Last commit made on 2018-09-12
Get this branch:
git clone -b debian/experimental https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

158515e... by Hans van Kranenburg on 2018-09-11

Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 3fb68988c4b590a521631bf6c82457cf32e23964

New changelog entries:
  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
  * Remove stubdom/grub.patches/00cvs from the upstream source because it's
    not DFSG compliant. (license-problem-gfdl-invariants)
  * Override statically-linked-binary lintian error about
  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error
  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.
  [ John Keates ]
  * Enable OVMF (Closes: #858962)

3fb6898... by Ian Jackson on 2017-11-25

Import patches-unapplied version 4.8.2+xsa245-0+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1e6b7336901a0bb4dd9816525fbd06639f206266

New changelog entries:
  * Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2
    plus a number of bugfixes and security fixes.
    Result is that we now include security fixes for:
       XSA-231 CVE-2017-14316
       XSA-232 CVE-2017-14318
       XSA-233 CVE-2017-14317
       XSA-234 CVE-2017-14319
       (235 already included in 4.8.1-1+deb9u3)
       XSA-236 CVE-2017-15597
       XSA-237 CVE-2017-15590
       XSA-238 (no CVE yet)
       XSA-239 CVE-2017-15589
       XSA-240 CVE-2017-15595
       XSA-241 CVE-2017-15588
       XSA-242 CVE-2017-15593
       XSA-243 CVE-2017-15592
       XSA-244 CVE-2017-15594
       XSA-245 (no CVE yet)
    and a number of upstream functionality fixes, which are not easily
    disentangled from the security fixes.
  * Apply two more security fixes:
       XSA-246 (no CVE yet)
       XSA-247 (no CVE yet)

1e6b733... by Ian Jackson <email address hidden> on 2017-09-07

Import patches-unapplied version 4.8.1-1+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 24e5e9e766ba2738ab4b9b6f385d8193568353cc

New changelog entries:
  * Security fixes for
      XSA-226 CVE-2017-12135
      XSA-227 CVE-2017-12137
      XSA-228 CVE-2017-12136
      XSA-230 CVE-2017-12855
      XSA-235 (no CVE yet)
  * Adjust changelog entry for 4.8.1-1+deb9u2 to record
    that XSA-225 fix was indeed included.
  * Security fix for XSA-229 not included as that bug is in Linux, not Xen.
  * Security fixes for XSA-231..234 inc. not inclued as still embargoed.
  * Security fixes for
      XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
      XSA-221 XSA-222 XSA-223 XSA-224 XSA-225

24e5e9e... by Ian Jackson <email address hidden> on 2017-05-02

Import patches-unapplied version 4.8.1-1+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 96a3f91495abd3ebb9f2bcaba7c3a6664b57c667

New changelog entries:
  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660). (Xen 4.7 and later is not affected by XSA-215.)

96a3f91... by Ian Jackson <email address hidden> on 2017-04-18

Import patches-unapplied version 4.8.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 451bcaa74f430bcdac2709fb4edc563d5e6de48e

New changelog entries:
  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228 Closes:#859560
      XSA-207 / no cve yet Closes:#856229
      XSA-206 / no cve yet no Debian bug

451bcaa... by Ian Jackson <email address hidden> on 2017-01-23

Import patches-unapplied version 4.8.1~pre.2017.01.23-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de88f23aef33fe9959ae1200841003ba24c68df6

New changelog entries:
  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

de88f23... by Ian Jackson <email address hidden> on 2016-12-22

Import patches-unapplied version 4.8.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 055dfce789cbccde9477fcc8bc6e36e2caa62efc

New changelog entries:
  * Update to upstream Xen 4.8.0.
    Includes the following security fixes:
        XSA-201 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
        XSA-198 CVE-2016-9379 CVE-2016-9380
        XSA-196 CVE-2016-9378 CVE-2016-9377 Closes:#845669
        XSA-195 CVE-2016-9383
        XSA-194 CVE-2016-9384 Closes:#845667
        XSA-193 CVE-2016-9385
        XSA-192 CVE-2016-9382
        XSA-191 CVE-2016-9386
    Includes other bugfixes too:
        Closes:#812166, Closes:#818525.
  Cherry picks from upstream:
  * Security fixes:
        XSA-204 CVE-2016-10013 Closes:#848713
        XSA-203 CVE-2016-10025
        XSA-202 CVE-2016-10024
    For completeness, the following XSAs do not apply here:
        XSA-197 CVE-2016-9381 Bug is in qemu
        XSA-199 CVE-2016-9637 Bug is in qemu
        XSA-200 CVE-2016-9932 Xen 4.8 is not affected
  * Cherry pick a build failure fix:
      "x86/emul: add likely()/unlikely() to test harness"
  [ Ian Jackson ]
  * Drop -lcrypto search from upstream configure, and from our
    Build-Depends. Closes:#844419.
  * Change my own email address to my work (Citrix) address. When
    uploading, I will swap hats to effectively sponsor my own upload.
  [ Ian Campbell ]
  * Start a qemu process in dom0 to service the toolstacks loopback disk
    attaches. (Closes: #770456)
  * Remove correct pidfile when stopping xenconsoled.
  * Check that xenstored has actually started before talking to it.
    Incorporate a timeout so as not to block boot (Mitigates #737613)
  * Correct syntax error in xen-init-list when running with xend
    (Closes: #763102)
  * Apply SELinux labels to directories created by initscripts. Patch from
    Russell Coker. (Closes: #764912)
  * Include a reportbug control file to redirect bugs to src:xen for
    packages which contain the Xen version in the name. Closes:#796370.
  [ Lubomir Host ]
  * Fix xen-init-name to not fail looking for a nonexistent 'config'
    entry in xl's JSON output. Closes:#818129.

055dfce... by Ian Jackson on 2016-11-11

Import patches-unapplied version 4.8.0~rc5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6a57aaac4bb7e777957358fa12343acc7819e568

New changelog entries:
  * New upstream version, Xen 4.8.0 RC5.

6a57aaa... by Ian Jackson on 2016-11-05

Import patches-unapplied version 4.8.0~rc3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 849568c9a860403c587448dc382d075502515ca3

New changelog entries:
  * Upload 4.8.0~rc3 to unstable. (RC5 is out upstream, but let's not
    update to that in the middle of the Xen 4.6 -> 4.8 transition.)
  * No source changes.

849568c... by Ian Jackson on 2016-11-01

Import patches-unapplied version 4.8.0~rc3-0exp2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b3aaf9a9500cd009e1601d83f36110c260f5d174

New changelog entries:
  * Build-Depend on iasl on all architectures. ARM has ACPI now.
    Fixes FTBFS on arm64 (at least).
  * Add qemu-utils and seabios to Suggests.
  * Pass -no-pie -fno-pic to x86 emulator test build. (Patch
    also submitted upstream.) Fixes FTBFS on i386 with GCC6.
  * Add myself to Uploaders.