lp:ubuntu/+source/xen

Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2020-07-08 16:53:58 UTC 2020-07-08
DSC file for 4.11.4+24-gddaaccbbab-1

Author: Ubuntu Git Importer
Author Date: 2020-07-08 16:53:58 UTC

DSC file for 4.11.4+24-gddaaccbbab-1

debian/sid 2020-07-08 16:47:26 UTC 2020-07-08
4.11.4+24-gddaaccbbab-1 (patches unapplied)

Author: Hans van Kranenburg
Author Date: 2020-07-07 14:07:39 UTC

4.11.4+24-gddaaccbbab-1 (patches unapplied)

Imported using git-ubuntu import.

applied/debian/sid 2020-07-08 16:47:26 UTC 2020-07-08
4.11.4+24-gddaaccbbab-1 (patches applied)

Author: Hans van Kranenburg
Author Date: 2020-07-07 14:07:39 UTC

4.11.4+24-gddaaccbbab-1 (patches applied)

Imported using git-ubuntu import.

importer/ubuntu/dsc 2020-03-10 09:04:21 UTC 2020-03-10
DSC file for 4.11.3+24-g14b62ab3e5-1ubuntu2

Author: Ubuntu Git Importer
Author Date: 2020-03-10 09:04:21 UTC

DSC file for 4.11.3+24-g14b62ab3e5-1ubuntu2

ubuntu/focal 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

ubuntu/groovy-devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

applied/ubuntu/focal-devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

applied/ubuntu/groovy 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

applied/ubuntu/devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

ubuntu/groovy 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

ubuntu/devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

applied/ubuntu/focal 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

applied/ubuntu/groovy-devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

ubuntu/focal-devel 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

ubuntu/focal-proposed 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/foc...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

applied/ubuntu/focal-proposed 2020-03-10 08:50:10 UTC 2020-03-10
Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubun...

Author: Stefan Bader
Author Date: 2020-03-09 16:17:56 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: edc6b2d6bdbfb13c7ba33ede9d5ea72236bf0b47
Unapplied parent: 88d10860e490d716fbcdb2dbd82c02d8084e03e5

New changelog entries:
  * Update: Building hypervisor with cf-protection enabled
  * Set python2 for xen-init-name and xen-init-list scripts

debian/stretch 2020-02-08 18:00:49 UTC 2020-02-08
Import patches-unapplied version 4.8.5.final+shim4.10.4-1+deb9u12 to debian/s...

Author: Ian Jackson
Author Date: 2020-01-10 17:09:30 UTC

Import patches-unapplied version 4.8.5.final+shim4.10.4-1+deb9u12 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: bae60a0b429a0966da3b11cfcf61d74a564fb472

New changelog entries:
  * *NOTE* this will probably be the *LAST UPDATE* for Xen in Debian 9.x
    (stretch), since this is the last batch of security patches from
    upstream, where Xen 4.8 is out of security support.
  * Update to new upstream final tip of 4.8 stable branch, which I have
    dubbed upstream/stable-4.8.5.final. And shim 4.10.4.
  * This includes fixes to:
       XSA-311 CVE-2019-19577
       XSA-310 CVE-2019-19580
       XSA-309 CVE-2019-19578
       XSA-308 CVE-2019-19583
       XSA-307 CVE-2019-19581 CVE-2019-19582
       XSA-306 CVE-2019-19579
       XSA-305 CVE-2019-11135
       XSA-304 CVE-2018-12207
       XSA-303 CVE-2019-18422
       XSA-302 CVE-2019-18424
       XSA-301 CVE-2019-18423
       XSA-299 CVE-2019-18421
       XSA-298 CVE-2019-18425
       XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
       XSA-296 CVE-2019-18420
       XSA-295 CVE-2019-17349 CVE-2019-17350
       XSA-294 CVE-2019-17348
       XSA-293 CVE-2019-17347
       XSA-292 CVE-2019-17346
       XSA-291 CVE-2019-17345
       XSA-290 CVE-2019-17344
       XSA-288 CVE-2019-17343
       XSA-287 CVE-2019-17342
       XSA-285 CVE-2019-17341
       XSA-284 CVE-2019-17340
  * For completeness, the following are not applicable:
       XSA-300 CVE-2019-17351 Bug is in Linux
       XSA-289 Spectre V1 + L1TF combo; no new fixes
       XSA-283 Withdrawn XSA number
       XSA-281 Withdrawn XSA number
  * The following is *not* fixed at this time:
       XSA-286 Still embargoed.
  * README.comet: remove line about PVH support.
    [Hans van Kranenburg] Closes:#908453.

applied/debian/stretch 2020-02-08 18:00:49 UTC 2020-02-08
Import patches-applied version 4.8.5.final+shim4.10.4-1+deb9u12 to applied/de...

Author: Ian Jackson
Author Date: 2020-01-10 17:09:30 UTC

Import patches-applied version 4.8.5.final+shim4.10.4-1+deb9u12 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 00fae7290df72c3821c25f77c2051e80975af466
Unapplied parent: addb67f070c283ae2042c4e5c63fa26fe73035b2

New changelog entries:
  * *NOTE* this will probably be the *LAST UPDATE* for Xen in Debian 9.x
    (stretch), since this is the last batch of security patches from
    upstream, where Xen 4.8 is out of security support.
  * Update to new upstream final tip of 4.8 stable branch, which I have
    dubbed upstream/stable-4.8.5.final. And shim 4.10.4.
  * This includes fixes to:
       XSA-311 CVE-2019-19577
       XSA-310 CVE-2019-19580
       XSA-309 CVE-2019-19578
       XSA-308 CVE-2019-19583
       XSA-307 CVE-2019-19581 CVE-2019-19582
       XSA-306 CVE-2019-19579
       XSA-305 CVE-2019-11135
       XSA-304 CVE-2018-12207
       XSA-303 CVE-2019-18422
       XSA-302 CVE-2019-18424
       XSA-301 CVE-2019-18423
       XSA-299 CVE-2019-18421
       XSA-298 CVE-2019-18425
       XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
       XSA-296 CVE-2019-18420
       XSA-295 CVE-2019-17349 CVE-2019-17350
       XSA-294 CVE-2019-17348
       XSA-293 CVE-2019-17347
       XSA-292 CVE-2019-17346
       XSA-291 CVE-2019-17345
       XSA-290 CVE-2019-17344
       XSA-288 CVE-2019-17343
       XSA-287 CVE-2019-17342
       XSA-285 CVE-2019-17341
       XSA-284 CVE-2019-17340
  * For completeness, the following are not applicable:
       XSA-300 CVE-2019-17351 Bug is in Linux
       XSA-289 Spectre V1 + L1TF combo; no new fixes
       XSA-283 Withdrawn XSA number
       XSA-281 Withdrawn XSA number
  * The following is *not* fixed at this time:
       XSA-286 Still embargoed.
  * README.comet: remove line about PVH support.
    [Hans van Kranenburg] Closes:#908453.

debian/buster 2020-02-08 17:22:28 UTC 2020-02-08
Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to debian/bu...

Author: Hans van Kranenburg
Author Date: 2020-01-08 13:21:23 UTC

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to debian/buster

Imported using git-ubuntu import.

Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6

New changelog entries:
  * Rebuild for buster-security

applied/debian/buster 2020-02-08 17:22:28 UTC 2020-02-08
Import patches-applied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to applied/deb...

Author: Hans van Kranenburg
Author Date: 2020-01-08 13:21:23 UTC

Import patches-applied version 4.11.3+24-g14b62ab3e5-1~deb10u1 to applied/debian/buster

Imported using git-ubuntu import.

Changelog parent: 7080175aa41a5e945f25699a16501088a61c2aa9
Unapplied parent: 7a6217b2d828754c837d5c44023719027bdc618d

New changelog entries:
  * Rebuild for buster-security

applied/ubuntu/eoan-proposed 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/eoan-devel 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/ubuntu/eoan-devel 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/ubuntu/disco-devel 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/eoan-proposed 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/disco-proposed 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/disco-updates 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/ubuntu/eoan-updates 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/eoan-updates 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/ubuntu/disco-updates 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

ubuntu/disco-devel 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-unapplied version 4.9.2-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: bdebf520de18eb7b9442b172b7bc339701e6aeb9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/ubuntu/disco-proposed 2020-01-07 10:29:17 UTC 2020-01-07
Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Author: Stefan Bader
Author Date: 2019-12-11 17:23:34 UTC

Import patches-applied version 4.9.2-0ubuntu5 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 55eac63ad8f393dad69fa3edd7c19550b44d54d3
Unapplied parent: edaf8397114f77d6ad5e86693ea26a2d333798d9

New changelog entries:
  * Fix FTBS in Eoan (LP: #1823441). Except the last two changes, these are
    all cherry picks from Xen upstream to handle gcc8 and gcc9 changes.
    - d/p/x86-e820-fix-build-with-gcc9.patch
    - d/p/x86-IO-APIC-fix-build-with-gcc9.patch
    - d/p/trace-fix-build-with-gcc9.patch
    - d/p/tools-libxc-fix-strncpy-size.patch
    - d/p/tools-misc-fix-hypothetical-buffer-overflow-in-xen-l.patch
    - d/p/tools-xentop-replace-use-of-deprecated-vwprintw.patch
    - d/p/tools-xenpmd-fix-possible-0-truncation.patch
    - d/p/xenpmd-make-32-bit-gcc-8.1-non-debug-build-work.patch
    - d/p/libacpi-fixes-for-iasl-20180427.patch
    - d/p/tools-blktap2-fix-possible-0-truncation.patch
    - d/p/tools-blktap2-fix-hypothetical-buffer-overflow.patch
    - d/p/libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
    - d/p/ubuntu/flags-fcs-protect-none.patch
    - d/p/ubuntu/strip-note-gnu-property.patch
  * Fix decode failed panics with v5.2+ kernels (LP: #1851091)
    - d/p/0001-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.patch
    - d/p/0002-lz4-pull-out-constant-tables.patch
    - d/p/0003-lz4-fix-system-halt-at-boot-kernel-on-x86_64.patch

applied/debian/experimental 2018-09-12 16:27:11 UTC 2018-09-12
Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to ...

Author: Hans van Kranenburg
Author Date: 2018-09-11 13:34:34 UTC

Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 5907bf887df27a51cf6228e2bb473a389dec30b0
Unapplied parent: 7a9f512c83dbf118dff60e692d10ef6c3723c0ce

New changelog entries:
  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
  * Remove stubdom/grub.patches/00cvs from the upstream source because it's
    not DFSG compliant. (license-problem-gfdl-invariants)
  * Override statically-linked-binary lintian error about
    usr/lib/xen-4.11/boot/xen-shim
  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error
  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.
  [ John Keates ]
  * Enable OVMF (Closes: #858962)

debian/experimental 2018-09-12 16:27:11 UTC 2018-09-12
Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 t...

Author: Hans van Kranenburg
Author Date: 2018-09-11 13:34:34 UTC

Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 3fb68988c4b590a521631bf6c82457cf32e23964

New changelog entries:
  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
  * Remove stubdom/grub.patches/00cvs from the upstream source because it's
    not DFSG compliant. (license-problem-gfdl-invariants)
  * Override statically-linked-binary lintian error about
    usr/lib/xen-4.11/boot/xen-shim
  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error
  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.
  [ John Keates ]
  * Enable OVMF (Closes: #858962)

ubuntu/eoan 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7

New changelog entries:
  * No-change rebuild for ncurses soname changes.

ubuntu/cosmic-devel 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7

New changelog entries:
  * No-change rebuild for ncurses soname changes.

ubuntu/cosmic 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/eoan 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058
Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b

New changelog entries:
  * No-change rebuild for ncurses soname changes.

ubuntu/cosmic-proposed 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/disco 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058
Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/cosmic-proposed 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058
Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b

New changelog entries:
  * No-change rebuild for ncurses soname changes.

ubuntu/disco 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/cosmic-devel 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058
Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/cosmic 2018-05-03 15:44:42 UTC 2018-05-03
Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-05-03 14:20:24 UTC

Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058
Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b

New changelog entries:
  * No-change rebuild for ncurses soname changes.

applied/ubuntu/bionic-devel 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f
Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

applied/ubuntu/bionic-proposed 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f
Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

ubuntu/bionic-devel 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

ubuntu/bionic 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

applied/ubuntu/bionic 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f
Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

ubuntu/bionic-proposed 2018-04-16 09:44:14 UTC 2018-04-16
Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Author: Stefan Bader
Author Date: 2018-04-12 09:54:57 UTC

Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d

New changelog entries:
  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540 (new)
    - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541 (new)
    - XSA-256 / CVE-2018-7542 (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

importer/debian/pristine-tar 2018-03-15 18:10:58 UTC 2018-03-15
pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-15 18:10:58 UTC

pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz

importer/ubuntu/pristine-tar 2018-03-06 02:52:21 UTC 2018-03-06
pristine-tar data for xen_4.9.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-06 02:52:21 UTC

pristine-tar data for xen_4.9.0.orig.tar.gz

applied/debian/jessie 2017-12-09 17:59:12 UTC 2017-12-09
Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie

Author: Ian Jackson
Author Date: 2017-09-05 17:35:04 UTC

Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: cf98bd19cd9d3058b1642c0ce919a305013447f8
Unapplied parent: 7fc1f5bbf892220dae61f3ab60c9dc9c9bf53339

New changelog entries:
  Security updates, including some very important fixes:
  * XSA-217 CVE-2017-10912
  * XSA-218 CVE-2017-10913 CVE-2017-10914
  * XSA-219 CVE-2017-10915
  * XSA-221 CVE-2017-10917
  * XSA-222 CVE-2017-10918
  * XSA-224 CVE-2017-10919
  * XSA-226 CVE-2017-12135
  * XSA-227 CVE-2017-12137
  * XSA-230 CVE-2017-12855
  * XSA-235 no CVE assigned yet
  Bugfixes:
  * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch)
  FYI, XSAs which remain outstanding because no patch is available.
  * XSA-223: armhf/arm64 guest-induced host crash vulnerability
  FYI, inapplicable XSAs, for which no patch is included:
  * XSA-216: Bugs are in Linux and Qemu, not Xen
  * XSA-220: Xen 4.4 is not vulnerable
  * XSA-225: Xen 4.4 is not vulnerable
  * XSA-228: Xen 4.4 is not vulnerable
  * XSA-229: Bug is in Linux, not Xen

debian/jessie 2017-12-09 17:59:12 UTC 2017-12-09
Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie

Author: Ian Jackson
Author Date: 2017-09-05 17:35:04 UTC

Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: c51f1b9be10ea208bbd65406f81c154ed482fe75

New changelog entries:
  Security updates, including some very important fixes:
  * XSA-217 CVE-2017-10912
  * XSA-218 CVE-2017-10913 CVE-2017-10914
  * XSA-219 CVE-2017-10915
  * XSA-221 CVE-2017-10917
  * XSA-222 CVE-2017-10918
  * XSA-224 CVE-2017-10919
  * XSA-226 CVE-2017-12135
  * XSA-227 CVE-2017-12137
  * XSA-230 CVE-2017-12855
  * XSA-235 no CVE assigned yet
  Bugfixes:
  * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch)
  FYI, XSAs which remain outstanding because no patch is available.
  * XSA-223: armhf/arm64 guest-induced host crash vulnerability
  FYI, inapplicable XSAs, for which no patch is included:
  * XSA-216: Bugs are in Linux and Qemu, not Xen
  * XSA-220: Xen 4.4 is not vulnerable
  * XSA-225: Xen 4.4 is not vulnerable
  * XSA-228: Xen 4.4 is not vulnerable
  * XSA-229: Bug is in Linux, not Xen

applied/ubuntu/zesty-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0
Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/zesty-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0
Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/zesty-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0
Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/xenial-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/zesty-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/xenial-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu...

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca
Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/xenial-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu...

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca
Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/zesty-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/xenial-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/trusty-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/zesty-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Author: Stefan Bader
Author Date: 2017-10-11 12:42:34 UTC

Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/xenial-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu...

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca
Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/trusty-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/trusty-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae
Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/trusty-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/trusty-security 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae
Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

applied/ubuntu/trusty-devel 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus...

Author: Stefan Bader
Author Date: 2017-10-11 14:26:04 UTC

Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae
Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/xenial-updates 2017-10-16 12:58:34 UTC 2017-10-16
Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Author: Stefan Bader
Author Date: 2017-10-11 13:41:03 UTC

Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

ubuntu/artful-proposed 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

ubuntu/artful 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

ubuntu/artful-devel 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

applied/ubuntu/artful-proposed 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2
Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

applied/ubuntu/artful-devel 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2
Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

applied/ubuntu/artful 2017-10-13 16:13:22 UTC 2017-10-13
Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Author: Stefan Bader
Author Date: 2017-10-10 09:24:52 UTC

Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2
Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

ubuntu/yakkety-devel 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

applied/ubuntu/yakkety-security 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec...

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c
Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

applied/ubuntu/yakkety-devel 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec...

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c
Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

applied/ubuntu/yakkety-updates 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec...

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c
Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

ubuntu/yakkety-updates 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

ubuntu/yakkety-security 2017-07-18 12:49:02 UTC 2017-07-18
Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Author: Stefan Bader
Author Date: 2017-07-03 14:12:19 UTC

Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

ubuntu/trusty-proposed 2017-03-16 18:48:46 UTC 2017-03-16
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-pro...

Author: Stefan Bader
Author Date: 2017-03-14 10:17:48 UTC

Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 6b7754924f372d11d29c1fd7dba1fd94e3385d32

New changelog entries:
  * Backport upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

applied/ubuntu/trusty-proposed 2017-03-16 18:48:46 UTC 2017-03-16
Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trus...

Author: Stefan Bader
Author Date: 2017-03-14 10:17:48 UTC

Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 8cacf365bac19f5450b8b12207ed46e902476d13
Unapplied parent: 8070aef6fbe07ff94defb1c80cbb9d6a7eb1bd59

New changelog entries:
  * Backport upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

applied/ubuntu/xenial-proposed 2017-03-16 18:18:27 UTC 2017-03-16
Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed

Author: Stefan Bader
Author Date: 2017-03-14 15:08:39 UTC

Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 2cc042e72e8c483233075ed890af1c5a59be6e92
Unapplied parent: 367437ff4b1375f7731c3938a7eb90f42695bd04

New changelog entries:
  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

ubuntu/xenial-proposed 2017-03-16 18:18:27 UTC 2017-03-16
Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed

Author: Stefan Bader
Author Date: 2017-03-14 15:08:39 UTC

Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: d64bb210dd9e23bc1dfe6b428b581a9c136fd8fc

New changelog entries:
  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

applied/ubuntu/yakkety-proposed 2017-03-16 17:33:29 UTC 2017-03-16
Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed

Author: Stefan Bader
Author Date: 2017-03-14 14:45:59 UTC

Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: c508d12e06d00292ed54021f6757798f0e2dd5ab
Unapplied parent: be280a22c943a35ea6f83df7bd7af170e7a91a27

New changelog entries:
  * Rebasing to upstream stable release 4.7.2 (LP: #1672767)
    https://www.xenproject.org/downloads/xen-archives/xen-47-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part
      of the stable update.
    - Additional security relevant changes:
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7093 / XSA-186
        - x86: Mishandling of instruction pointer truncation during emulation
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9384 / XSA-194
        - guest 32-bit ELF symbol table load leaking host data
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation
  * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
    debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

ubuntu/yakkety-proposed 2017-03-16 17:33:29 UTC 2017-03-16
Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed

Author: Stefan Bader
Author Date: 2017-03-14 14:45:59 UTC

Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 126a81c2b52f8c74aa7420613ed4ce178521de60

New changelog entries:
  * Rebasing to upstream stable release 4.7.2 (LP: #1672767)
    https://www.xenproject.org/downloads/xen-archives/xen-47-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part
      of the stable update.
    - Additional security relevant changes:
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7093 / XSA-186
        - x86: Mishandling of instruction pointer truncation during emulation
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9384 / XSA-194
        - guest 32-bit ELF symbol table load leaking host data
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation
  * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
    debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

applied/ubuntu/zesty-proposed 2017-03-15 15:13:21 UTC 2017-03-15
Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed

Author: Stefan Bader
Author Date: 2017-03-14 08:27:04 UTC

Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b
Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792

New changelog entries:
  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

applied/ubuntu/zesty 2017-03-15 15:13:21 UTC 2017-03-15
Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed

Author: Stefan Bader
Author Date: 2017-03-14 08:27:04 UTC

Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b
Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792

New changelog entries:
  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

ubuntu/zesty 2017-03-15 15:13:21 UTC 2017-03-15
Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed

Author: Stefan Bader
Author Date: 2017-03-14 08:27:04 UTC

Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464

New changelog entries:
  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

ubuntu/zesty-proposed 2017-03-15 15:13:21 UTC 2017-03-15
Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed

Author: Stefan Bader
Author Date: 2017-03-14 08:27:04 UTC

Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464

New changelog entries:
  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

ubuntu/precise-devel 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

applied/ubuntu/precise-updates 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3
Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

applied/ubuntu/precise-security 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3
Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

applied/ubuntu/precise-devel 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3
Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

ubuntu/precise-security 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

ubuntu/precise-updates 2017-01-12 18:43:32 UTC 2017-01-12
Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-...

Author: Stefan Bader
Author Date: 2017-01-11 10:44:28 UTC

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

1100 of 204 results
This repository contains Public information 
Everyone can see this information.