lp:ubuntu/raring-proposed/xen

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

39. By Stefan Bader on 2013-04-05

* Fix FTBS on i386
  - 0007-x86-Fix-i386-virtual-apic.patch
* Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
  - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
  - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
  - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch

38. By Stefan Bader on 2013-03-26

* Backporting support for Intel APIC virtualization (LP: #1160373)
  - 0001-xen-enable-APIC-Register-Virtualization.patch
  - 0002-xen-enable-Virtual-interrupt-delivery.patch
  - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
* Backporting support for Intel TSC adjust (LP: #1160378)
  - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
  - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
  - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch

37. By Stefan Bader on 2013-03-08

* New upstream stable release. Remaining changes:
  - Fix to qemu for CVE-2012-6075
  - Patches for XSA33-36 and 38
  - qemu-fix-librt-test.patch
    Fix build regression caused by glibc not requiring to link against
    librt for the clock_gettime function. Patch picked from xen-devel
    mailing list.
  - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
    Add direct include to sys/types.h for xg_main.c which likely was
    indirectly done before. Needed to get ulong type definition.
  - tools-ocaml-fix-build: refresh and reenable (and fix the description
    of) this patch. Without it the ocam native libraries (*.cmxa)
    build in /build local paths rather than appropriatly versioned
    library references.
  - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
    This will again use the Ubuntu specific LDFLAGS (using some
    hardening options). Older releases would always pass those options
    in the environment but that changed.
  - Ressurrect qemu-dm for now (upstream qemu would not support
    migration, yet). Forward-port some patches from the old Debian
    package which still included qemu-dm:
    - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
    - qemu-disable-blktap (this is not present in upstream)
    - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
      be provided by qemu/kvm package)
  - Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
    up hvmloader build. kvm-ipxe contains a subset of the rom files from
    which the Xen build only uses two to be embedded in the hvmloader.
  - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.

36. By Stefan Bader on 2013-01-29

* Applying Xen Security Advisory:
  - VT-d: fix interrupt remapping source validation for devices behind
    legacy bridges
    CVE-2012-5634 / XSA-33
  - x86_32: don't allow use of nested HVM
    CVE-2013-0151 / XSA-34
  - xen: Do not allow guests to enable nested HVM on themselves
    CVE-2013-0152 / XSA-35
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* Applying qemu security fixes:
  - e1000: Discard packets that are too long if !SBP and !LPE
    CVE-2012-6075 / XSA-41
  - Discard packets longer than 16384 when !SBP to match the hardware
    behavior.
    CVE-2012-6075 / XSA-41
* qemu-fix-librt-test.patch
  Fix build regression caused by glibc not requiring to link against
  librt for the clock_gettime function. Patch picked from xen-devel
  mailing list.
* tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
  Add direct include to sys/types.h for xg_main.c which likely was
  indirectly done before. Needed to get ulong type definition.

35. By Chris J Arges on 2013-01-15

Add libssl-dev to Build-Depends.

34. By Stefan Bader on 2012-12-05

* Applying Xen Security fixes (LP: #1086875)
  - gnttab: fix releasing of memory upon switches between versions
    CVE-2012-5510
  - hvm: Limit the size of large HVM op batches
    CVE-2012-5511
  - xen: add missing guest address range checks to XENMEM_exchange handlers
    CVE-2012-5513
  - xen: fix error handling of guest_physmap_mark_populate_on_demand()
    CVE-2012-5514
  - memop: limit guest specified extent order
    CVE-2012-5515
  - x86: get_page_from_gfn() must return NULL for invalid GFNs
    CVE-2012-5525

33. By Andy Whitcroft on 2012-11-29

tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.

32. By Stefan Bader on 2012-11-13

* Drop replaces and conflicts for xen3 packages (they are no longer
  in the upgrade path) from debian/control:
  - libxenstore3.0: Conflict and replaces libxen3.
  - libxen-dev: Conflict and replaces libxen3-dev.
  - xenstore-utils: Conflict and replaces libxen3
  - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
    and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
  This will again use the Ubuntu specific LDFLAGS (using some
  hardening options). Older releases would always pass those options
  in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
  migration, yet). Forward-port some patches from the old Debian
  package which still included qemu-dm:
  - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
  - qemu-disable-blktap (this is not present in upstream)
  - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
    be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
  up hvmloader build. kvm-ipxe contains a subset of the rom files from
  which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
  - CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
  - CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
  - CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
  - CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
  - CVE-2012-4544

31. By Chuck Short on 2012-11-08

* Merge from Debian Experimental, Remaining changes:
  - debian/control:
    - Build depends on ipxe-qemu.
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-4.1.
    - Make sure the LDFLAGS value passed is suitable for use by ld
      rather than gcc.
  - disable debian/patches/config-etherboot.diff.
  - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.

30. By Stefan Bader on 2012-09-27

* Merge from Debian unstable. Remaining changes:
  - libxenstore3.0: Conflict and replaces libxen3.
  - libxen-dev: Conflict and replaces libxen3-dev.
  - xenstore-utils: Conflict and replaces libxen3.
  - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
    and xen-utils-4.1.
  - Change depend back to ipxe as we do not have ipxe-qemu.
  - etherboot: Change the config back to include the 8086100e.rom
  - Dropped:
    - Make sure the LDFLAGS value passed is suitable for use by ld
      rather than gcc. Right now there seem to be no LDFLAGS passed.
* Backported AMD specific improvements from upstream Xen (LP: #1009098):
  - svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
  - x86: Use deep C states for off-lined CPUs
  - x86/AMD: Add support for AMD's OSVW feature in guests.
  - hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors