ubuntu/+source/xen:debian/stretch

Last commit made on 2019-02-16
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/xen

Recent commits

bae60a0... by Ian Jackson on 2019-01-11

Import patches-unapplied version 4.8.5+shim4.10.2+xsa282-1+deb9u11 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 7f362fb4bbfc7f8d27754a8ccf43a4c0b8d94e86

New changelog entries:
  * Update to new upstream versions:
     * Main tree updated to Xen 4.8.5
     * Shim updated to current upstream stable-4.10 branch, to
       avoid errors trying to cherry-pick security patches.
  * This includes fixes to:
       XSA-282 CVE-2018-19967 Xen 4.8 and 4.10 shim
       XSA-280 CVE-2018-19966 Xen 4.8 and 4.10 shim
       XSA-279 CVE-2018-19965 Xen 4.8 and 4.10 shim
       XSA-275 CVE-2018-19961 CVE-2018-19962 Xen 4.8 and 4.10 shim
       XSA-278 CVE-2018-18883 Xen 4.10 shim only
  * For completeness, the following fixes are not applicable:
       XSA-274 CVE-2018-14678 Bug is in Linux
       XSA-270 CVE-2018-15471 Bug is in Linux
       XSA-271 CVE-2018-14007 Bug is in XAPI (not in Debian)
       XSA-277 CVE-2018-19964 Bug not in either 4.8 or 4.10
       XSA-276 CVE-2018-19963 Bug not in either 4.8 or 4.10
  * Added CVEs to previous changelog entries:
       4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10
       4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9

7f362fb... by Wolodja Wentland on 2018-08-15

Import patches-unapplied version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: b4f8ff063aaca90e382b43b78f939dd905786c61

New changelog entries:
  * Update to new upstream version 4.8.4+xsa273+shim4.10.1+xsa273.
      XSA-273 (CVE-2018-3620,CVE-2018-3646)
      XSA-272 (no CVE yet)
      XSA-269 (no CVE yet)
      XSA-268 (no CVE yet)
    This version is, again, a combination of staging-4.8 and staging-4.10
    for Xen and shim respectively as in previous versions.

b4f8ff0... by Ian Jackson on 2018-06-22

Import patches-unapplied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 6562567bc6d531d3e5658589df5e071b98a1bd7d

New changelog entries:
  * Security upload [thanks to Wolodja Wentland]:
       XSA-264 (no CVE yet)
       XSA-265 (no CVE yet)
       XSA-266 (no CVE yet)
  * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267.
       XSA-267 CVE-2018-3665
    I have actually taken upstream's staging-4.8 CI input branch, which is
    identical to the CI-tested stable-4.8 except that it also has the
    XSA-267 patches. There are additional patches in upstream's
    stable-4.8 branch, beyond what was in the previous Debian stretch
    security update, which are prerequisites for the XSA-267 patches.
    For the shim, I have updated to upstream's staging-4.10, which is
    identical to the CI-tested stable-4.10q except, again, for
    XSA-267-related patches. The 4.10.0-comet branch lacks speculation
    control entirely and has been superseded upstream.
  * Include upstream XSA-263 (speculative store bypass) fixes for x86.
    I hear that ARM fixes will be forthcoming RSN. Ie,
       XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.)
  * Include a number of upstream bugfixes, including fixes to previous
    security fixes, some of which are security-relevant:
      x86: correct ordering of operations during S3 resume
      x86: suppress BTI mitigations around S3 suspend/resume
      x86/spec_ctrl: Updates to retpoline-safety decision making
      x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids)
      x86/HVM: never retain emulated insn cache when exiting back to guest
      xpti: fix bug in double fault handling
      x86/cpuidle: don't init stats lock more than once
      xen: Introduce vcpu_sleep_nosync_locked()
      xen/schedule: Fix races in vcpu migration
      x86: Fix "x86: further CPUID handling adjustments"
    The result is very similar to upstream staging-4.8. However, as
    upstream staging-4.8 has not yet passed upstream CI, I have chosen to
    cherry pick fixes so that I can drop a couple that don't look
    immediately important. We will expect to resynchronise with
    upstream's 4.8 stable branch soon.
  * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was
    needed to build the upstream 4.8 comet branch on ARM but is not needed
    for the the upstream staging/stable branch). Closes:#898898.
  * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to
    mention branch switch from upstream 4.8 comet to upstream main 4.8,
    and add some missing CVEs.
  * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3.
    (This is the upstream staging-4.8 branch, which is ahead of the
    upstream CI-tested stable-4.8 branch by precisely the three
    most recent XSA fixes. We are switching away from the special
    upstream 4.8 comet branch.)
  * Resulting security fixes:
       XSA-258 CVE-2018-10472
       XSA-259 CVE-2018-10471
       XSA-260 CVE-2018-8897
       XSA-261 CVE-2018-10982
       XSA-262 CVE-2018-10981
   * Apply two further build fixes from upstream staging-4.8.

6562567... by Ian Jackson on 2018-03-02

Import patches-unapplied version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3fb68988c4b590a521631bf6c82457cf32e23964

New changelog entries:
  * Security fixes from upstream XSAs:
       XSA-252 CVE-2018-7540
       XSA-255 CVE-2018-7541
       XSA-256 CVE-2018-7542
    The upstream BTI changes from XSA-254 (Spectre v2 mitigation)
    are *not* included. They are currently failing in upstream CI.
  * init scripts: Do not kill per-domain qemu processes. Closes:#879751.
  * Install Meltdown READMEs on all architectures. Closes:#890488.
  * Ship xen-diag (by cherry-picking the appropriate commits from
    upstream). This can help with diagnosis of #880554.
  * Fix builds on other than amd64.
  * Update to new upstream version 4.8.3+comet2+shim4.10.0+comet3.
    Specifically, this is two upstreams:
      - Upstream Xen 4.8.3 "git merge"d with upstream
        Xen Security Team (XSA-254) 4.8.3pre-shim-comet-2, in `.'
      - Upstream Xen 4.10.0-shim-comet-3 in `shim'.
    The upstream tarballs are from `git archive' with the
    gitattributes for mangling .gitarchive-info disabled.
    Therefore, we include these security fixes:
       XSA-254 CVE-2017-5754 but SP3 "Meltdown" only
       XSA-253 CVE-2018-5244
       XSA-251 CVE-2017-17565
       XSA-250 CVE-2017-17564
       XSA-249 CVE-2017-17563
       XSA-248 CVE-2017-17566
  * Ship README.pti and README.comet from the upstream XSA-254
    advisory in /usr/share/doc/xen-utils/common/.

3fb6898... by Ian Jackson on 2017-11-25

Import patches-unapplied version 4.8.2+xsa245-0+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1e6b7336901a0bb4dd9816525fbd06639f206266

New changelog entries:
  * Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2
    plus a number of bugfixes and security fixes.
    Result is that we now include security fixes for:
       XSA-231 CVE-2017-14316
       XSA-232 CVE-2017-14318
       XSA-233 CVE-2017-14317
       XSA-234 CVE-2017-14319
       (235 already included in 4.8.1-1+deb9u3)
       XSA-236 CVE-2017-15597
       XSA-237 CVE-2017-15590
       XSA-238 (no CVE yet)
       XSA-239 CVE-2017-15589
       XSA-240 CVE-2017-15595
       XSA-241 CVE-2017-15588
       XSA-242 CVE-2017-15593
       XSA-243 CVE-2017-15592
       XSA-244 CVE-2017-15594
       XSA-245 (no CVE yet)
    and a number of upstream functionality fixes, which are not easily
    disentangled from the security fixes.
  * Apply two more security fixes:
       XSA-246 (no CVE yet)
       XSA-247 (no CVE yet)

1e6b733... by Ian Jackson <email address hidden> on 2017-09-07

Import patches-unapplied version 4.8.1-1+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 24e5e9e766ba2738ab4b9b6f385d8193568353cc

New changelog entries:
  * Security fixes for
      XSA-226 CVE-2017-12135
      XSA-227 CVE-2017-12137
      XSA-228 CVE-2017-12136
      XSA-230 CVE-2017-12855
      XSA-235 (no CVE yet)
  * Adjust changelog entry for 4.8.1-1+deb9u2 to record
    that XSA-225 fix was indeed included.
  * Security fix for XSA-229 not included as that bug is in Linux, not Xen.
  * Security fixes for XSA-231..234 inc. not inclued as still embargoed.
  * Security fixes for
      XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
      XSA-221 XSA-222 XSA-223 XSA-224 XSA-225

24e5e9e... by Ian Jackson <email address hidden> on 2017-05-02

Import patches-unapplied version 4.8.1-1+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 96a3f91495abd3ebb9f2bcaba7c3a6664b57c667

New changelog entries:
  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660). (Xen 4.7 and later is not affected by XSA-215.)

96a3f91... by Ian Jackson <email address hidden> on 2017-04-18

Import patches-unapplied version 4.8.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 451bcaa74f430bcdac2709fb4edc563d5e6de48e

New changelog entries:
  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228 Closes:#859560
      XSA-207 / no cve yet Closes:#856229
      XSA-206 / no cve yet no Debian bug

451bcaa... by Ian Jackson <email address hidden> on 2017-01-23

Import patches-unapplied version 4.8.1~pre.2017.01.23-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de88f23aef33fe9959ae1200841003ba24c68df6

New changelog entries:
  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

de88f23... by Ian Jackson <email address hidden> on 2016-12-22

Import patches-unapplied version 4.8.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 055dfce789cbccde9477fcc8bc6e36e2caa62efc

New changelog entries:
  * Update to upstream Xen 4.8.0.
    Includes the following security fixes:
        XSA-201 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
        XSA-198 CVE-2016-9379 CVE-2016-9380
        XSA-196 CVE-2016-9378 CVE-2016-9377 Closes:#845669
        XSA-195 CVE-2016-9383
        XSA-194 CVE-2016-9384 Closes:#845667
        XSA-193 CVE-2016-9385
        XSA-192 CVE-2016-9382
        XSA-191 CVE-2016-9386
    Includes other bugfixes too:
        Closes:#812166, Closes:#818525.
  Cherry picks from upstream:
  * Security fixes:
        XSA-204 CVE-2016-10013 Closes:#848713
        XSA-203 CVE-2016-10025
        XSA-202 CVE-2016-10024
    For completeness, the following XSAs do not apply here:
        XSA-197 CVE-2016-9381 Bug is in qemu
        XSA-199 CVE-2016-9637 Bug is in qemu
        XSA-200 CVE-2016-9932 Xen 4.8 is not affected
  * Cherry pick a build failure fix:
      "x86/emul: add likely()/unlikely() to test harness"
  [ Ian Jackson ]
  * Drop -lcrypto search from upstream configure, and from our
    Build-Depends. Closes:#844419.
  * Change my own email address to my work (Citrix) address. When
    uploading, I will swap hats to effectively sponsor my own upload.
  [ Ian Campbell ]
  * Start a qemu process in dom0 to service the toolstacks loopback disk
    attaches. (Closes: #770456)
  * Remove correct pidfile when stopping xenconsoled.
  * Check that xenstored has actually started before talking to it.
    Incorporate a timeout so as not to block boot (Mitigates #737613)
  * Correct syntax error in xen-init-list when running with xend
    (Closes: #763102)
  * Apply SELinux labels to directories created by initscripts. Patch from
    Russell Coker. (Closes: #764912)
  * Include a reportbug control file to redirect bugs to src:xen for
    packages which contain the Xen version in the name. Closes:#796370.
  [ Lubomir Host ]
  * Fix xen-init-name to not fail looking for a nonexistent 'config'
    entry in xl's JSON output. Closes:#818129.