Git : Code : xen package : Ubuntu

Ubuntu
xen package

Overview
Code
Bugs
Blueprints
Translations
Answers

View Bazaar branches

Get this repository:: git clone https://git.launchpad.net/ubuntu/+source/xen

Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name	Last Modified	Last Commit
importer/ubuntu/dsc	2020-02-12 09:01:56 UTC 2020-02-12	DSC file for 4.11.3+24-g14b62ab3e5-1ubuntu1 Author: Ubuntu Git Importer Author Date: 2020-02-12 09:01:56 UTC DSC file for 4.11.3+24-g14b62ab3e5-1ubuntu1
ubuntu/devel	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/foc... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
ubuntu/focal-proposed	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/foc... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
applied/ubuntu/devel	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubun... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9 Unapplied parent: 3f893a1dc0b69408c5708ee4d55523712df3bcf2 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
applied/ubuntu/focal	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubun... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9 Unapplied parent: 3f893a1dc0b69408c5708ee4d55523712df3bcf2 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
applied/ubuntu/focal-proposed	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubun... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9 Unapplied parent: 3f893a1dc0b69408c5708ee4d55523712df3bcf2 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
ubuntu/focal-devel	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/foc... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
ubuntu/focal	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/foc... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
applied/ubuntu/focal-devel	2020-02-12 08:48:10 UTC 2020-02-12	Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubun... Author: Stefan Bader Author Date: 2020-02-06 15:45:33 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to applied/ubuntu/focal-proposed Imported using git-ubuntu import. Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9 Unapplied parent: 3f893a1dc0b69408c5708ee4d55523712df3bcf2 New changelog entries: * Merge from Debian/Sid. Remaining changes: - Enforce python2 usage - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Recommend qemu-system-x86-xen - Force fcf-protection off when using -mindirect-branch - Strip .note.gnu.property section for intermediate files - Add transitional packages for upgrades - Handle config file moving between packages
importer/debian/dsc	2020-02-08 19:24:43 UTC 2020-02-08	DSC file for 4.8.5.final+shim4.10.4-1+deb9u12 Author: Ubuntu Git Importer Author Date: 2020-02-08 19:24:43 UTC DSC file for 4.8.5.final+shim4.10.4-1+deb9u12
debian/stretch	2020-02-08 18:00:49 UTC 2020-02-08	Import patches-unapplied version 4.8.5.final+shim4.10.4-1+deb9u12 to debian/s... Author: Ian Jackson Author Date: 2020-01-10 17:09:30 UTC Import patches-unapplied version 4.8.5.final+shim4.10.4-1+deb9u12 to debian/stretch Imported using git-ubuntu import. Changelog parent: bae60a0b429a0966da3b11cfcf61d74a564fb472 New changelog entries: * NOTE this will probably be the LAST UPDATE for Xen in Debian 9.x (stretch), since this is the last batch of security patches from upstream, where Xen 4.8 is out of security support. * Update to new upstream final tip of 4.8 stable branch, which I have dubbed upstream/stable-4.8.5.final. And shim 4.10.4. * This includes fixes to: XSA-311 CVE-2019-19577 XSA-310 CVE-2019-19580 XSA-309 CVE-2019-19578 XSA-308 CVE-2019-19583 XSA-307 CVE-2019-19581 CVE-2019-19582 XSA-306 CVE-2019-19579 XSA-305 CVE-2019-11135 XSA-304 CVE-2018-12207 XSA-303 CVE-2019-18422 XSA-302 CVE-2019-18424 XSA-301 CVE-2019-18423 XSA-299 CVE-2019-18421 XSA-298 CVE-2019-18425 XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 XSA-296 CVE-2019-18420 XSA-295 CVE-2019-17349 CVE-2019-17350 XSA-294 CVE-2019-17348 XSA-293 CVE-2019-17347 XSA-292 CVE-2019-17346 XSA-291 CVE-2019-17345 XSA-290 CVE-2019-17344 XSA-288 CVE-2019-17343 XSA-287 CVE-2019-17342 XSA-285 CVE-2019-17341 XSA-284 CVE-2019-17340 * For completeness, the following are not applicable: XSA-300 CVE-2019-17351 Bug is in Linux XSA-289 Spectre V1 + L1TF combo; no new fixes XSA-283 Withdrawn XSA number XSA-281 Withdrawn XSA number * The following is not fixed at this time: XSA-286 Still embargoed. * README.comet: remove line about PVH support. [Hans van Kranenburg] Closes:#908453.
applied/debian/stretch	2020-02-08 18:00:49 UTC 2020-02-08	Import patches-applied version 4.8.5.final+shim4.10.4-1+deb9u12 to applied/de... Author: Ian Jackson Author Date: 2020-01-10 17:09:30 UTC Import patches-applied version 4.8.5.final+shim4.10.4-1+deb9u12 to applied/debian/stretch Imported using git-ubuntu import. Changelog parent: 00fae7290df72c3821c25f77c2051e80975af466 Unapplied parent: addb67f070c283ae2042c4e5c63fa26fe73035b2 New changelog entries: * NOTE this will probably be the LAST UPDATE for Xen in Debian 9.x (stretch), since this is the last batch of security patches from upstream, where Xen 4.8 is out of security support. * Update to new upstream final tip of 4.8 stable branch, which I have dubbed upstream/stable-4.8.5.final. And shim 4.10.4. * This includes fixes to: XSA-311 CVE-2019-19577 XSA-310 CVE-2019-19580 XSA-309 CVE-2019-19578 XSA-308 CVE-2019-19583 XSA-307 CVE-2019-19581 CVE-2019-19582 XSA-306 CVE-2019-19579 XSA-305 CVE-2019-11135 XSA-304 CVE-2018-12207 XSA-303 CVE-2019-18422 XSA-302 CVE-2019-18424 XSA-301 CVE-2019-18423 XSA-299 CVE-2019-18421 XSA-298 CVE-2019-18425 XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 XSA-296 CVE-2019-18420 XSA-295 CVE-2019-17349 CVE-2019-17350 XSA-294 CVE-2019-17348 XSA-293 CVE-2019-17347 XSA-292 CVE-2019-17346 XSA-291 CVE-2019-17345 XSA-290 CVE-2019-17344 XSA-288 CVE-2019-17343 XSA-287 CVE-2019-17342 XSA-285 CVE-2019-17341 XSA-284 CVE-2019-17340 * For completeness, the following are not applicable: XSA-300 CVE-2019-17351 Bug is in Linux XSA-289 Spectre V1 + L1TF combo; no new fixes XSA-283 Withdrawn XSA number XSA-281 Withdrawn XSA number * The following is not fixed at this time: XSA-286 Still embargoed. * README.comet: remove line about PVH support. [Hans van Kranenburg] Closes:#908453.
applied/debian/buster	2020-02-08 17:22:28 UTC 2020-02-08	Import patches-applied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to applied/deb... Author: Hans van Kranenburg Author Date: 2020-01-08 13:21:23 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to applied/debian/buster Imported using git-ubuntu import. Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9 Unapplied parent: 7a6217b2d828754c837d5c44023719027bdc618d New changelog entries: * Rebuild for buster-security
debian/buster	2020-02-08 17:22:28 UTC 2020-02-08	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to debian/bu... Author: Hans van Kranenburg Author Date: 2020-01-08 13:21:23 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to debian/buster Imported using git-ubuntu import. Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6 New changelog entries: * Rebuild for buster-security
applied/debian/sid	2020-01-08 22:43:41 UTC 2020-01-08	Import patches-applied version 4.11.3+24-g14b62ab3e5-1 to applied/debian/sid Author: Hans van Kranenburg Author Date: 2020-01-08 12:41:42 UTC Import patches-applied version 4.11.3+24-g14b62ab3e5-1 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: a2a7ad414b343acfbc9908ad88a8de43f4ebe103 Unapplied parent: 7defdef2ecbd94ed2db61e33b3932bb72e0e78f6 New changelog entries: * Update to new upstream version 4.11.3+24-g14b62ab3e5, which also contains the following security fixes: (Closes: #947944) - Unlimited Arm Atomics Operations XSA-295 CVE-2019-17349 CVE-2019-17350 - VCPUOP_initialise DoS XSA-296 CVE-2019-18420 - missing descriptor table limit checking in x86 PV emulation XSA-298 CVE-2019-18425 - Issues with restartable PV type change operations XSA-299 CVE-2019-18421 - add-to-physmap can be abused to DoS Arm hosts XSA-301 CVE-2019-18423 - passed through PCI devices may corrupt host memory after deassignment XSA-302 CVE-2019-18424 - ARM: Interrupts are unconditionally unmasked in exception handlers XSA-303 CVE-2019-18422 - x86: Machine Check Error on Page Size Change DoS XSA-304 CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305 CVE-2019-11135 - Device quarantine for alternate pci assignment methods XSA-306 CVE-2019-19579 - find_next_bit() issues XSA-307 CVE-2019-19581 CVE-2019-19582 - VMX: VMentry failure with debug exceptions and blocked states XSA-308 CVE-2019-19583 - Linear pagetable use / entry miscounts XSA-309 CVE-2019-19578 - Further issues with restartable PV type change operations XSA-310 CVE-2019-19580 - Bugs in dynamic height handling for AMD IOMMU pagetables XSA-311 CVE-2019-19577 * Add missing CVE numbers to previous changelog entries
debian/sid	2020-01-08 22:43:41 UTC 2020-01-08	Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1 to debian/sid Author: Hans van Kranenburg Author Date: 2020-01-08 12:41:42 UTC Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1 to debian/sid Imported using git-ubuntu import. Changelog parent: 9472efd10e51daaf7c2e2fde4bcd10850b1a8ff1 New changelog entries: * Update to new upstream version 4.11.3+24-g14b62ab3e5, which also contains the following security fixes: (Closes: #947944) - Unlimited Arm Atomics Operations XSA-295 CVE-2019-17349 CVE-2019-17350 - VCPUOP_initialise DoS XSA-296 CVE-2019-18420 - missing descriptor table limit checking in x86 PV emulation XSA-298 CVE-2019-18425 - Issues with restartable PV type change operations XSA-299 CVE-2019-18421 - add-to-physmap can be abused to DoS Arm hosts XSA-301 CVE-2019-18423 - passed through PCI devices may corrupt host memory after deassignment XSA-302 CVE-2019-18424 - ARM: Interrupts are unconditionally unmasked in exception handlers XSA-303 CVE-2019-18422 - x86: Machine Check Error on Page Size Change DoS XSA-304 CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305 CVE-2019-11135 - Device quarantine for alternate pci assignment methods XSA-306 CVE-2019-19579 - find_next_bit() issues XSA-307 CVE-2019-19581 CVE-2019-19582 - VMX: VMentry failure with debug exceptions and blocked states XSA-308 CVE-2019-19583 - Linear pagetable use / entry miscounts XSA-309 CVE-2019-19578 - Further issues with restartable PV type change operations XSA-310 CVE-2019-19580 - Bugs in dynamic height handling for AMD IOMMU pagetables XSA-311 CVE-2019-19577 * Add missing CVE numbers to previous changelog entries
applied/ubuntu/eoan-proposed	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/disco-updates	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/disco-proposed	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/disco-devel	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/eoan-devel	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/eoan-proposed	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
ubuntu/eoan-updates	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/ubuntu/disco-devel	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/ubuntu/disco-proposed	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/ubuntu/disco-updates	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/ubuntu/eoan-devel	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/ubuntu/eoan-updates	2020-01-07 10:29:17 UTC 2020-01-07	Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Author: Stefan Bader Author Date: 2019-12-11 17:23:34 UTC Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed Imported using git-ubuntu import. Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3 Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9 New changelog entries: * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are all cherry picks from Xen upstream to handle gcc8 and gcc9 changes. - d/p/x86-e820-fix-build-with-gcc9.patch - d/p/x86-IO-APIC-fix-build-with-gcc9.patch - d/p/trace-fix-build-with-gcc9.patch - d/p/tools-libxc-fix-strncpy-size.patch - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch - d/p/tools-xenpmd-fix-possible-0-truncation.patch - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch - d/p/libacpi-fixes-for-iasl-20180427.patch - d/p/tools-blktap2-fix-possible-0-truncation.patch - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch - d/p/ubuntu/flags-fcs-protect-none.patch - d/p/ubuntu/strip-note-gnu-property.patch * Fix decode failed panics with v5.2+ kernels (LP: #1851091) - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch - d/p/0002-lz4-pull-out-constant-tables.patch - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch
applied/debian/experimental	2018-09-12 16:27:11 UTC 2018-09-12	Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to ... Author: Hans van Kranenburg Author Date: 2018-09-11 13:34:34 UTC Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to applied/debian/experimental Imported using git-ubuntu import. Changelog parent: 5907bf887df27a51cf6228e2bb473a389dec30b0 Unapplied parent: 7a9f512c83dbf118dff60e692d10ef6c3723c0ce New changelog entries: * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg. * Remove stubdom/grub.patches/00cvs from the upstream source because it's not DFSG compliant. (license-problem-gfdl-invariants) * Override statically-linked-binary lintian error about usr/lib/xen-4.11/boot/xen-shim [ Hans van Kranenburg ] * Update to 4.11.1-pre commit 733450b39b, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages XSA-248 CVE-2017-17566 - Fix broken x86 shadow mode refcount overflow check XSA-249 CVE-2017-17563 - Fix improper x86 shadow mode refcount error handling XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 - Fix: DoS via non-preemptable L3/L4 pagetable freeing XSA-252 CVE-2018-7540 - Fix x86: memory leak with MSR emulation XSA-253 CVE-2018-5244 - Multiple parts of fixes for... Information leak via side effects of speculative execution XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - Branch predictor hardening for ARM CPUs - Support compiling with indirect branch thunks (e.g. retpoline) - Report details of speculative mitigations in boot logging - Fix: grant table v2 -> v1 transition may crash Xen XSA-255 CVE-2018-7541 - Fix: x86 PVH guest without LAPIC may DoS the host XSA-256 CVE-2018-7542 - The "Comet" shim, which can be used as a mitigation for Meltdown to shield the hypervisor against 64-bit PV guests. - Fix: Information leak via crafted user-supplied CDROM XSA-258 CVE-2018-10472 - Fix: x86: PV guest may crash Xen with XPTI XSA-259 CVE-2018-10471 - Fix: x86: mishandling of debug exceptions XSA-260 CVE-2018-8897 - Fix: x86 vHPET interrupt injection errors XSA-261 CVE-2018-10982 - Fix: qemu may drive Xen into unbounded loop XSA-262 CVE-2018-10981 - Fix: Speculative Store Bypass XSA-263 CVE-2018-3639 - Fix: preemption checks bypassed in x86 PV MM handling XSA-264 CVE-2018-12891 - Fix: x86: #DB exception safety check can be triggered by a guest XSA-265 CVE-2018-12893 - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266 CVE-2018-12892 - Fix: Speculative register leakage from lazy FPU context switching XSA-267 CVE-2018-3665 - Fix: Use of v2 grant tables may cause crash on ARM XSA-268 CVE-2018-15469 - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS XSA-269 CVE-2018-15468 - Fix: oxenstored does not apply quota-maxentity XSA-272 CVE-2018-15470 - Fix: L1 Terminal Fault speculative side channel XSA-273 CVE-2018-3620 * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: - Add a call to build common tool headers. - Add a call to install common tool headers. - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff: - Add additional modifications for new libxendevicemodel. - debian/patches/tools-fake-xs-restrict.patch: - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command * Rebase patches against 4.10 upstream source. * Rebase patches against 4.11 upstream source. * Add README.source.md to document how the packaging works. * This package builds correctly with gcc 7. (Closes: #853710) * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545) * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751) * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error [ Mark Pryor ] * Fix shared library build dependencies for the new xentoolcore library. [ John Keates ] * Enable OVMF (Closes: #858962)
debian/experimental	2018-09-12 16:27:11 UTC 2018-09-12	Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 t... Author: Hans van Kranenburg Author Date: 2018-09-11 13:34:34 UTC Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to debian/experimental Imported using git-ubuntu import. Changelog parent: 3fb68988c4b590a521631bf6c82457cf32e23964 New changelog entries: * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg. * Remove stubdom/grub.patches/00cvs from the upstream source because it's not DFSG compliant. (license-problem-gfdl-invariants) * Override statically-linked-binary lintian error about usr/lib/xen-4.11/boot/xen-shim [ Hans van Kranenburg ] * Update to 4.11.1-pre commit 733450b39b, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages XSA-248 CVE-2017-17566 - Fix broken x86 shadow mode refcount overflow check XSA-249 CVE-2017-17563 - Fix improper x86 shadow mode refcount error handling XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 - Fix: DoS via non-preemptable L3/L4 pagetable freeing XSA-252 CVE-2018-7540 - Fix x86: memory leak with MSR emulation XSA-253 CVE-2018-5244 - Multiple parts of fixes for... Information leak via side effects of speculative execution XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - Branch predictor hardening for ARM CPUs - Support compiling with indirect branch thunks (e.g. retpoline) - Report details of speculative mitigations in boot logging - Fix: grant table v2 -> v1 transition may crash Xen XSA-255 CVE-2018-7541 - Fix: x86 PVH guest without LAPIC may DoS the host XSA-256 CVE-2018-7542 - The "Comet" shim, which can be used as a mitigation for Meltdown to shield the hypervisor against 64-bit PV guests. - Fix: Information leak via crafted user-supplied CDROM XSA-258 CVE-2018-10472 - Fix: x86: PV guest may crash Xen with XPTI XSA-259 CVE-2018-10471 - Fix: x86: mishandling of debug exceptions XSA-260 CVE-2018-8897 - Fix: x86 vHPET interrupt injection errors XSA-261 CVE-2018-10982 - Fix: qemu may drive Xen into unbounded loop XSA-262 CVE-2018-10981 - Fix: Speculative Store Bypass XSA-263 CVE-2018-3639 - Fix: preemption checks bypassed in x86 PV MM handling XSA-264 CVE-2018-12891 - Fix: x86: #DB exception safety check can be triggered by a guest XSA-265 CVE-2018-12893 - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266 CVE-2018-12892 - Fix: Speculative register leakage from lazy FPU context switching XSA-267 CVE-2018-3665 - Fix: Use of v2 grant tables may cause crash on ARM XSA-268 CVE-2018-15469 - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS XSA-269 CVE-2018-15468 - Fix: oxenstored does not apply quota-maxentity XSA-272 CVE-2018-15470 - Fix: L1 Terminal Fault speculative side channel XSA-273 CVE-2018-3620 * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: - Add a call to build common tool headers. - Add a call to install common tool headers. - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff: - Add additional modifications for new libxendevicemodel. - debian/patches/tools-fake-xs-restrict.patch: - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command * Rebase patches against 4.10 upstream source. * Rebase patches against 4.11 upstream source. * Add README.source.md to document how the packaging works. * This package builds correctly with gcc 7. (Closes: #853710) * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545) * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751) * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error [ Mark Pryor ] * Fix shared library build dependencies for the new xentoolcore library. [ John Keates ] * Enable OVMF (Closes: #858962)
ubuntu/cosmic	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/eoan	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic-devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic-proposed	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/disco	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/eoan	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/cosmic-devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/cosmic-proposed	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/disco	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/bionic-proposed	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
applied/ubuntu/bionic	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
ubuntu/bionic-devel	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
applied/ubuntu/bionic-devel	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
ubuntu/bionic	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
ubuntu/bionic-proposed	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
importer/debian/pristine-tar	2018-03-15 18:10:58 UTC 2018-03-15	pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz Author: Ubuntu Git Importer Author Date: 2018-03-15 18:10:58 UTC pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz
importer/ubuntu/pristine-tar	2018-03-06 02:52:21 UTC 2018-03-06	pristine-tar data for xen_4.9.0.orig.tar.gz Author: Ubuntu Git Importer Author Date: 2018-03-06 02:52:21 UTC pristine-tar data for xen_4.9.0.orig.tar.gz
debian/jessie	2017-12-09 17:59:12 UTC 2017-12-09	Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie Author: Ian Jackson Author Date: 2017-09-05 17:35:04 UTC Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie Imported using git-ubuntu import. Changelog parent: c51f1b9be10ea208bbd65406f81c154ed482fe75 New changelog entries: Security updates, including some very important fixes: * XSA-217 CVE-2017-10912 * XSA-218 CVE-2017-10913 CVE-2017-10914 * XSA-219 CVE-2017-10915 * XSA-221 CVE-2017-10917 * XSA-222 CVE-2017-10918 * XSA-224 CVE-2017-10919 * XSA-226 CVE-2017-12135 * XSA-227 CVE-2017-12137 * XSA-230 CVE-2017-12855 * XSA-235 no CVE assigned yet Bugfixes: * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch) FYI, XSAs which remain outstanding because no patch is available. * XSA-223: armhf/arm64 guest-induced host crash vulnerability FYI, inapplicable XSAs, for which no patch is included: * XSA-216: Bugs are in Linux and Qemu, not Xen * XSA-220: Xen 4.4 is not vulnerable * XSA-225: Xen 4.4 is not vulnerable * XSA-228: Xen 4.4 is not vulnerable * XSA-229: Bug is in Linux, not Xen
applied/debian/jessie	2017-12-09 17:59:12 UTC 2017-12-09	Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie Author: Ian Jackson Author Date: 2017-09-05 17:35:04 UTC Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie Imported using git-ubuntu import. Changelog parent: cf98bd19cd9d3058b1642c0ce919a305013447f8 Unapplied parent: 7fc1f5bbf892220dae61f3ab60c9dc9c9bf53339 New changelog entries: Security updates, including some very important fixes: * XSA-217 CVE-2017-10912 * XSA-218 CVE-2017-10913 CVE-2017-10914 * XSA-219 CVE-2017-10915 * XSA-221 CVE-2017-10917 * XSA-222 CVE-2017-10918 * XSA-224 CVE-2017-10919 * XSA-226 CVE-2017-12135 * XSA-227 CVE-2017-12137 * XSA-230 CVE-2017-12855 * XSA-235 no CVE assigned yet Bugfixes: * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch) FYI, XSAs which remain outstanding because no patch is available. * XSA-223: armhf/arm64 guest-induced host crash vulnerability FYI, inapplicable XSAs, for which no patch is included: * XSA-216: Bugs are in Linux and Qemu, not Xen * XSA-220: Xen 4.4 is not vulnerable * XSA-225: Xen 4.4 is not vulnerable * XSA-228: Xen 4.4 is not vulnerable * XSA-229: Bug is in Linux, not Xen
ubuntu/zesty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/zesty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/zesty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/zesty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/zesty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/zesty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/artful	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful-devel	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful-proposed	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
ubuntu/artful-proposed	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
ubuntu/artful-devel	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/yakkety-devel	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
applied/ubuntu/yakkety-security	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-updates	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-devel	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
applied/ubuntu/yakkety-updates	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-security	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/trusty-proposed	2017-03-16 18:48:46 UTC 2017-03-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-pro... Author: Stefan Bader Author Date: 2017-03-14 10:17:48 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 6b7754924f372d11d29c1fd7dba1fd94e3385d32 New changelog entries: * Backport upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/trusty-proposed	2017-03-16 18:48:46 UTC 2017-03-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-03-14 10:17:48 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 8cacf365bac19f5450b8b12207ed46e902476d13 Unapplied parent: 8070aef6fbe07ff94defb1c80cbb9d6a7eb1bd59 New changelog entries: * Backport upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/xenial-proposed	2017-03-16 18:18:27 UTC 2017-03-16	Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2017-03-14 15:08:39 UTC Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: d64bb210dd9e23bc1dfe6b428b581a9c136fd8fc New changelog entries: * Rebasing to upstream stable release 4.6.5 (LP: #1671864) https://www.xenproject.org/downloads/xen-archives/xen-46-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Additional security relevant changes: * CVE-2013-2076 / XSA-052 (update) - Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable) - x86: Mishandling of instruction pointer truncation during emulation * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2015-7812 / XSA-145 - arm: Host crash when preempting a multicall * CVE-2015-7813 / XSA-146 - arm: various unimplemented hypercalls log without rate limiting * CVE-2015-7814 / XSA-147 - arm: Race between domain destruction and memory allocation decrease * CVE-2015-7835 / XSA-148 - x86: Uncontrolled creation of large page mappings by PV guests * CVE-2015-7969 / XSA-149, XSA-151 - leak of main per-domain vcpu pointer array - x86: leak of per-domain profiling-related vcpu pointer array * CVE-2015-7970 / XSA-150 - x86: Long latency populate-on-demand operation is not preemptible * CVE-2015-7971 / XSA-152 - x86: some pmu and profiling hypercalls log without rate limiting * CVE-2015-7972 / XSA-153 - x86: populate-on-demand balloon size inaccuracy can crash guests * CVE-2016-2270 / XSA-154 - x86: inconsistent cachability flags on guest mappings * CVE-2015-8550 / XSA-155 - paravirtualized drivers incautious about shared memory contents * CVE-2015-5307, CVE-2015-8104 / XSA-156 - x86: CPU lockup during exception delivery * CVE-2015-8338 / XSA-158 - long running memory operations on ARM * CVE-2015-8339, CVE-2015-8340 / XSA-159 XENMEM_exchange error handling issues * CVE-2015-8341 / XSA-160 - libxl leak of pv kernel and initrd on error * CVE-2015-8555 / XSA-165 - information leak in legacy x86 FPU/XMM initialization * XSA-166 - ioreq handling possibly susceptible to multiple read issue * CVE-2016-1570 / XSA-167 - PV superpage functionality missing sanity checks * CVE-2016-1571 / XSA-168 - VMX: intercept issue with INVLPG on non-canonical address * CVE-2015-8615 / XSA-169 - x86: unintentional logging upon guest changing callback method * CVE-2016-2271 / XSA-170 - VMX: guest user mode may crash guest with non-canonical RIP * CVE-2016-3158, CVE-2016-3159 / XSA-172 - broken AMD FPU FIP/FDP/FOP leak workaround * CVE-2016-3960 / XSA-173 - x86 shadow pagetables: address width overflow * CVE-2016-4962 / XSA-175 - Unsanitised guest input in libxl device handling code * CVE-2016-4480 / XSA-176 - x86 software guest page walk PS bit handling flaw * CVE-2016-4963 / XSA-178 - Unsanitised driver domain input in libxl device handling * CVE-2016-5242 / XSA-181 - arm: Host crash caused by VMID exhaustion * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation
applied/ubuntu/xenial-proposed	2017-03-16 18:18:27 UTC 2017-03-16	Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2017-03-14 15:08:39 UTC Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 2cc042e72e8c483233075ed890af1c5a59be6e92 Unapplied parent: 367437ff4b1375f7731c3938a7eb90f42695bd04 New changelog entries: * Rebasing to upstream stable release 4.6.5 (LP: #1671864) https://www.xenproject.org/downloads/xen-archives/xen-46-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Additional security relevant changes: * CVE-2013-2076 / XSA-052 (update) - Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable) - x86: Mishandling of instruction pointer truncation during emulation * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2015-7812 / XSA-145 - arm: Host crash when preempting a multicall * CVE-2015-7813 / XSA-146 - arm: various unimplemented hypercalls log without rate limiting * CVE-2015-7814 / XSA-147 - arm: Race between domain destruction and memory allocation decrease * CVE-2015-7835 / XSA-148 - x86: Uncontrolled creation of large page mappings by PV guests * CVE-2015-7969 / XSA-149, XSA-151 - leak of main per-domain vcpu pointer array - x86: leak of per-domain profiling-related vcpu pointer array * CVE-2015-7970 / XSA-150 - x86: Long latency populate-on-demand operation is not preemptible * CVE-2015-7971 / XSA-152 - x86: some pmu and profiling hypercalls log without rate limiting * CVE-2015-7972 / XSA-153 - x86: populate-on-demand balloon size inaccuracy can crash guests * CVE-2016-2270 / XSA-154 - x86: inconsistent cachability flags on guest mappings * CVE-2015-8550 / XSA-155 - paravirtualized drivers incautious about shared memory contents * CVE-2015-5307, CVE-2015-8104 / XSA-156 - x86: CPU lockup during exception delivery * CVE-2015-8338 / XSA-158 - long running memory operations on ARM * CVE-2015-8339, CVE-2015-8340 / XSA-159 XENMEM_exchange error handling issues * CVE-2015-8341 / XSA-160 - libxl leak of pv kernel and initrd on error * CVE-2015-8555 / XSA-165 - information leak in legacy x86 FPU/XMM initialization * XSA-166 - ioreq handling possibly susceptible to multiple read issue * CVE-2016-1570 / XSA-167 - PV superpage functionality missing sanity checks * CVE-2016-1571 / XSA-168 - VMX: intercept issue with INVLPG on non-canonical address * CVE-2015-8615 / XSA-169 - x86: unintentional logging upon guest changing callback method * CVE-2016-2271 / XSA-170 - VMX: guest user mode may crash guest with non-canonical RIP * CVE-2016-3158, CVE-2016-3159 / XSA-172 - broken AMD FPU FIP/FDP/FOP leak workaround * CVE-2016-3960 / XSA-173 - x86 shadow pagetables: address width overflow * CVE-2016-4962 / XSA-175 - Unsanitised guest input in libxl device handling code * CVE-2016-4480 / XSA-176 - x86 software guest page walk PS bit handling flaw * CVE-2016-4963 / XSA-178 - Unsanitised driver domain input in libxl device handling * CVE-2016-5242 / XSA-181 - arm: Host crash caused by VMID exhaustion * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation
ubuntu/yakkety-proposed	2017-03-16 17:33:29 UTC 2017-03-16	Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2017-03-14 14:45:59 UTC Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: 126a81c2b52f8c74aa7420613ed4ce178521de60 New changelog entries: * Rebasing to upstream stable release 4.7.2 (LP: #1672767) https://www.xenproject.org/downloads/xen-archives/xen-47-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part of the stable update. - Additional security relevant changes: * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7093 / XSA-186 - x86: Mishandling of instruction pointer truncation during emulation * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9384 / XSA-194 - guest 32-bit ELF symbol table load leaking host data * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).
applied/ubuntu/yakkety-proposed	2017-03-16 17:33:29 UTC 2017-03-16	Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2017-03-14 14:45:59 UTC Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: c508d12e06d00292ed54021f6757798f0e2dd5ab Unapplied parent: be280a22c943a35ea6f83df7bd7af170e7a91a27 New changelog entries: * Rebasing to upstream stable release 4.7.2 (LP: #1672767) https://www.xenproject.org/downloads/xen-archives/xen-47-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part of the stable update. - Additional security relevant changes: * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7093 / XSA-186 - x86: Mishandling of instruction pointer truncation during emulation * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9384 / XSA-194 - guest 32-bit ELF symbol table load leaking host data * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).
ubuntu/zesty	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/zesty-proposed	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/zesty-proposed	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/zesty	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/precise-updates	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
applied/ubuntu/precise-security	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-updates	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
applied/ubuntu/precise-devel	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-devel	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-security	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/yakkety	2016-10-07 19:39:08 UTC 2016-10-07	Import patches-unapplied version 4.7.0-0ubuntu2 to ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2016-10-06 13:24:46 UTC Import patches-unapplied version 4.7.0-0ubuntu2 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: 048003ad474e3ea4f2460cf9a76e0c04b5f90d48 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-6258 / XSA-182 * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath - CVE-2016-6259 / XSA-183 * x86/entry: Avoid SMAP violation in compat_create_bounce_frame() - CVE-2016-7092 / XSA-185 * x86/32on64: don't allow recursive page tables from L3 - CVE-2016-7093 / XSA-186 * x86/emulate: Correct boundary interactions of emulated instructions * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary - CVE-2016-7094 / XSA-187 * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] - CVE-2016-7777 / XSA-190 * x86emul: honor guest CR0.TS and CR0.EM
applied/ubuntu/yakkety	2016-10-07 19:39:08 UTC 2016-10-07	Import patches-applied version 4.7.0-0ubuntu2 to applied/ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2016-10-06 13:24:46 UTC Import patches-applied version 4.7.0-0ubuntu2 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: e5deb9b98695b08fa5277bf983940a416ef8a031 Unapplied parent: 8063ee741f3b53752d06ef4213c1ae8014db1af1 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-6258 / XSA-182 * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath - CVE-2016-6259 / XSA-183 * x86/entry: Avoid SMAP violation in compat_create_bounce_frame() - CVE-2016-7092 / XSA-185 * x86/32on64: don't allow recursive page tables from L3 - CVE-2016-7093 / XSA-186 * x86/emulate: Correct boundary interactions of emulated instructions * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary - CVE-2016-7094 / XSA-187 * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] - CVE-2016-7777 / XSA-190 * x86emul: honor guest CR0.TS and CR0.EM
ubuntu/wily-devel	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 8655bdc341658d044fd5c55d12d6524030409f0f New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
ubuntu/wily-updates	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 8655bdc341658d044fd5c55d12d6524030409f0f New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated

Other repositories

Name	Last Modified
lp:ubuntu/+source/xen	2020-02-14
lp:~smb/ubuntu/+source/xen	2020-02-12
lp:~ubuntu-virt/ubuntu/+source/xen	2019-08-12

You can't create new repositories for xen in Ubuntu.