add kernel-patch-nfs-swap deb. * Apply additional patches to kernel-image-xen: * nfs-group * nfs-swap -- Adam Heath Thu, 04 Mar 2004 12:47:47 -0600 xen (1.2-1) unstable; urgency=low * Initial version. -- Adam Heath Tue, 02 Mar 2004 13:21:52 -0600