ubuntu/+source/xen:ubuntu/yakkety-updates

Last commit made on 2017-07-18
Get this branch:
git clone -b ubuntu/yakkety-updates https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/yakkety-updates
Repository:
lp:ubuntu/+source/xen

Recent commits

42cb991... by Stefan Bader on 2017-07-03

Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

9454f2f... by Stefan Bader on 2017-05-09

Import patches-unapplied version 4.7.2-0ubuntu1.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6015ea27253961eba4668bb43abec5277be5f0c6

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages

6015ea2... by Stefan Bader on 2017-03-14

Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 126a81c2b52f8c74aa7420613ed4ce178521de60

New changelog entries:
  * Rebasing to upstream stable release 4.7.2 (LP: #1672767)
    https://www.xenproject.org/downloads/xen-archives/xen-47-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part
      of the stable update.
    - Additional security relevant changes:
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7093 / XSA-186
        - x86: Mishandling of instruction pointer truncation during emulation
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9384 / XSA-194
        - guest 32-bit ELF symbol table load leaking host data
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation
  * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
    debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

126a81c... by Stefan Bader on 2017-01-09

Import patches-unapplied version 4.7.0-0ubuntu2.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 27af01076c3cee2ba6290b1ea5fd92328f6ef96b

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9384 / XSA-194
      * libelf: fix stack memory leak when loading 32 bit symbol tables
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9377, CVE-2016-9378 / XSA-196
      * x86/emul: Correct the IDT entry calculation in inject_swint()
      * x86/svm: Fix injection of software interrupts
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10025 / XSA-203
      * x86/HVM: add missing NULL check before using VMFUNC hook
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

27af010... by Stefan Bader on 2016-10-06

Import patches-unapplied version 4.7.0-0ubuntu2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 048003ad474e3ea4f2460cf9a76e0c04b5f90d48

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7093 / XSA-186
      * x86/emulate: Correct boundary interactions of emulated instructions
      * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual
        boundary
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

048003a... by Stefan Bader on 2016-08-31

Import patches-unapplied version 4.7.0-0ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 38cdaf6a6157895d96dc9845570fa78d74b5207c

New changelog entries:
  * Rebasing to upstream Xen release 4.7 (LP: #1621618)
    - Renamed all *-4.6* files into *-4.7*. Also moved references within
      various files from 4.6 to 4.7.
    - Follow previous abiname patches to create individual run-time libs
      for the versioned libxen package for libxencall, libxenevtchn,
      libxenforeignmemory, libxengnttab, and libxentoollog.
    - Modified debian/libxen-dev.install to pick up the additional headers
      and drop one which is no longer present. And also add the new libs.
    - Refreshed Debian patchesS
    - Dropped transitional packages <4.6, added a set for 4.6.
    - Dropped tools-allow-configure-time-choice-of-libexec-subdire.patch
      (upstream)
    - Dropped ubuntu-config-prefix-fix.patch (unnecessary)
    - Dropped all security patches since those were all included in
      the new upstream release.
    - Added fix for FTBS on Arm due to unused static variables and
      hardening flags turned on.
    - Switched dependencies of sysvinit scripts from libvirt-bin to
      libvirtd.
    - Added modprobe for xen-acpi-processor (no auto-load alias) to
      xenstrore init script. Otherwise there is no frequency scaling
      if the driver is compiled as a module.
    - Added proposed upstream fix for regression to save PV guests
      with more than 1G of memory.

38cdaf6... by Ian Campbell <email address hidden> on 2016-02-09

Import patches-unapplied version 4.6.0-1+nmu2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a2c75991263cb147a12886793d0a5a7525e2f4d4

New changelog entries:
  * Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of
    4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be
    installed.

a2c7599... by Ian Campbell <email address hidden> on 2016-01-19

Import patches-unapplied version 4.6.0-1+nmu1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 703d5639eec4e01f5dc87b5179d595eb95911581

New changelog entries:
  * Non-maintainer upload.
  * Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR)
    which are no longer used by the upstream build system.
  * Use correct/consistent LIBEXEC dirs throughout build
    (Closes: #805508).

703d563... by Bastian Blank on 2015-11-01

Import patches-unapplied version 4.6.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 644f68d93f7b4de29c6cdb46d93c65aa4b73832c

New changelog entries:
  * New upstream release.
  * CVE-2015-7812
  * CVE-2015-7813
  * CVE-2015-7814
  * CVE-2015-7835
  * CVE-2015-7969
  * CVE-2015-7970
  * CVE-2015-7971
  * CVE-2015-7972

644f68d... by Bastian Blank on 2015-05-31

Import patches-unapplied version 4.5.1~rc1-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: fce02d9521dc05ff1360d39de95364f98a08d09d

New changelog entries:
  [ Ian Campbell ]
  * Use xen-init-dom0 from initscript when it is available.
  * Install some user facing docs in xen-utils-common. (Closes: #688308)
  [ Bastian Blank ]
  * New upstream release candidate.