lp:ubuntu/raring-proposed/xen
- Get this branch:
- bzr branch lp:ubuntu/raring-proposed/xen
Branch merges
Branch information
Recent revisions
- 39. By Stefan Bader
-
* Fix FTBS on i386
- 0007-x86-Fix-i386- virtual- apic.patch
* Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
- 0008-vmx-Simplify- cr0-update- handling- by-deferring- cr4-ch. patch
- 0009-VMX-disable- SMEP-feature- when-guest- is-in-non- paging. patch
- 0010-VMX-Always- disable- SMEP-when- guest-is- in-non- paging- .patch - 38. By Stefan Bader
-
* Backporting support for Intel APIC virtualization (LP: #1160373)
- 0001-xen-enable- APIC-Register- Virtualization. patch
- 0002-xen-enable- Virtual- interrupt- delivery. patch
- 0003-xen-add-virtual- x2apic- support- for-apicv. patch
* Backporting support for Intel TSC adjust (LP: #1160378)
- 0004-x86-Implement- TSC-adjust- feature- for-HVM- guest.patch
- 0005-x86-Save-restore- TSC-adjust- during- HVM-guest- migrati. patch
- 0006-x86-Expose- TSC-adjust- to-HVM- guest.patch - 37. By Stefan Bader
-
* New upstream stable release. Remaining changes:
- Fix to qemu for CVE-2012-6075
- Patches for XSA33-36 and 38
- qemu-fix-librt-test. patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
- tools-gdbsx-fix-build- failure- with-glibc- 2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition.
- tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
- Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
- Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable- qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
- Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
- debian/patches/ silence- gcc-warnings. patch: Silence gcc warnings. - 36. By Stefan Bader
-
* Applying Xen Security Advisory:
- VT-d: fix interrupt remapping source validation for devices behind
legacy bridges
CVE-2012-5634 / XSA-33
- x86_32: don't allow use of nested HVM
CVE-2013-0151 / XSA-34
- xen: Do not allow guests to enable nested HVM on themselves
CVE-2013-0152 / XSA-35
- ACPI: acpi_table_parse() should return handler's error code
CVE-2013-0153 / XSA-36
- oxenstored incorrect handling of certain Xenbus ring states
CVE-2013-0215 / XSA-38
* Applying qemu security fixes:
- e1000: Discard packets that are too long if !SBP and !LPE
CVE-2012-6075 / XSA-41
- Discard packets longer than 16384 when !SBP to match the hardware
behavior.
CVE-2012-6075 / XSA-41
* qemu-fix-librt-test. patch
Fix build regression caused by glibc not requiring to link against
librt for the clock_gettime function. Patch picked from xen-devel
mailing list.
* tools-gdbsx-fix-build- failure- with-glibc- 2.17.patch
Add direct include to sys/types.h for xg_main.c which likely was
indirectly done before. Needed to get ulong type definition. - 34. By Stefan Bader
-
* Applying Xen Security fixes (LP: #1086875)
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_ on_demand( )
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525 - 33. By Andy Whitcroft
-
tools-ocaml-
fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references. - 32. By Stefan Bader
-
* Drop replaces and conflicts for xen3 packages (they are no longer
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable- qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544 - 31. By Chuck Short
-
* Merge from Debian Experimental, Remaining changes:
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/patches/ config- etherboot. diff.
- debian/patches/ silence- gcc-warnings. patch: Silence gcc warnings. - 30. By Stefan Bader
-
* Merge from Debian unstable. Remaining changes:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3.
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Change depend back to ipxe as we do not have ipxe-qemu.
- etherboot: Change the config back to include the 8086100e.rom
- Dropped:
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc. Right now there seem to be no LDFLAGS passed.
* Backported AMD specific improvements from upstream Xen (LP: #1009098):
- svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
- x86: Use deep C states for off-lined CPUs
- x86/AMD: Add support for AMD's OSVW feature in guests.
- hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/xen