ubuntu/+source/xen:ubuntu/focal-devel

Last commit made on 2020-03-10
Get this branch:
git clone -b ubuntu/focal-devel https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/focal-devel
Repository:
lp:ubuntu/+source/xen

Recent commits

bf9b810... by Stefan Bader on 2020-03-09

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 7a82bea4ac38289069bbe6cdd022dc510dcd64e9

7a82bea... by Stefan Bader on 2020-03-09

release: 4.11.3+24-g14b62ab3e5-1ubuntu2

Signed-off-by: Stefan Bader <email address hidden>

d4bf81d... by Stefan Bader on 2020-03-09

Select python2 for xen-init-* scripts

Both scripts are python2 and python is no longer a valid
alias for that.

Signed-off-by: Stefan Bader <email address hidden>

7cb01e6... by Stefan Bader on 2020-03-09

Update: d/p/1000-flags-fcs-protect-none.patch

CF protection must also be turned off for the X86 boot code,
otherwise the hypervisor crashes.

Signed-off-by: Stefan Bader <email address hidden>

abca94d... by Stefan Bader on 2020-02-06

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: ad550b73061bc84fab32947cf722961bc3bc2bd6

New changelog entries:
  * Merge from Debian/Sid. Remaining changes:
    - Enforce python2 usage
      - Build-depend on python2-dev.
      - Build using python2.
      - Build-depend on lmodern.
    - Recommend qemu-system-x86-xen
    - Force fcf-protection off when using -mindirect-branch
    - Strip .note.gnu.property section for intermediate files
    - Add transitional packages for upgrades
    - Handle config file moving between packages

ad550b7... by Hans van Kranenburg on 2020-01-08

Import patches-unapplied version 4.11.3+24-g14b62ab3e5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9472efd10e51daaf7c2e2fde4bcd10850b1a8ff1

New changelog entries:
  * Update to new upstream version 4.11.3+24-g14b62ab3e5, which also
    contains the following security fixes: (Closes: #947944)
    - Unlimited Arm Atomics Operations
      XSA-295 CVE-2019-17349 CVE-2019-17350
    - VCPUOP_initialise DoS
      XSA-296 CVE-2019-18420
    - missing descriptor table limit checking in x86 PV emulation
      XSA-298 CVE-2019-18425
    - Issues with restartable PV type change operations
      XSA-299 CVE-2019-18421
    - add-to-physmap can be abused to DoS Arm hosts
      XSA-301 CVE-2019-18423
    - passed through PCI devices may corrupt host memory after deassignment
      XSA-302 CVE-2019-18424
    - ARM: Interrupts are unconditionally unmasked in exception handlers
      XSA-303 CVE-2019-18422
    - x86: Machine Check Error on Page Size Change DoS
      XSA-304 CVE-2018-12207
    - TSX Asynchronous Abort speculative side channel
      XSA-305 CVE-2019-11135
    - Device quarantine for alternate pci assignment methods
      XSA-306 CVE-2019-19579
    - find_next_bit() issues
      XSA-307 CVE-2019-19581 CVE-2019-19582
    - VMX: VMentry failure with debug exceptions and blocked states
      XSA-308 CVE-2019-19583
    - Linear pagetable use / entry miscounts
      XSA-309 CVE-2019-19578
    - Further issues with restartable PV type change operations
      XSA-310 CVE-2019-19580
    - Bugs in dynamic height handling for AMD IOMMU pagetables
      XSA-311 CVE-2019-19577
  * Add missing CVE numbers to previous changelog entries

9472efd... by Hans van Kranenburg on 2019-06-22

Import patches-unapplied version 4.11.1+92-g6c33308a8d-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d55339a884ee949599dea4c1d17aefd24829fe59

New changelog entries:
  * Mention MDS and the need for updated microcode and disabling
    hyper-threading in NEWS.
  * Mention the ucode=scan option in the grub.d/xen documentation.

d55339a... by Hans van Kranenburg on 2019-06-18

Import patches-unapplied version 4.11.1+92-g6c33308a8d-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6883c4993933bfca76d8644da97dfc2feccda644

New changelog entries:
  * Update to new upstream version 4.11.1+92-g6c33308a8d, which also
    contains the following security fixes:
    - Fix: grant table transfer issues on large hosts
      XSA-284 (no CVE yet) (Closes: #929991)
    - Fix: race with pass-through device hotplug
      XSA-285 (no CVE yet) (Closes: #929998)
    - Fix: x86: steal_page violates page_struct access discipline
      XSA-287 (no CVE yet) (Closes: #930001)
    - Fix: x86: Inconsistent PV IOMMU discipline
      XSA-288 (no CVE yet) (Closes: #929994)
    - Fix: missing preemption in x86 PV page table unvalidation
      XSA-290 (no CVE yet) (Closes: #929996)
    - Fix: x86/PV: page type reference counting issue with failed IOMMU update
      XSA-291 (no CVE yet) (Closes: #929995)
    - Fix: x86: insufficient TLB flushing when using PCID
      XSA-292 (no CVE yet) (Closes: #929993)
    - Fix: x86: PV kernel context switch corruption
      XSA-293 (no CVE yet) (Closes: #929999)
    - Fix: x86 shadow: Insufficient TLB flushing when using PCID
      XSA-294 (no CVE yet) (Closes: #929992)
    - Fix: Microarchitectural Data Sampling speculative side channel
      XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
      (Closes: #929129)
  * Note that the fixes for XSA-297 will only have effect when also loading
    updated cpu microcode with MD_CLEAR functionality. When using the
    intel-microcode package to include microcode in the dom0 initrd, it has to
    be loaded by Xen. Please refer to the hypervisor command line
    documentation about the 'ucode=scan' option.
  * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
    next upload.

6883c49... by Ian Jackson on 2019-02-28

Import patches-unapplied version 4.11.1+26-g87f51bf366-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 11c1c2b66cb7aa97e44a897cf039f080f7410e89

New changelog entries:
  Minor useability improvements and fixes:
  * bash-completion: also complete 'xen' [Hans van Kranenburg]
  * /etc/default/xen: Handle with ucf again, like in stretch.
    Closes:#923401. [Ian Jackson]
  Build fix:
  * Fix FTBFS when building only arch-indep binaries (eg
    dpkg-buildpackage -A). Was due to dh-exec bug wrt not-installed.
    Closes:#923013. [Hans van Kranenburg; report from Santiago Vila]
  Documentation fix:
  * grub.d/xen.cfg: dom0_mem max IS needed [Hans van Kranenburg]

11c1c2b... by Ian Jackson on 2019-02-22

Import patches-unapplied version 4.11.1+26-g87f51bf366-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1990c515c804cf7bfe734e8433ebd7411ec9accf

New changelog entries:
  * Packaging change: override spurious lintian warning about
    fsimage.so rpath.
  Significant changes:
  * Update to new upstream version 4.11.1+26-g87f51bf366.
    (This is from the upstream stable branch.) [Ian Jackson]
  * Build and use oxenstored rather than the C xenstored by default.
    [Ian Jackson and Hans van Kranenburg]
  * xen init script: rewrite and reorganise xenstored start logic.
    [Hans van Kranenburg]
  Documentation etc. improvements:
  * Refresh hypervisor and dom0 command line options documentation.
    (Closes: #919758) [Hans van Kranenburg; report from Gergely]
  * Ship /etc/default/xen, a striped and tidied version of upstream
    sysconfig.xencommons.in. [Hans van Kranenburg]
  Significant bugfixes:
  * xen init script: Do nothing if running for wrong Xen package.
    Avoids mystery loss of xenconsoled. Closes:#851654.
    [Ian Jackson; report from Wolodja Wentland]
  * Make pygrub work again (by fixing python module and shared library
    paths). Closes:#912381. [Ian Jackson; earlier, Bastian Blank;
    report from Dimitar Angelov, also Torben Schou Jensen]
  Packaging bugfixes:
  * Have xen-utils-common suggest xen-doc, because it contains a broken
    symlink to it. Closes:#911046.
    [Hans van Kranenburg; report from Andreas Beckmann]
  * Have xenstore-utils declare Breaks on xen-utils-common to make
    piuparts happy. Closes:#911045.
    [Hans van Kranenburg, report from Andreas Beckmann]
  * hotplug-common: Strip arch-specific libdir from config file
    Closes:#862236. [Ian Jackson; report from Stefan B├╝hler]
  * xendomains init script; Add dependency on $network.
    Closes:#798510. [Francois Lesueur]
  * xendomains init script; Add should-dependency on nfs-kernel-server
    Closes:#826871. [Geoffrey McRae]
  Packaging minor fixes and improvements [Hans van Kranenburg]:
  * debian/libxenstore3.0.symbols: revert ea2334dfe0
  * debian/control: add dh-python build-dep
  * d/xen-utils-V...: override xen-shim-syms lintian
  * debian/control: bump debhelper builddep to 10
  * debian/.gitignore: ignore more debhelper snippets
  * bash-completion: install completion rules for xl
  * xen init script: don't fail when being run in domU
  * Remove xend cruft from various init scripts etc.
  Packaging minor fixes and improvements [Ian Jackson]:
  * xen version/upgrade handling: Improve an error message
  * xen init script: silently exit status 0 if not running under xen
  * xen init script: Tidy up wrong/missing Xen version error handling
  * debian/rules: Fix tiny typos
  * hotplug-common: Do not adjust LD_LIBRARY_PATH