Last commit made on 2020-05-27
Get this branch:
git clone -b debian/sid https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

eb7aabe... by Hans van Kranenburg on 2020-05-26

4.11.4-1 (patches unapplied)

Imported using git-ubuntu import.

ad550b7... by Hans van Kranenburg on 2020-01-08

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9472efd10e51daaf7c2e2fde4bcd10850b1a8ff1

New changelog entries:
  * Update to new upstream version 4.11.3+24-g14b62ab3e5, which also
    contains the following security fixes: (Closes: #947944)
    - Unlimited Arm Atomics Operations
      XSA-295 CVE-2019-17349 CVE-2019-17350
    - VCPUOP_initialise DoS
      XSA-296 CVE-2019-18420
    - missing descriptor table limit checking in x86 PV emulation
      XSA-298 CVE-2019-18425
    - Issues with restartable PV type change operations
      XSA-299 CVE-2019-18421
    - add-to-physmap can be abused to DoS Arm hosts
      XSA-301 CVE-2019-18423
    - passed through PCI devices may corrupt host memory after deassignment
      XSA-302 CVE-2019-18424
    - ARM: Interrupts are unconditionally unmasked in exception handlers
      XSA-303 CVE-2019-18422
    - x86: Machine Check Error on Page Size Change DoS
      XSA-304 CVE-2018-12207
    - TSX Asynchronous Abort speculative side channel
      XSA-305 CVE-2019-11135
    - Device quarantine for alternate pci assignment methods
      XSA-306 CVE-2019-19579
    - find_next_bit() issues
      XSA-307 CVE-2019-19581 CVE-2019-19582
    - VMX: VMentry failure with debug exceptions and blocked states
      XSA-308 CVE-2019-19583
    - Linear pagetable use / entry miscounts
      XSA-309 CVE-2019-19578
    - Further issues with restartable PV type change operations
      XSA-310 CVE-2019-19580
    - Bugs in dynamic height handling for AMD IOMMU pagetables
      XSA-311 CVE-2019-19577
  * Add missing CVE numbers to previous changelog entries

9472efd... by Hans van Kranenburg on 2019-06-22

Import patches-unapplied version 4.11.1+92-g6c33308a8d-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d55339a884ee949599dea4c1d17aefd24829fe59

New changelog entries:
  * Mention MDS and the need for updated microcode and disabling
    hyper-threading in NEWS.
  * Mention the ucode=scan option in the grub.d/xen documentation.

d55339a... by Hans van Kranenburg on 2019-06-18

Import patches-unapplied version 4.11.1+92-g6c33308a8d-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6883c4993933bfca76d8644da97dfc2feccda644

New changelog entries:
  * Update to new upstream version 4.11.1+92-g6c33308a8d, which also
    contains the following security fixes:
    - Fix: grant table transfer issues on large hosts
      XSA-284 (no CVE yet) (Closes: #929991)
    - Fix: race with pass-through device hotplug
      XSA-285 (no CVE yet) (Closes: #929998)
    - Fix: x86: steal_page violates page_struct access discipline
      XSA-287 (no CVE yet) (Closes: #930001)
    - Fix: x86: Inconsistent PV IOMMU discipline
      XSA-288 (no CVE yet) (Closes: #929994)
    - Fix: missing preemption in x86 PV page table unvalidation
      XSA-290 (no CVE yet) (Closes: #929996)
    - Fix: x86/PV: page type reference counting issue with failed IOMMU update
      XSA-291 (no CVE yet) (Closes: #929995)
    - Fix: x86: insufficient TLB flushing when using PCID
      XSA-292 (no CVE yet) (Closes: #929993)
    - Fix: x86: PV kernel context switch corruption
      XSA-293 (no CVE yet) (Closes: #929999)
    - Fix: x86 shadow: Insufficient TLB flushing when using PCID
      XSA-294 (no CVE yet) (Closes: #929992)
    - Fix: Microarchitectural Data Sampling speculative side channel
      XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
      (Closes: #929129)
  * Note that the fixes for XSA-297 will only have effect when also loading
    updated cpu microcode with MD_CLEAR functionality. When using the
    intel-microcode package to include microcode in the dom0 initrd, it has to
    be loaded by Xen. Please refer to the hypervisor command line
    documentation about the 'ucode=scan' option.
  * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
    next upload.

6883c49... by Ian Jackson on 2019-02-28

Import patches-unapplied version 4.11.1+26-g87f51bf366-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 11c1c2b66cb7aa97e44a897cf039f080f7410e89

New changelog entries:
  Minor useability improvements and fixes:
  * bash-completion: also complete 'xen' [Hans van Kranenburg]
  * /etc/default/xen: Handle with ucf again, like in stretch.
    Closes:#923401. [Ian Jackson]
  Build fix:
  * Fix FTBFS when building only arch-indep binaries (eg
    dpkg-buildpackage -A). Was due to dh-exec bug wrt not-installed.
    Closes:#923013. [Hans van Kranenburg; report from Santiago Vila]
  Documentation fix:
  * grub.d/xen.cfg: dom0_mem max IS needed [Hans van Kranenburg]

11c1c2b... by Ian Jackson on 2019-02-22

Import patches-unapplied version 4.11.1+26-g87f51bf366-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1990c515c804cf7bfe734e8433ebd7411ec9accf

New changelog entries:
  * Packaging change: override spurious lintian warning about
    fsimage.so rpath.
  Significant changes:
  * Update to new upstream version 4.11.1+26-g87f51bf366.
    (This is from the upstream stable branch.) [Ian Jackson]
  * Build and use oxenstored rather than the C xenstored by default.
    [Ian Jackson and Hans van Kranenburg]
  * xen init script: rewrite and reorganise xenstored start logic.
    [Hans van Kranenburg]
  Documentation etc. improvements:
  * Refresh hypervisor and dom0 command line options documentation.
    (Closes: #919758) [Hans van Kranenburg; report from Gergely]
  * Ship /etc/default/xen, a striped and tidied version of upstream
    sysconfig.xencommons.in. [Hans van Kranenburg]
  Significant bugfixes:
  * xen init script: Do nothing if running for wrong Xen package.
    Avoids mystery loss of xenconsoled. Closes:#851654.
    [Ian Jackson; report from Wolodja Wentland]
  * Make pygrub work again (by fixing python module and shared library
    paths). Closes:#912381. [Ian Jackson; earlier, Bastian Blank;
    report from Dimitar Angelov, also Torben Schou Jensen]
  Packaging bugfixes:
  * Have xen-utils-common suggest xen-doc, because it contains a broken
    symlink to it. Closes:#911046.
    [Hans van Kranenburg; report from Andreas Beckmann]
  * Have xenstore-utils declare Breaks on xen-utils-common to make
    piuparts happy. Closes:#911045.
    [Hans van Kranenburg, report from Andreas Beckmann]
  * hotplug-common: Strip arch-specific libdir from config file
    Closes:#862236. [Ian Jackson; report from Stefan B├╝hler]
  * xendomains init script; Add dependency on $network.
    Closes:#798510. [Francois Lesueur]
  * xendomains init script; Add should-dependency on nfs-kernel-server
    Closes:#826871. [Geoffrey McRae]
  Packaging minor fixes and improvements [Hans van Kranenburg]:
  * debian/libxenstore3.0.symbols: revert ea2334dfe0
  * debian/control: add dh-python build-dep
  * d/xen-utils-V...: override xen-shim-syms lintian
  * debian/control: bump debhelper builddep to 10
  * debian/.gitignore: ignore more debhelper snippets
  * bash-completion: install completion rules for xl
  * xen init script: don't fail when being run in domU
  * Remove xend cruft from various init scripts etc.
  Packaging minor fixes and improvements [Ian Jackson]:
  * xen version/upgrade handling: Improve an error message
  * xen init script: silently exit status 0 if not running under xen
  * xen init script: Tidy up wrong/missing Xen version error handling
  * debian/rules: Fix tiny typos
  * hotplug-common: Do not adjust LD_LIBRARY_PATH

1990c51... by Hans van Kranenburg on 2019-01-02

Import patches-unapplied version 4.11.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cf9b310535d9f0a85386be4c9c6578c7b8b6dd55

New changelog entries:
  * debian/control: Add Homepage, Vcs-Browser and Vcs-Git.
    (Closes: #911457)
  * grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086)
  * debian/rules: Don't exclude the actual pygrub script.
  * Update to new upstream version 4.11.1, which also contains:
    - Fix: insufficient TLB flushing / improper large page mappings with AMD
      XSA-275 CVE-2018-19961 CVE-2018-19962
    - Fix: resource accounting issues in x86 IOREQ server handling
      XSA-276 CVE-2018-19963
    - Fix: x86: incorrect error handling for guest p2m page removals
      XSA-277 CVE-2018-19964
    - Fix: x86: Nested VT-x usable even when disabled
      XSA-278 CVE-2018-18883
    - Fix: x86: DoS from attempting to use INVPCID with a non-canonical
      XSA-279 CVE-2018-19965
    - Fix for XSA-240 conflicts with shadow paging
      XSA-280 CVE-2018-19966
    - Fix: guest use of HLE constructs may lock up host
      XSA-282 CVE-2018-19967
  * Update version handling patching to put the team mailing list address in
    the first hypervisor log line and fix broken other substitutions.
  * Disable handle_iptable hook in vif-common script. See #894013 for more

cf9b310... by Ian Jackson on 2018-10-15

Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d89dc524620d33669117d1e48415b762b0676a1e

New changelog entries:
  * debian/rules: Cope if xen-utils-common not being built
    (Fixes binary-indep FTBFS.)

d89dc52... by Ian Jackson on 2018-10-15

Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e94312153998ddd83facf618a5756b490c8edb43

New changelog entries:
  * Many packaging fixes to fix FTBFS on all arches other than amd64.
  * xen-vbd-interface(7): Provide properly-formatted NAME section
  * Add pandoc and markdown to Build-Depends - fixes missing docs.
  * Revert "tools-xenstore-compatibility.diff" apropos of discussion

e943121... by Ian Jackson on 2018-10-12

Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 496c84bc8e65e89f1cd3c3189807ff6c7039eb1f

New changelog entries:
  * hypervisor package postinst: Actually install (avoids need to
    run update-grub by hand).
  * debian/control: Adding Section to source stanza
  * debian/control: Add missing Replaces on old xen-utils-common
  * debian/rules: Add a -n to a gzip rune to improve reproducibility