xen (4.11.4+107-gef32c7afa2-1) buster-security; urgency=high
* Update to new upstream version 4.11.4+107-gef32c7afa2, which also contains
security fixes for the following issues:
- inappropriate x86 IOMMU timeout detection / handling
XSA-373 CVE-2021-28692
- Speculative Code Store Bypass
XSA-375 CVE-2021-0089 CVE-2021-26313
- x86: TSX Async Abort protections not restored after S3
XSA-377 CVE-2021-28690
* Note that the following XSA are not listed, because...
- XSA-370 does not contain code changes.
- XSA-371 and XSA-374 have patches for the Linux kernel.
- XSA-372 only applies to Xen 4.12 and newer.
-- Hans van Kranenburg <hans@knorrie.org> Mon, 14 Jun 2021 16:41:01 +0200
xen (4.11.4+99-g8bce4698f6-1) buster-security; urgency=high
* Update to new upstream version 4.11.4+99-g8bce4698f6, which also contains
security fixes for the following issues:
- arm: The cache may not be cleaned for newly allocated scrubbed pages
XSA-364 CVE-2021-26933
- missed flush in XSA-321 backport
XSA-366 CVE-2021-27379
* Note that the following XSA are not listed, because...
- XSA-360 and XSA-368 only apply to Xen 4.12 and newer.
- XSA-361, XSA-362, XSA-363, XSA-365, XSA-367 and XSA-369 have patches for
the Linux kernel.
* Drop separate patches for XSAs up to 359 that are now included in the
upstream stable branch.
* Fix cosmetics wrt. XSA/CVE text formatting in the previous entry.
-- Hans van Kranenburg <hans@knorrie.org> Wed, 24 Mar 2021 19:52:15 +0100
xen (4.11.4+57-g41a822c392-2) buster-security; urgency=high
* Apply security fixes for the following issues:
- oxenstored: permissions not checked on root node
XSA-353 CVE-2020-29479
- xenstore watch notifications lacking permission checks
XSA-115 CVE-2020-29480
- Xenstore: new domains inheriting existing node permissions
XSA-322 CVE-2020-29481
- Xenstore: wrong path length check
XSA-323 CVE-2020-29482
- Xenstore: guests can crash xenstored via watchs
XSA-324 CVE-2020-29484
- Xenstore: guests can disturb domain cleanup
XSA-325 CVE-2020-29483
- oxenstored memory leak in reset_watches
XSA-330 CVE-2020-29485
- oxenstored: node ownership can be changed by unprivileged clients
XSA-352 CVE-2020-29486
- undue recursion in x86 HVM context switch code
XSA-348 CVE-2020-29566
- FIFO event channels control block related ordering
XSA-358 CVE-2020-29570
- FIFO event channels control structure ordering
XSA-359 CVE-2020-29571
* Note that the following XSA are not listed, because...
- XSA-349 and XSA-350 have patches for the Linux kernel
- XSA-354 has patches for the XAPI toolstack
- XSA-356 only applies to Xen 4.14
-- Hans van Kranenburg <hans@knorrie.org> Fri, 11 Dec 2020 22:10:09 +0100
xen (4.11.4+57-g41a822c392-1) buster-security; urgency=high
* Update to new upstream version 4.11.4+57-g41a822c392, which also contains
security fixes for the following issues:
- x86: Race condition in Xen mapping code
XSA-345 CVE-2020-27672
- undue deferral of IOMMU TLB flushes
XSA-346 CVE-2020-27671
- unsafe AMD IOMMU page table updates
XSA-347 CVE-2020-27670
- x86 PV guest INVLPG-like flushes may leave stale TLB entries
XSA-286 CVE-2020-27674
- Information leak via power sidechannel
XSA-351 CVE-2020-28368
- stack corruption from XSA-346 change
XSA-355 CVE-2020-29040
-- Hans van Kranenburg <hans@knorrie.org> Thu, 03 Dec 2020 13:56:29 +0100
xen (4.11.4+37-g3263f257ca-1) buster-security; urgency=high
* Update to new upstream version 4.11.4+37-g3263f257ca, which also contains
security fixes for the following issues:
- x86 pv: Crash when handling guest access to MSR_MISC_ENABLE
XSA-333 CVE-2020-25602
- race when migrating timers between x86 HVM vCPU-s
XSA-336 CVE-2020-25604
- PCI passthrough code reading back hardware registers
XSA-337 CVE-2020-25595
- once valid event channels may not turn invalid
XSA-338 CVE-2020-25597
- x86 pv guest kernel DoS via SYSENTER
XSA-339 CVE-2020-25596
- Missing memory barriers when accessing/allocating an event channel
XSA-340 CVE-2020-25603
- out of bounds event channels available to 32-bit x86 domains
XSA-342 CVE-2020-25600
- races with evtchn_reset()
XSA-343 CVE-2020-25599
- lack of preemption in evtchn_reset() / evtchn_destroy()
XSA-344 CVE-2020-25601
* Note that with this update, we will be detaching the Buster updates from
the Xen version in Debian unstable, which will get a newer Xen version
RSN.
-- Hans van Kranenburg <hans@knorrie.org> Thu, 01 Oct 2020 14:50:58 +0200
xen (4.11.4+24-gddaaccbbab-1~deb10u1) buster-security; urgency=high
* Rebuild as Buster security update.
-- Hans van Kranenburg <hans@knorrie.org> Fri, 10 Jul 2020 18:54:34 +0200
xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium
* Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
security fixes for the following issues:
- inverted code paths in x86 dirty VRAM tracking
XSA-319 CVE-2020-15563
- Special Register Buffer speculative side channel
XSA-320 CVE-2020-0543
N.B: To mitigate this issue, new cpu microcode is required. The changes
in Xen provide a workaround for affected hardware that is not receiving
a vendor microcode update. Please refer to the upstream XSA-320 Advisory
text for more details.
- insufficient cache write-back under VT-d
XSA-321 CVE-2020-15565
- Missing alignment check in VCPUOP_register_vcpu_info
XSA-327 CVE-2020-15564
- non-atomic modification of live EPT PTE
XSA-328 CVE-2020-15567
-- Hans van Kranenburg <hans@knorrie.org> Tue, 07 Jul 2020 16:07:39 +0200
xen (4.11.4-1) unstable; urgency=medium
* Update to new upstream version 4.11.4, which also contains security fixes
for the following issues:
- arm: a CPU may speculate past the ERET instruction
XSA-312 (no CVE yet)
- multiple xenoprof issues
XSA-313 CVE-2020-11740 CVE-2020-11741
- Missing memory barriers in read-write unlock paths
XSA-314 CVE-2020-11739
- Bad error path in GNTTABOP_map_grant
XSA-316 CVE-2020-11743
- Bad continuation handling in GNTTABOP_copy
XSA-318 CVE-2020-11742
* xen-utils and xen-utils-common maint scripts: Replace the previous fix in
the xen init script with a better fix in the xen-utils package instead, to
prevent calling the init script stop action (resulting in a disappeared
xenconsoled) when removing a xen-utils package that belongs to a previous
(not currently runing) Xen version. Also prevent the xen-utils-common
package from inadvertently calling stop and start actions because
dh_installinit would add code for that. (Closes: #932759)
* debian/NEWS: Mention fixing #932759 and how to deal with the bug
-- Hans van Kranenburg <hans@knorrie.org> Tue, 26 May 2020 13:33:17 +0200
xen (4.11.3+24-g14b62ab3e5-1) unstable; urgency=high
* Update to new upstream version 4.11.3+24-g14b62ab3e5, which also
contains the following security fixes: (Closes: #947944)
- Unlimited Arm Atomics Operations
XSA-295 CVE-2019-17349 CVE-2019-17350
- VCPUOP_initialise DoS
XSA-296 CVE-2019-18420
- missing descriptor table limit checking in x86 PV emulation
XSA-298 CVE-2019-18425
- Issues with restartable PV type change operations
XSA-299 CVE-2019-18421
- add-to-physmap can be abused to DoS Arm hosts
XSA-301 CVE-2019-18423
- passed through PCI devices may corrupt host memory after deassignment
XSA-302 CVE-2019-18424
- ARM: Interrupts are unconditionally unmasked in exception handlers
XSA-303 CVE-2019-18422
- x86: Machine Check Error on Page Size Change DoS
XSA-304 CVE-2018-12207
- TSX Asynchronous Abort speculative side channel
XSA-305 CVE-2019-11135
- Device quarantine for alternate pci assignment methods
XSA-306 CVE-2019-19579
- find_next_bit() issues
XSA-307 CVE-2019-19581 CVE-2019-19582
- VMX: VMentry failure with debug exceptions and blocked states
XSA-308 CVE-2019-19583
- Linear pagetable use / entry miscounts
XSA-309 CVE-2019-19578
- Further issues with restartable PV type change operations
XSA-310 CVE-2019-19580
- Bugs in dynamic height handling for AMD IOMMU pagetables
XSA-311 CVE-2019-19577
* Add missing CVE numbers to previous changelog entries
-- Hans van Kranenburg <hans@knorrie.org> Wed, 08 Jan 2020 12:41:42 +0100
xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high
* Mention MDS and the need for updated microcode and disabling
hyper-threading in NEWS.
* Mention the ucode=scan option in the grub.d/xen documentation.
-- Hans van Kranenburg <hans@knorrie.org> Sat, 22 Jun 2019 11:15:08 +0200
xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
* Update to new upstream version 4.11.1+92-g6c33308a8d, which also
contains the following security fixes:
- Fix: grant table transfer issues on large hosts
XSA-284 CVE-2019-17340 (Closes: #929991)
- Fix: race with pass-through device hotplug
XSA-285 CVE-2019-17341 (Closes: #929998)
- Fix: x86: steal_page violates page_struct access discipline
XSA-287 CVE-2019-17342 (Closes: #930001)
- Fix: x86: Inconsistent PV IOMMU discipline
XSA-288 CVE-2019-17343 (Closes: #929994)
- Fix: missing preemption in x86 PV page table unvalidation
XSA-290 CVE-2019-17344 (Closes: #929996)
- Fix: x86/PV: page type reference counting issue with failed IOMMU update
XSA-291 CVE-2019-17345 (Closes: #929995)
- Fix: x86: insufficient TLB flushing when using PCID
XSA-292 CVE-2019-17346 (Closes: #929993)
- Fix: x86: PV kernel context switch corruption
XSA-293 CVE-2019-17347 (Closes: #929999)
- Fix: x86 shadow: Insufficient TLB flushing when using PCID
XSA-294 CVE-2019-17348 (Closes: #929992)
- Fix: Microarchitectural Data Sampling speculative side channel
XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
(Closes: #929129)
* Note that the fixes for XSA-297 will only have effect when also loading
updated cpu microcode with MD_CLEAR functionality. When using the
intel-microcode package to include microcode in the dom0 initrd, it has to
be loaded by Xen. Please refer to the hypervisor command line
documentation about the 'ucode=scan' option.
* Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
next upload.
-- Hans van Kranenburg <hans@knorrie.org> Tue, 18 Jun 2019 09:50:19 +0200
xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium
Minor useability improvements and fixes:
* bash-completion: also complete 'xen' [Hans van Kranenburg]
* /etc/default/xen: Handle with ucf again, like in stretch.
Closes:#923401. [Ian Jackson]
Build fix:
* Fix FTBFS when building only arch-indep binaries (eg
dpkg-buildpackage -A). Was due to dh-exec bug wrt not-installed.
Closes:#923013. [Hans van Kranenburg; report from Santiago Vila]
Documentation fix:
* grub.d/xen.cfg: dom0_mem max IS needed [Hans van Kranenburg]
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 28 Feb 2019 16:37:04 +0000
xen (4.11.1+26-g87f51bf366-2) unstable; urgency=medium
* Packaging change: override spurious lintian warning about
fsimage.so rpath.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 22 Feb 2019 16:07:37 +0000
xen (4.11.1+26-g87f51bf366-1) unstable; urgency=medium
Significant changes:
* Update to new upstream version 4.11.1+26-g87f51bf366.
(This is from the upstream stable branch.) [Ian Jackson]
* Build and use oxenstored rather than the C xenstored by default.
[Ian Jackson and Hans van Kranenburg]
* xen init script: rewrite and reorganise xenstored start logic.
[Hans van Kranenburg]
Documentation etc. improvements:
* Refresh hypervisor and dom0 command line options documentation.
(Closes: #919758) [Hans van Kranenburg; report from Gergely]
* Ship /etc/default/xen, a striped and tidied version of upstream
sysconfig.xencommons.in. [Hans van Kranenburg]
Significant bugfixes:
* xen init script: Do nothing if running for wrong Xen package.
Avoids mystery loss of xenconsoled. Closes:#851654.
[Ian Jackson; report from Wolodja Wentland]
* Make pygrub work again (by fixing python module and shared library
paths). Closes:#912381. [Ian Jackson; earlier, Bastian Blank;
report from Dimitar Angelov, also Torben Schou Jensen]
Packaging bugfixes:
* Have xen-utils-common suggest xen-doc, because it contains a broken
symlink to it. Closes:#911046.
[Hans van Kranenburg; report from Andreas Beckmann]
* Have xenstore-utils declare Breaks on xen-utils-common to make
piuparts happy. Closes:#911045.
[Hans van Kranenburg, report from Andreas Beckmann]
* hotplug-common: Strip arch-specific libdir from config file
Closes:#862236. [Ian Jackson; report from Stefan Bühler]
* xendomains init script; Add dependency on $network.
Closes:#798510. [Francois Lesueur]
* xendomains init script; Add should-dependency on nfs-kernel-server
Closes:#826871. [Geoffrey McRae]
Packaging minor fixes and improvements [Hans van Kranenburg]:
* debian/libxenstore3.0.symbols: revert ea2334dfe0
* debian/control: add dh-python build-dep
* d/xen-utils-V...: override xen-shim-syms lintian
* debian/control: bump debhelper builddep to 10
* debian/.gitignore: ignore more debhelper snippets
* bash-completion: install completion rules for xl
* xen init script: don't fail when being run in domU
* Remove xend cruft from various init scripts etc.
Packaging minor fixes and improvements [Ian Jackson]:
* xen version/upgrade handling: Improve an error message
* xen init script: silently exit status 0 if not running under xen
* xen init script: Tidy up wrong/missing Xen version error handling
* debian/rules: Fix tiny typos
* hotplug-common: Do not adjust LD_LIBRARY_PATH
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 22 Feb 2019 15:11:45 +0000
xen (4.11.1-1) unstable; urgency=medium
* debian/control: Add Homepage, Vcs-Browser and Vcs-Git.
(Closes: #911457)
* grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086)
* debian/rules: Don't exclude the actual pygrub script.
* Update to new upstream version 4.11.1, which also contains:
- Fix: insufficient TLB flushing / improper large page mappings with AMD
IOMMUs
XSA-275 CVE-2018-19961 CVE-2018-19962
- Fix: resource accounting issues in x86 IOREQ server handling
XSA-276 CVE-2018-19963
- Fix: x86: incorrect error handling for guest p2m page removals
XSA-277 CVE-2018-19964
- Fix: x86: Nested VT-x usable even when disabled
XSA-278 CVE-2018-18883
- Fix: x86: DoS from attempting to use INVPCID with a non-canonical
addresses
XSA-279 CVE-2018-19965
- Fix for XSA-240 conflicts with shadow paging
XSA-280 CVE-2018-19966
- Fix: guest use of HLE constructs may lock up host
XSA-282 CVE-2018-19967
* Update version handling patching to put the team mailing list address in
the first hypervisor log line and fix broken other substitutions.
* Disable handle_iptable hook in vif-common script. See #894013 for more
information.
-- Hans van Kranenburg <hans@knorrie.org> Wed, 02 Jan 2019 20:59:40 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium
* debian/rules: Cope if xen-utils-common not being built
(Fixes binary-indep FTBFS.)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 15 Oct 2018 18:07:11 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-4) unstable; urgency=medium
* Many packaging fixes to fix FTBFS on all arches other than amd64.
* xen-vbd-interface(7): Provide properly-formatted NAME section
* Add pandoc and markdown to Build-Depends - fixes missing docs.
* Revert "tools-xenstore-compatibility.diff" apropos of discussion
https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg00838.html
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 15 Oct 2018 12:15:36 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-3) unstable; urgency=medium
* hypervisor package postinst: Actually install (avoids need to
run update-grub by hand).
* debian/control: Adding Section to source stanza
* debian/control: Add missing Replaces on old xen-utils-common
* debian/rules: Add a -n to a gzip rune to improve reproducibility
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Oct 2018 16:55:48 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-2) unstable; urgency=medium
* Redo as an upload with binaries, because source-only uploads to NEW
are not allowed.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 05 Oct 2018 19:38:52 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1) unstable; urgency=medium
* Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg;
merging in 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1.
-- Ian Jackson <ian.jackson@citrix.com> Fri, 05 Oct 2018 18:39:58 +0100
xen (4.11.1~pre+1.733450b39b-1) unstable; urgency=medium
* Completely overhauled the packaging. In the source package, things
are very much simpler now with only a few hundred loc of templating
and scriptery. In the binary packages the resulting changes are:
- We now provide -dbgsym packages in the standard way
- Shared libraries with unstable ABI upstream (ie, whose
ABI changes with the Xen version) are now in
libxen<version>-misc rather than libxen<version> and
have more conventional-looking filenames.
- Shared libraries with a stable ABI upstream are now each in their
own package, named after the soname (ABI version), as is
conventional. The sonames and minor versions of these are
no longer mangled.
- xs.h, replaced upstream by xenstore.h, is now in
/usr/include/xenstore-compat (as shipped upstream), with
symlinks left behind.
- fsimage*.h is no longer shipped (it's namespace-grabbish).
- libxenvchan.h is in /usr/include as it is in upstream,
not buried in /usr/include/xen/io
- /etc/xen/cpupool, a not very interesting example config file,
has been moved into /usr/share/doc/.
- There is a new xen-doc package, in which the upstream HTML
documentation, and various other bits, is now provided. This
replaces the text format documentation previously provided in
xen-utils-common (but the manpages are still there).
- Utilities which use on libraries with stable ABIs upstream
are no longer subjected to the Xen version wrapper.
- Several utilities are now provided in /usr/bin which were
previously only available buried in /usr/lib/xen-<version>:
xen-detect xenalyze xencons xencov_split xen-cpuid
(version-wrapped, where necessary).
- Likewise very many utilities and daemons in /usr/sbin:
gdbsx xen-bugtool xen-ringwatch xen-tmem-list-parse
xenmon xenpmd flask-* xen-kdd xen-diag xen-hptool
xen-hvmcrash xen-hvmctx xen-livepatch xen-lowmemd
xen-mfndump xenbaked xenconsoled xencov xenlockprof
xenstored xenwatchdogd
- xend and xm are long gone, so remove the support for the
TOOLSTACK setting in /etc/default/xen. /usr/sbin/xen just
runs xl now. Remove mentions of xend-config.sxp and all
*.sxp files. Drop the xend init script.
- There is no longer any Built-Using. This is no longer true for
seabios, which is depended on and used at runtime, rather than
being embedded into hvmloader. (The source package also previously
tried to mention ipxe-qemu in Built-Using but that's (i) dependent
upstream on CONFIG_ROMBIOS which we disable, and not a
build-dependency either.)
- The hvmloader and xen-shim binaries no longer have their .note
and .comment section(s) stripped. .note is needed for xen-shim
to work properly and to find the corresponding debug files.
And .comment is tiny and harmless AFAICT.
- Hypervisor debug map files are installed in /usr/lib/debug.
- The xl bash_completion file from upstream is installed.
- libxenvchan.h is installed.
- We install xen-*.efi in /boot.
- Sections of some packages have been rationalised.
- We install a doc-base control file.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Wed, 03 Oct 2018 18:45:02 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1) experimental; urgency=medium
* Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
* Remove stubdom/grub.patches/00cvs from the upstream source because it's
not DFSG compliant. (license-problem-gfdl-invariants)
* Override statically-linked-binary lintian error about
usr/lib/xen-4.11/boot/xen-shim
-- Hans van Kranenburg <hans@knorrie.org> Tue, 11 Sep 2018 15:34:34 +0200
xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium
[ Hans van Kranenburg ]
* Update to 4.11.1-pre commit 733450b39b, which also contains:
- Additional fix for: Unlimited recursion in linear pagetable de-typing
XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
- Fix x86 PV guests may gain access to internally used pages
XSA-248 CVE-2017-17566
- Fix broken x86 shadow mode refcount overflow check
XSA-249 CVE-2017-17563
- Fix improper x86 shadow mode refcount error handling
XSA-250 CVE-2017-17564
- Fix improper bug check in x86 log-dirty handling
XSA-251 CVE-2017-17565
- Fix: DoS via non-preemptable L3/L4 pagetable freeing
XSA-252 CVE-2018-7540
- Fix x86: memory leak with MSR emulation
XSA-253 CVE-2018-5244
- Multiple parts of fixes for...
Information leak via side effects of speculative execution
XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
- XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
- Branch predictor hardening for ARM CPUs
- Support compiling with indirect branch thunks (e.g. retpoline)
- Report details of speculative mitigations in boot logging
- Fix: grant table v2 -> v1 transition may crash Xen
XSA-255 CVE-2018-7541
- Fix: x86 PVH guest without LAPIC may DoS the host
XSA-256 CVE-2018-7542
- The "Comet" shim, which can be used as a mitigation for Meltdown to
shield the hypervisor against 64-bit PV guests.
- Fix: Information leak via crafted user-supplied CDROM
XSA-258 CVE-2018-10472
- Fix: x86: PV guest may crash Xen with XPTI
XSA-259 CVE-2018-10471
- Fix: x86: mishandling of debug exceptions
XSA-260 CVE-2018-8897
- Fix: x86 vHPET interrupt injection errors
XSA-261 CVE-2018-10982
- Fix: qemu may drive Xen into unbounded loop
XSA-262 CVE-2018-10981
- Fix: Speculative Store Bypass
XSA-263 CVE-2018-3639
- Fix: preemption checks bypassed in x86 PV MM handling
XSA-264 CVE-2018-12891
- Fix: x86: #DB exception safety check can be triggered by a guest
XSA-265 CVE-2018-12893
- Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
XSA-266 CVE-2018-12892
- Fix: Speculative register leakage from lazy FPU context switching
XSA-267 CVE-2018-3665
- Fix: Use of v2 grant tables may cause crash on ARM
XSA-268 CVE-2018-15469
- Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
XSA-269 CVE-2018-15468
- Fix: oxenstored does not apply quota-maxentity
XSA-272 CVE-2018-15470
- Fix: L1 Terminal Fault speculative side channel
XSA-273 CVE-2018-3620
* Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
- Rebase patches against upstream source (line numbers etc).
- debian/rules.real:
- Add a call to build common tool headers.
- Add a call to install common tool headers.
- debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
- Add additional modifications for new libxendevicemodel.
- debian/patches/tools-fake-xs-restrict.patch:
- Re-introduce (fake) xs_restrict call to keep libxenstore version at
3.0 for now.
- debian/libxenstore3.0.symbols: add xs_control_command
* Rebase patches against 4.10 upstream source.
* Rebase patches against 4.11 upstream source.
* Add README.source.md to document how the packaging works.
* This package builds correctly with gcc 7. (Closes: #853710)
* Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
* Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
* debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error
[ Mark Pryor ]
* Fix shared library build dependencies for the new xentoolcore library.
[ John Keates ]
* Enable OVMF (Closes: #858962)
-- Hans van Kranenburg <hans@knorrie.org> Sun, 08 Jul 2018 14:30:32 +0200
xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high
* Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2
plus a number of bugfixes and security fixes.
Result is that we now include security fixes for:
XSA-231 CVE-2017-14316
XSA-232 CVE-2017-14318
XSA-233 CVE-2017-14317
XSA-234 CVE-2017-14319
(235 already included in 4.8.1-1+deb9u3)
XSA-236 CVE-2017-15597
XSA-237 CVE-2017-15590
XSA-238 CVE-2017-15591
XSA-239 CVE-2017-15589
XSA-240 CVE-2017-15595
XSA-241 CVE-2017-15588
XSA-242 CVE-2017-15593
XSA-243 CVE-2017-15592
XSA-244 CVE-2017-15594
XSA-245 CVE-2017-17046
and a number of upstream functionality fixes, which are not easily
disentangled from the security fixes.
* Apply two more security fixes:
XSA-246 CVE-2017-17044
XSA-247 CVE-2017-17045
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 25 Nov 2017 11:26:37 +0000
xen (4.8.1-1+deb9u3) stretch-security; urgency=high
* Security fixes for
XSA-226 CVE-2017-12135
XSA-227 CVE-2017-12137
XSA-228 CVE-2017-12136
XSA-230 CVE-2017-12855
XSA-235 CVE-2017-15596
* Adjust changelog entry for 4.8.1-1+deb9u2 to record
that XSA-225 fix was indeed included.
* Security fix for XSA-229 not included as that bug is in Linux, not Xen.
* Security fixes for XSA-231..234 inc. not inclued as still embargoed.
-- Ian Jackson <ian.jackson@eu.citrix.com> Thu, 07 Sep 2017 19:17:58 +0100
xen (4.8.1-1+deb9u2) stretch-security; urgency=high
* Security fixes for
XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
XSA-221 XSA-222 XSA-223 XSA-224 XSA-225
-- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 20 Jun 2017 14:06:34 +0100
xen (4.8.1-1+deb9u1) unstable; urgency=medium
* Security fixes for XSA-213 (Closes:#861659) and XSA-214
(Closes:#861660). (Xen 4.7 and later is not affected by XSA-215.)
-- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 02 May 2017 12:19:57 +0100
xen (4.8.1-1) unstable; urgency=high
* Update to upstream 4.8.1 release.
Changes include numerous bugfixes, including security fixes for:
XSA-212 / CVE-2017-7228 Closes:#859560
XSA-207 / no cve yet Closes:#856229
XSA-206 / no cve yet no Debian bug
-- Ian Jackson <ian.jackson@eu.citrix.com> Tue, 18 Apr 2017 18:05:00 +0100
xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium
* Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
Contains bugfixes.
* debian/control-real etc.: debian.py: Allow version numbers like this.
-- Ian Jackson <ian.jackson@eu.citrix.com> Mon, 23 Jan 2017 16:03:31 +0000
xen (4.8.0-1) unstable; urgency=high
* Update to upstream Xen 4.8.0.
Includes the following security fixes:
XSA-201 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
XSA-198 CVE-2016-9379 CVE-2016-9380
XSA-196 CVE-2016-9378 CVE-2016-9377 Closes:#845669
XSA-195 CVE-2016-9383
XSA-194 CVE-2016-9384 Closes:#845667
XSA-193 CVE-2016-9385
XSA-192 CVE-2016-9382
XSA-191 CVE-2016-9386
Includes other bugfixes too:
Closes:#812166, Closes:#818525.
Cherry picks from upstream:
* Security fixes:
XSA-204 CVE-2016-10013 Closes:#848713
XSA-203 CVE-2016-10025
XSA-202 CVE-2016-10024
For completeness, the following XSAs do not apply here:
XSA-197 CVE-2016-9381 Bug is in qemu
XSA-199 CVE-2016-9637 Bug is in qemu
XSA-200 CVE-2016-9932 Xen 4.8 is not affected
* Cherry pick a build failure fix:
"x86/emul: add likely()/unlikely() to test harness"
[ Ian Jackson ]
* Drop -lcrypto search from upstream configure, and from our
Build-Depends. Closes:#844419.
* Change my own email address to my work (Citrix) address. When
uploading, I will swap hats to effectively sponsor my own upload.
[ Ian Campbell ]
* Start a qemu process in dom0 to service the toolstacks loopback disk
attaches. (Closes: #770456)
* Remove correct pidfile when stopping xenconsoled.
* Check that xenstored has actually started before talking to it.
Incorporate a timeout so as not to block boot (Mitigates #737613)
* Correct syntax error in xen-init-list when running with xend
(Closes: #763102)
* Apply SELinux labels to directories created by initscripts. Patch from
Russell Coker. (Closes: #764912)
* Include a reportbug control file to redirect bugs to src:xen for
packages which contain the Xen version in the name. Closes:#796370.
[ Lubomir Host ]
* Fix xen-init-name to not fail looking for a nonexistent 'config'
entry in xl's JSON output. Closes:#818129.
-- Ian Jackson <ian.jackson@eu.citrix.com> Thu, 22 Dec 2016 14:51:46 +0000
xen (4.8.0~rc5-1) unstable; urgency=medium
* New upstream version, Xen 4.8.0 RC5.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 11 Nov 2016 15:26:58 +0000
xen (4.8.0~rc3-1) unstable; urgency=medium
* Upload 4.8.0~rc3 to unstable. (RC5 is out upstream, but let's not
update to that in the middle of the Xen 4.6 -> 4.8 transition.)
* No source changes.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 05 Nov 2016 15:08:47 +0000
xen (4.8.0~rc3-0exp2) experimental; urgency=medium
* Build-Depend on iasl on all architectures. ARM has ACPI now.
Fixes FTBFS on arm64 (at least).
* Add qemu-utils and seabios to Suggests.
* Pass -no-pie -fno-pic to x86 emulator test build. (Patch
also submitted upstream.) Fixes FTBFS on i386 with GCC6.
* Add myself to Uploaders.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Tue, 01 Nov 2016 18:00:25 +0000
xen (4.8.0~rc3-0exp1) experimental; urgency=high
* New upstream version, Xen 4.8.0 RC3.
Fixes many outstanding CVEs.
* Incorporated many changes from 4.8.0-0ubuntu2
- libxen-dev is M-A: same
- Work around grep bug http://bugs.launchpad.net/bugs/1547466
- debian/xen-hypervisor-4.6.xen.cfg:
Additional config file to simplify grub configuration.
- Use new library/abiname scheme.
- Document what xl and xm are in default.xen
- Add libvirtd dependency to xendomains init script
(Thanks to Stefan Bader and others.)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 24 Oct 2016 17:31:27 +0100
xen (4.6.0-1+nmu2) unstable; urgency=medium
* Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of
4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be
installed.
-- Ian Campbell <ijc@debian.org> Tue, 09 Feb 2016 16:41:16 +0000
xen (4.6.0-1+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR)
which are no longer used by the upstream build system.
* Use correct/consistent LIBEXEC dirs throughout build
(Closes: #805508).
-- Ian Campbell <ijc@debian.org> Tue, 19 Jan 2016 14:43:54 +0000
xen (4.6.0-1) unstable; urgency=medium
* New upstream release.
* CVE-2015-7812
* CVE-2015-7813
* CVE-2015-7814
* CVE-2015-7835
* CVE-2015-7969
* CVE-2015-7970
* CVE-2015-7971
* CVE-2015-7972
-- Bastian Blank <waldi@debian.org> Sun, 01 Nov 2015 21:49:07 +0100
xen (4.5.1~rc1-1) experimental; urgency=medium
[ Ian Campbell ]
* Use xen-init-dom0 from initscript when it is available.
* Install some user facing docs in xen-utils-common. (Closes: #688308)
[ Bastian Blank ]
* New upstream release candidate.
-- Bastian Blank <waldi@debian.org> Sun, 31 May 2015 21:59:56 +0200
xen (4.5.0-1) experimental; urgency=medium
[ Ian Campbell ]
* New upstream release
-- Bastian Blank <waldi@debian.org> Wed, 21 Jan 2015 20:21:45 +0100
xen (4.5.0~rc3-1) experimental; urgency=medium
* New upstream release candidate.
* Re-add xend config.
-- Bastian Blank <waldi@debian.org> Wed, 17 Dec 2014 22:37:23 +0100
xen (4.4.1-6) unstable; urgency=medium
* Fix starvation of writers in locks.
CVE-2014-9065
-- Bastian Blank <waldi@debian.org> Thu, 11 Dec 2014 15:56:08 +0100
xen (4.4.1-5) unstable; urgency=medium
* Fix excessive checks of hypercall arguments.
CVE-2014-8866
* Fix boundary checks of emulated MMIO access.
CVE-2014-8867
* Fix additional memory leaks in xl. (closes: #767295)
-- Bastian Blank <waldi@debian.org> Sun, 30 Nov 2014 20:13:32 +0100
xen (4.4.1-4) unstable; urgency=medium
[ Bastian Blank ]
* Make operations pre-emptible.
CVE-2014-5146, CVE-2014-5149
* Don't allow page table updates from non-PV page tables.
CVE-2014-8594
* Enforce privilege level while loading code segment.
CVE-2014-8595
* Fix reference counter leak.
CVE-2014-9030
* Use linux 3.16.0-4 stuff.
* Fix memory leak in xl. (closes: #767295)
[ Ian Campbell ]
* Add licensing for tools/python/logging to debian/copyright.
(Closes: #759384)
* Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
* xen-utils recommends grub-xen-host package (Closes: #770460)
-- Bastian Blank <waldi@debian.org> Thu, 27 Nov 2014 20:17:36 +0100
xen (4.4.1-3) unstable; urgency=medium
[ Bastian Blank ]
* Remove unused build-depencencies.
* Extend list affected systems for broken interrupt assignment.
CVE-2013-3495
* Fix race in hvm memory management.
CVE-2014-7154
* Fix missing privilege checks on instruction emulation.
CVE-2014-7155, CVE-2014-7156
* Fix uninitialized control structures in FIFO handling.
CVE-2014-6268
* Fix MSR range check in emulation.
CVE-2014-7188
[ Ian Campbell ]
* Install xen.efi into /boot for amd64 builds.
-- Bastian Blank <waldi@debian.org> Fri, 17 Oct 2014 16:27:46 +0200
xen (4.4.1-2) unstable; urgency=medium
* Re-build with correct content.
* Use dh_lintian.
-- Bastian Blank <waldi@debian.org> Wed, 24 Sep 2014 20:23:14 +0200
xen (4.4.1-1) unstable; urgency=medium
* New upstream release.
- Fix several vulnerabilities. (closes: #757724)
CVE-2014-2599, CVE-2014-3124,
CVE-2014-3967, CVE-2014-3968,
CVE-2014-4021
-- Bastian Blank <waldi@debian.org> Sun, 21 Sep 2014 10:45:47 +0200
xen (4.4.0-5) unstable; urgency=medium
[ Ian Campbell ]
* Expand on the descriptions of some packages. (Closes: #466683)
* Clarify where xen-utils-common is required. (Closes: #612403)
* No longer depend on gawk. Xen can now use any awk one of which is always
present. (Closes: #589176)
* Put core dumps in /var/lib/xen/dump and ensure it exists.
(Closes: #444000)
[ Bastian Blank ]
* Handle JSON output from xl in xendomains init script.
-- Bastian Blank <waldi@debian.org> Sat, 06 Sep 2014 22:11:20 +0200
xen (4.4.0-4) unstable; urgency=medium
[ Bastian Blank ]
* Also remove unused OCaml packages from control file.
* Make library packages multi-arch: same. (closes: #730417)
* Use debhelper compat level 9. (closes: #692352)
[ Ian Campbell ]
* Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
* Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
* Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)
-- Bastian Blank <waldi@debian.org> Sat, 30 Aug 2014 13:34:04 +0200
xen (4.4.0-3) unstable; urgency=medium
[ Ian Campbell ]
* Use correct SeaBIOS binary which supports Xen (Closes: #737905).
[ Bastian Blank ]
* Really update config.{sub,guess}.
-- Bastian Blank <waldi@debian.org> Fri, 29 Aug 2014 16:33:19 +0200
xen (4.4.0-2) unstable; urgency=medium
* Remove broken and unused OCaml-support.
-- Bastian Blank <waldi@debian.org> Mon, 18 Aug 2014 15:18:42 +0200
xen (4.4.0-1) unstable; urgency=medium
[ Bastian Blank ]
* New upstream release.
- Update scripts for compatiblity with latest coreutils.
(closes: #718898)
- Fix guest reboot with xl toolstack. (closes: #727100)
- CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
(closes: #730254)
- xl support for global VNC options. (closes: #744157)
- vif scripts can now be named relative to /etc/xen/scripts.
(closes: #744160)
- Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
- pygrub searches for extlinux.conf in the expected places.
(closes: #697407)
- Update scripts to use correct syntax for ip command.
(closes: #705659)
* Fix install of xend configs to not break compatibility.
[ Ian Campbell ]
* Disable blktap1 support using new configure option instead of by patching.
* Disable qemu-traditional and rombios support using new configure option
instead of by patching. No need to build-depend on ipxe any more.
* Use system qemu-xen via new configure option instead of patching.
* Use system seabios via new configure option instead of patching.
* Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
* Add support for armhf and arm64.
* Update config.{sub,guess}.
-- Bastian Blank <waldi@debian.org> Sat, 09 Aug 2014 13:09:00 +0200
xen (4.3.0-3) unstable; urgency=low
* Revive hypervisor on i386.
-- Bastian Blank <waldi@debian.org> Fri, 18 Oct 2013 00:15:16 +0200
xen (4.3.0-2) unstable; urgency=low
* Force proper install order. (closes: #721999)
-- Bastian Blank <waldi@debian.org> Sat, 05 Oct 2013 15:03:36 +0000
xen (4.3.0-1) unstable; urgency=low
* New upstream release.
- Fix HVM PCI passthrough. (closes: #706543)
* Call configure with proper arguments.
* Remove now empty xen-docs package.
* Disable external code retrieval.
* Drop all i386 hypervisor packages.
* Drop complete blktap support.
* Create /run/xen.
* Make xen-utils recommend qemu-system-x86. (closes: #688311)
- This version comes with audio support. (closes: #635166)
* Make libxenlight and libxlutil public. (closes: #644390)
- Set versioned ABI name.
- Install headers.
- Move libs into normal library path.
* Use build flags in the tools build.
- Fix fallout from harderning flags.
* Update Standards-Version to 3.9.4. No changes.
-- Bastian Blank <waldi@debian.org> Thu, 05 Sep 2013 13:54:03 +0200
xen (4.2.2-1) unstable; urgency=low
* New upstream release.
- Fix build with gcc 4.8. (closes: #712376)
* Build-depend on libssl-dev. (closes: #712366)
* Enable hardening as much as possible.
* Re-enable ocaml build fixes. (closes: #695176)
* Check for out-of-bound values in CPU affinity setup.
CVE-2013-2072
* Fix information leak on AMD CPUs.
CVE-2013-2076
* Recover from faults on XRSTOR.
CVE-2013-2077
* Properly check guest input to XSETBV.
CVE-2013-2078
-- Bastian Blank <waldi@debian.org> Thu, 11 Jul 2013 00:28:24 +0200
xen (4.2.1-2) unstable; urgency=low
* Actually upload to unstable.
-- Bastian Blank <waldi@debian.org> Sun, 12 May 2013 00:20:58 +0200
xen (4.2.1-1) experimental; urgency=low
* New upstream release.
* Enable usage of seabios.
* Fix some toolchain issues.
-- Bastian Blank <waldi@debian.org> Sat, 11 May 2013 23:55:46 +0200
xen (4.2.0-2) experimental; urgency=low
* Support JSON output in domain init script helper.
-- Bastian Blank <waldi@debian.org> Mon, 01 Oct 2012 15:11:30 +0200
xen (4.2.0-1) experimental; urgency=low
* New upstream release.
-- Bastian Blank <waldi@debian.org> Tue, 18 Sep 2012 13:54:30 +0200
xen (4.2.0~rc3-1) experimental; urgency=low
* New upstream snapshot.
-- Bastian Blank <waldi@debian.org> Fri, 07 Sep 2012 20:28:46 +0200
xen (4.2.0~rc2-1) experimental; urgency=low
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
-- Bastian Blank <waldi@debian.org> Sun, 13 May 2012 12:21:10 +0000
xen (4.1.4-4) unstable; urgency=high
* Make several long runing operations preemptible.
CVE-2013-1918
* Fix source validation for VT-d interrupt remapping.
CVE-2013-1952
-- Bastian Blank <waldi@debian.org> Thu, 02 May 2013 14:30:29 +0200
xen (4.1.4-3) unstable; urgency=high
* Fix return from SYSENTER.
CVE-2013-1917
* Fix various problems with guest interrupt handling.
CVE-2013-1919
* Only save pointer after access checks.
CVE-2013-1920
* Fix domain locking for transitive grants.
CVE-2013-1964
-- Bastian Blank <waldi@debian.org> Fri, 19 Apr 2013 13:01:57 +0200
xen (4.1.4-2) unstable; urgency=low
* Use pre-device interrupt remapping mode per default. Fix removing old
remappings.
CVE-2013-0153
-- Bastian Blank <waldi@debian.org> Wed, 06 Feb 2013 13:04:52 +0100
xen (4.1.4-1) unstable; urgency=low
* New upstream release.
- Disable process-context identifier support in newer CPUs for all
domains.
- Add workarounds for AMD errata.
- Don't allow any non-canonical addresses.
- Use Multiboot memory map if BIOS emulation does not provide one.
- Fix several problems in tmem.
CVE-2012-3497
- Fix error handling in domain creation.
- Adjust locking and interrupt handling during S3 resume.
- Tighten more resource and memory range checks.
- Reset performance counters. (closes: #698651)
- Remove special-case for first IO-APIC.
- Fix MSI handling for HVM domains. (closes: #695123)
- Revert cache value of disks in HVM domains.
-- Bastian Blank <waldi@debian.org> Thu, 31 Jan 2013 15:44:50 +0100
xen (4.1.3-8) unstable; urgency=high
* Fix error in VT-d interrupt remapping source validation.
CVE-2012-5634
* Fix buffer overflow in qemu e1000 emulation.
CVE-2012-6075
* Update patch, mention second CVE.
CVE-2012-5511, CVE-2012-6333
-- Bastian Blank <waldi@debian.org> Sat, 19 Jan 2013 13:55:07 +0100
xen (4.1.3-7) unstable; urgency=low
* Fix clock jump due to incorrect annotated inline assembler.
(closes: #599161)
* Add support for XZ compressed Linux kernels to hypervisor and userspace
based loaders, it is needed for any Linux kernels newer then Wheezy.
(closes: #695056)
-- Bastian Blank <waldi@debian.org> Tue, 11 Dec 2012 18:54:59 +0100
xen (4.1.3-6) unstable; urgency=high
* Fix error handling in physical to machine memory mapping.
CVE-2012-5514
-- Bastian Blank <waldi@debian.org> Tue, 04 Dec 2012 10:51:43 +0100
xen (4.1.3-5) unstable; urgency=high
* Fix state corruption due to incomplete grant table switch.
CVE-2012-5510
* Check range of arguments to several HVM operations.
CVE-2012-5511, CVE-2012-6333
* Check array index before using it in HVM memory operation.
CVE-2012-5512
* Check memory range in memory exchange operation.
CVE-2012-5513
* Don't allow too large memory size and avoid busy looping.
CVE-2012-5515
-- Bastian Blank <waldi@debian.org> Mon, 03 Dec 2012 19:37:38 +0100
xen (4.1.3-4) unstable; urgency=high
* Use linux 3.2.0-4 stuff.
* Fix overflow in timer calculations.
CVE-2012-4535
* Check value of physical interrupts parameter before using it.
CVE-2012-4536
* Error out on incorrect memory mapping updates.
CVE-2012-4537
* Check if toplevel page tables are present.
CVE-2012-4538
* Fix infinite loop in compatibility code.
CVE-2012-4539
* Limit maximum kernel and ramdisk size.
CVE-2012-2625, CVE-2012-4544
-- Bastian Blank <waldi@debian.org> Tue, 20 Nov 2012 15:51:01 +0100
xen (4.1.3-3) unstable; urgency=low
* Xen domain init script:
- Make sure Open vSwitch is started before any domain.
- Properly handle and show output of failed migration and save.
- Ask all domains to shut down before checking them.
-- Bastian Blank <waldi@debian.org> Tue, 18 Sep 2012 13:26:32 +0200
xen (4.1.3-2) unstable; urgency=medium
* Don't allow writing reserved bits in debug register.
CVE-2012-3494
* Fix error handling in interrupt assignment.
CVE-2012-3495
* Don't trigger bug messages on invalid flags.
CVE-2012-3496
* Check array bounds in interrupt assignment.
CVE-2012-3498
* Properly check bounds while setting the cursor in qemu.
CVE-2012-3515
* Disable monitor in qemu by default.
CVE-2012-4411
-- Bastian Blank <waldi@debian.org> Fri, 07 Sep 2012 19:41:46 +0200
xen (4.1.3-1) unstable; urgency=medium
* New upstream release: (closes: #683286)
- Don't leave the x86 emulation in a bad state. (closes: #683279)
CVE-2012-3432
- Only check for shared pages while any exist on teardown.
CVE-2012-3433
- Fix error handling for unexpected conditions.
- Update CPUID masking to latest Intel spec.
- Allow large ACPI ids.
- Fix IOMMU support for PCI-to-PCIe bridges.
- Disallow access to some sensitive IO-ports.
- Fix wrong address in IOTLB.
- Fix deadlock on CPUs without working cpufreq driver.
- Use uncached disk access in qemu.
- Fix buffer size on emulated e1000 device in qemu.
* Fixup broken and remove applied patches.
-- Bastian Blank <waldi@debian.org> Fri, 17 Aug 2012 11:25:02 +0200
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
[ Ian Campbell ]
* Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
* Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
[ Bastian Blank ]
* Actually build-depend on new enough version of dpkg-dev.
* Add xen-sytem-* meta-packages. We are finally in a position to do
automatic upgrades and this package is missing. (closes: #681376)
-- Bastian Blank <waldi@debian.org> Sat, 28 Jul 2012 10:23:26 +0200
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
* Add Build-Using info to xen-utils package.
* Fix build-arch target.
-- Bastian Blank <waldi@debian.org> Sun, 01 Jul 2012 19:52:30 +0200
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
* Remove /usr/lib/xen-default. It breaks systems if xenstored is not
compatible.
* Fix init script usage.
* Fix udev rules for emulated network devices:
- Force names of emulated network devices to a predictable name.
-- Bastian Blank <waldi@debian.org> Sun, 01 Jul 2012 16:59:04 +0200
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
* Fix pointer missmatch in interrupt functions. Fixes build on i386.
-- Bastian Blank <waldi@debian.org> Fri, 15 Jun 2012 18:00:51 +0200
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
* New upstream snapshot.
- Fix privilege escalation and syscall/sysenter DoS while using
non-canonical addresses by untrusted PV guests. (closes: #677221)
CVE-2012-0217
CVE-2012-0218
- Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
cause a DoS of the host.
CVE-2012-2934
* Don't fail if standard toolstacks are not available. (closes: #677244)
-- Bastian Blank <waldi@debian.org> Thu, 14 Jun 2012 17:06:25 +0200
xen (4.1.2-7) unstable; urgency=low
* Really use ucf.
* Update init script dependencies:
- Start $syslog before xen.
- Start drbd and iscsi before xendomains. (closes: #626356)
- Start corosync and heartbeat after xendomains.
* Remove /var/log/xen on purge. (closes: #656216)
-- Bastian Blank <waldi@debian.org> Tue, 22 May 2012 10:44:41 +0200
xen (4.1.2-6) unstable; urgency=low
* Fix generation of architectures for hypervisor packages.
* Remove information about loop devices, it is incorrect. (closes: #503044)
* Update xendomains init script:
- Create directory for domain images only root readable. (closes: #596048)
- Add missing sanity checks for variables. (closes: #671750)
- Remove not longer supported config options.
- Don't fail if no config is available.
- Remove extra output if domain was restored.
-- Bastian Blank <waldi@debian.org> Sun, 06 May 2012 20:07:41 +0200
xen (4.1.2-5) unstable; urgency=low
* Actually force init script rename. (closes: #669341)
* Fix long output from xl.
* Move complete init script setup.
* Rewrite xendomains init script:
- Use LSB output functions.
- Make output more clear.
- Use xen toolstack wrapper.
- Use a python script to properly read domain details.
* Set name for Domain-0.
-- Bastian Blank <waldi@debian.org> Mon, 23 Apr 2012 11:56:45 +0200
xen (4.1.2-4) unstable; urgency=low
[ Bastian Blank ]
* Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
* Don't longer use a4wide latex package.
* Use ucf for /etc/default/xen.
* Remove handling for old udev rules link and xenstored directory.
* Rename xend init script to xen.
[ Lionel Elie Mamane ]
* Fix toolstack script to work with old dash. (closes: #648029)
-- Bastian Blank <waldi@debian.org> Mon, 16 Apr 2012 08:47:29 +0000
xen (4.1.2-3) unstable; urgency=low
* Merge xen-common source package.
* Remove xend wrapper, it should not be called by users.
* Support xl in init script.
* Restart xen daemons on upgrade.
* Restart and stop xenconsoled in init script.
* Load xen-gntdev module.
* Create /var/lib/xen. (closes: #658101)
* Cleanup udev rules. (closes: #657745)
-- Bastian Blank <waldi@debian.org> Wed, 01 Feb 2012 19:28:28 +0100
xen (4.1.2-2) unstable; urgency=low
[ Jon Ludlam ]
* Import (partially reworked) upstream changes for OCaml support.
- Rename the ocamlfind packages.
- Remove uuid and log libraries.
- Fix 2 bit-twiddling bugs and an off-by-one
* Fix build of OCaml libraries.
* Add OCaml library and development package.
* Include some missing headers.
-- Bastian Blank <waldi@debian.org> Sat, 10 Dec 2011 19:13:25 +0000
xen (4.1.2-1) unstable; urgency=low
* New upstream release.
* Build-depend on pkg-config.
* Add package libxen-4.1. Includes some shared libs.
-- Bastian Blank <waldi@debian.org> Sat, 26 Nov 2011 18:28:06 +0100
xen (4.1.1-3) unstable; urgency=low
[ Julien Danjou ]
* Remove Julien Danjou from the Uploaders field. (closes: #590439)
[ Bastian Blank ]
* Use current version of python. (closes: #646660)
* Build-depend against liblzma-dev, it is used if available.
(closes: #646694)
* Update Standards-Version to 3.9.2. No changes.
* Don't use brace-expansion in debhelper install files.
-- Bastian Blank <waldi@debian.org> Wed, 26 Oct 2011 14:42:33 +0200
xen (4.1.1-2) unstable; urgency=low
* Fix hvmloader with gcc 4.6.
-- Bastian Blank <waldi@debian.org> Fri, 05 Aug 2011 23:58:36 +0200
xen (4.1.1-1) unstable; urgency=low
* New upstream release.
* Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
* Use dh_python2.
-- Bastian Blank <waldi@debian.org> Mon, 18 Jul 2011 19:38:38 +0200
xen (4.1.0-3) unstable; urgency=low
* Add ghostscript to build-deps.
* Enable qemu-dm build.
- Add qemu as another orig tar.
- Remove blktap1, bluetooth and sdl support from qemu.
- Recommend qemu-keymaps and qemu-utils.
-- Bastian Blank <waldi@debian.org> Thu, 28 Apr 2011 15:20:45 +0200
xen (4.1.0-2) unstable; urgency=low
* Re-enable hvmloader:
- Use packaged ipxe.
* Workaround incompatibility with xenstored of Xen 4.0.
-- Bastian Blank <waldi@debian.org> Fri, 15 Apr 2011 11:38:25 +0200
xen (4.1.0-1) unstable; urgency=low
* New upstream release.
-- Bastian Blank <waldi@debian.org> Sun, 27 Mar 2011 18:09:28 +0000
xen (4.1.0~rc6-1) unstable; urgency=low
* New upstream release candidate.
* Build documentation using pdflatex.
* Use python 2.6. (closes: #596545)
* Fix lintian override.
* Install new tools: xl, xenpaging.
* Enable blktap2.
- Use own md5 implementation.
- Fix includes.
- Fix linking of blktap2 binaries.
- Remove optimization setting.
* Temporarily disable hvmloader, wants to download ipxe.
* Remove xenstored pid check from xl.
-- Bastian Blank <waldi@debian.org> Thu, 17 Mar 2011 16:12:45 +0100
xen (4.0.1-2) unstable; urgency=low
* Fix races in memory management.
* Make sure that frame-table compression leaves enough alligned.
* Disable XSAVE support. (closes: #595490)
* Check for dying domain instead of raising an assertion.
* Add C6 state with EOI errata for Intel.
* Make some memory management interrupt safe. Unsure if really needed.
* Raise bar for inter-socket migrations on mostly-idle systems.
* Fix interrupt handling for legacy routed interrupts.
* Allow to set maximal domain memory even during a running change.
* Support new partition name in pygrub. (closes: #599243)
* Fix some comparisions "< 0" that may be optimized away.
* Check for MWAIT support before using it.
* Fix endless loop on interrupts on Nehalem cpus.
* Don't crash upon direct GDT/LDT access. (closes: #609531)
CVE-2010-4255
* Don't loose timer ticks after domain restore.
* Reserve some space for IOMMU area in dom0. (closes: #608715)
* Fix hypercall arguments after trace callout.
* Fix some error paths in vtd support. Memory leak.
* Reinstate ACPI DMAR table.
-- Bastian Blank <waldi@debian.org> Wed, 12 Jan 2011 15:01:40 +0100
xen (4.0.1-1) unstable; urgency=low
* New upstream release.
- Fix IOAPIC S3 with interrupt remapping enabled.
-- Bastian Blank <waldi@debian.org> Fri, 03 Sep 2010 17:14:28 +0200
xen (4.0.1~rc6-1) unstable; urgency=low
* New upstream release candidate.
- Add some missing locks for page table walk.
- Fix NMU injection into guest.
- Fix ioapic updates for vt-d.
- Add check for GRUB2 commandline behaviour.
- Fix handling of invalid kernel images.
- Allow usage of powernow.
* Remove lowlevel python modules usage from pygrub. (closes: #588811)
-- Bastian Blank <waldi@debian.org> Tue, 17 Aug 2010 23:15:34 +0200
xen (4.0.1~rc5-1) unstable; urgency=low
* New upstream release candidate.
-- Bastian Blank <waldi@debian.org> Mon, 02 Aug 2010 17:06:27 +0200
xen (4.0.1~rc3-1) unstable; urgency=low
* New upstream release candidate.
* Call dh_pyversion with the correct version.
* Restart xen daemon on upgrade.
-- Bastian Blank <waldi@debian.org> Wed, 30 Jun 2010 16:30:47 +0200
xen (4.0.0-2) unstable; urgency=low
* Fix python dependency. (closes: #586666)
- Use python-support.
- Hardcode to use python 2.5 for now.
-- Bastian Blank <waldi@debian.org> Mon, 21 Jun 2010 17:23:16 +0200
xen (4.0.0-1) unstable; urgency=low
* Update to unstable.
* Fix spelling in README.
* Remove unnecessary build-depends.
* Fixup xend to use different filename lookup.
-- Bastian Blank <waldi@debian.org> Thu, 17 Jun 2010 11:16:55 +0200
xen (4.0.0-1~experimental.2) experimental; urgency=low
* Merge changes from 3.4.3-1.
-- Bastian Blank <waldi@debian.org> Fri, 28 May 2010 12:58:12 +0200
xen (4.0.0-1~experimental.1) experimental; urgency=low
* New upstream version.
* Rename source package to xen.
* Build depend against iasl and uuid-dev.
* Disable blktap2 support, it links against OpenSSL.
* Update copyright file.
-- Bastian Blank <waldi@debian.org> Thu, 06 May 2010 15:47:38 +0200
xen-3 (3.4.3-1) unstable; urgency=low
* New upstream version.
* Disable blktap support, it is unusable with current kernels.
* Disable libaio, was only used by blktap.
* Drop device creation support. (closes: #583283)
-- Bastian Blank <waldi@debian.org> Fri, 28 May 2010 11:43:18 +0200
xen-3 (3.4.3~rc6-1) unstable; urgency=low
* New upstream release candidate.
- Relocate multiboot modules. (closes: #580045)
- Support grub2 in pygrub. (closes: #573311)
-- Bastian Blank <waldi@debian.org> Sat, 08 May 2010 11:32:29 +0200
xen-3 (3.4.3~rc3-2) unstable; urgency=low
* Again list the complete version in the hypervisor.
* Fix path detection for bootloader, document it. (closes: #481105)
* Rewrite README.
-- Bastian Blank <waldi@debian.org> Thu, 08 Apr 2010 16:14:58 +0200
xen-3 (3.4.3~rc3-1) unstable; urgency=low
* New upstream release candidate.
* Use 3.0 (quilt) source format.
* Always use current python version.
-- Bastian Blank <waldi@debian.org> Mon, 01 Mar 2010 22:14:22 +0100
xen-3 (3.4.2-2) unstable; urgency=low
* Remove Jeremy T. Bouse from uploaders.
* Export blktap lib and headers.
* Build amd64 hypervisor on i386. (closes: #366315)
-- Bastian Blank <waldi@debian.org> Sun, 22 Nov 2009 16:54:47 +0100
xen-3 (3.4.2-1) unstable; urgency=low
* New upstream version.
* Strip hvmloader by hand.
* Remove extra license file from libxen-dev.
-- Bastian Blank <waldi@debian.org> Mon, 16 Nov 2009 20:57:07 +0100
xen-3 (3.4.1-1) unstable; urgency=low
* New upstream version.
-- Bastian Blank <waldi@debian.org> Fri, 21 Aug 2009 21:34:38 +0200
xen-3 (3.4.0-2) unstable; urgency=low
* Add symbols file for libxenstore3.0. (closes: #536173)
* Document that ioemu is currently unsupported. (closes: #536175)
* Fix location of fsimage plugins. (closes: #536174)
-- Bastian Blank <waldi@debian.org> Sat, 18 Jul 2009 18:05:35 +0200
xen-3 (3.4.0-1) unstable; urgency=low
[ Bastian Blank ]
* New upstream version.
* Remove ioemu for now. (closes: #490409, #496367)
* Remove non-pae hypervisor.
* Use debhelper compat level 7.
* Make the init script start all daemons.
-- Bastian Blank <waldi@debian.org> Tue, 30 Jun 2009 22:33:22 +0200
xen-3 (3.2.1-2) unstable; urgency=low
* Use e2fslibs based ext2 support for pygrub. (closes: #476366)
* Fix missing checks in pvfb code.
See CVE-2008-1952. (closes: #487095)
* Add support for loading bzImage files. (closes: #474509)
* Enable TLS support in ioemu code.
* Drop libcrypto usage because of GPL-incompatibility.
* Remove AES code from blktap drivers. Considered broken.
-- Bastian Blank <waldi@debian.org> Sat, 28 Jun 2008 11:30:43 +0200
xen-3 (3.2.1-1) unstable; urgency=low
* New upstream version.
* Set rpath relative to ${ORIGIN}.
* Add lintian override to xen-utils package.
-- Bastian Blank <waldi@debian.org> Thu, 22 May 2008 14:01:47 +0200
xen-3 (3.2.0-5) unstable; urgency=low
* Provide correct directory to dh_pycentral.
-- Bastian Blank <waldi@debian.org> Mon, 14 Apr 2008 21:43:49 +0200
xen-3 (3.2.0-4) unstable; urgency=low
* Pull in newer xen-utils-common.
* Fix missing size checks in the ioemu block driver. (closes: #469654)
See: CVE-2008-0928
-- Bastian Blank <waldi@debian.org> Fri, 07 Mar 2008 14:21:38 +0100
xen-3 (3.2.0-3) unstable; urgency=low
* Clean environment for build.
* Add packages libxenstore3.0 and xenstore-utils.
* Move docs package in docs section to match overwrites.
* Make the hypervisor only recommend the utils.
* Cleanup installation. (closes: #462989)
-- Bastian Blank <waldi@debian.org> Tue, 12 Feb 2008 12:40:56 +0000
xen-3 (3.2.0-2) unstable; urgency=low
* Fix broken patch. (closes: #462522)
-- Bastian Blank <waldi@debian.org> Sat, 26 Jan 2008 17:21:52 +0000
xen-3 (3.2.0-1) unstable; urgency=low
* New upstream version.
* Add package libxen-dev. Including public headers and static libs.
(closes: #402249)
* Don't longer install xenfb, removed upstream.
-- Bastian Blank <waldi@debian.org> Tue, 22 Jan 2008 12:51:49 +0000
xen-3 (3.1.2-2) unstable; urgency=low
* Add missing rpath definitions.
* Fix building of pae version.
-- Bastian Blank <waldi@debian.org> Sat, 08 Dec 2007 12:07:42 +0000
xen-3 (3.1.2-1) unstable; urgency=high
* New upstream release:
- Move shared file into /var/run. (closes: #447795)
See CVE-2007-3919.
- x86: Fix various problems with debug-register handling. (closes: #451626)
See CVE-2007-5906.
-- Bastian Blank <waldi@debian.org> Sat, 24 Nov 2007 13:24:45 +0000
xen-3 (3.1.1-1) unstable; urgency=low
* New upstream release:
- Don't use exec with untrusted values in pygrub. (closes: #444430)
See CVE-2007-4993.
-- Bastian Blank <waldi@debian.org> Fri, 19 Oct 2007 16:02:37 +0000
xen-3 (3.1.0-2) unstable; urgency=low
* Switch to texlive for documentation.
* Drop unused transfig.
* Drop unused latex features from documentation.
* Build depend against gcc-multilib for amd64. (closes: #439662)
-- Bastian Blank <waldi@debian.org> Fri, 31 Aug 2007 08:15:50 +0000
xen-3 (3.1.0-1) unstable; urgency=low
[ Julien Danjou ]
* New upstream version.
[ Ralph Passgang ]
* Added graphviz to Build-Indeps
[ Bastian Blank ]
* Upstream removed one part of the version. Do it also.
* Merge utils packages.
* Install blktap support.
* Install pygrub.
* Install xenfb tools.
* xenconsoled startup is racy, wait a little bit.
-- Bastian Blank <waldi@debian.org> Mon, 20 Aug 2007 15:05:08 +0000
xen-3.0 (3.0.4-1-1) unstable; urgency=low
[ Bastian Blank ]
* New upstream version (closes: #394411)
[ Guido Trotter ]
* Actually try to build and release xen 3.0.4
* Update build dependencies
-- Guido Trotter <ultrotter@debian.org> Wed, 23 May 2007 11:57:29 +0100
xen-3.0 (3.0.3-0-2) unstable; urgency=medium
[Bastian Blank]
* Remove device recreate code.
* Remove build dependency on linux-support-X
[ Guido Trotter ]
* Add missing build dependency on zlib1g-dev (closes: #396557)
* Add missing build dependencies on libncurses5-dev and x11proto-core-dev
(closes: #396561, #396567)
-- Guido Trotter <ultrotter@debian.org> Thu, 2 Nov 2006 16:38:02 +0000
xen-3.0 (3.0.3-0-1) unstable; urgency=low
* New upstream version.
-- Bastian Blank <waldi@debian.org> Fri, 20 Oct 2006 11:04:35 +0000
xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low
* New upstream snapshot.
* Ignore update-grub errors. (closes: #392534)
-- Bastian Blank <waldi@debian.org> Sat, 14 Oct 2006 13:09:53 +0000
xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low
* New upstream snapshot.
* Rename ioemu package to include the complete version.
* Fix name of hypervisor. (closes: #391771)
-- Bastian Blank <waldi@debian.org> Mon, 9 Oct 2006 12:48:13 +0000
xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low
* New upstream snapshot.
* Rename hypervisor and utils packages to include the complete version.
* Redo build environment.
-- Bastian Blank <waldi@debian.org> Mon, 4 Sep 2006 18:43:12 +0000
xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low
[ Guido Trotter ]
* Update xen-utils' README.Debian (closes: #372524)
[ Bastian Blank ]
* Adopt new python policy. (closes: #380990)
* Add patch to make new kernels working on the hypervisor.
-- Bastian Blank <waldi@debian.org> Tue, 15 Aug 2006 19:20:08 +0000
xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low
[ Guido Trotter ]
* Update Standards Version
* Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)
[ Bastian Blank ]
* Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)
-- Guido Trotter <ultrotter@debian.org> Wed, 31 May 2006 10:50:05 +0200
xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low
* Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
descriptions, specifying what the difference between the two packages is
(closes: #366019)
* Merge upstream fixes trunk
-- Guido Trotter <ultrotter@debian.org> Thu, 18 May 2006 15:25:02 +0200
xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low
* Merge upstream fixes trunk
- This includes a fix for CVE-2006-1056
-- Guido Trotter <ultrotter@debian.org> Thu, 27 Apr 2006 17:34:03 +0200
xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low
* Merge upstream fixes trunk
* Fix PAE disabled in pae build (Closes: #364875)
-- Julien Danjou <acid@debian.org> Wed, 26 Apr 2006 13:19:39 +0200
xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low
[ Guido Trotter ]
* Merge upstream fixes trunk
[ Bastian Blank ]
* debian/patches/libdir.dpatch: Update to make xm save work
-- Julien Danjou <acid@debian.org> Mon, 24 Apr 2006 18:02:07 +0200
xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low
* Merge upstream bug fixes
* Fix bug with xend init.d script
-- Julien Danjou <acid@debian.org> Wed, 12 Apr 2006 17:35:35 +0200
xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low
* New upstream release
* Fix copyright file
-- Julien Danjou <acid@debian.org> Mon, 10 Apr 2006 17:02:55 +0200
xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low
* The "preserve our homes" release
* Now cooperatively maintained by the Debian Xen Team
* New upstream release (closes: #327493, #342249)
* Build depend on transfig (closes: #321157)
* Use gcc rather than gcc-3.4 to compile (closes: #323698)
* Split xen-hypervisor-3.0 and xen-utils-3.0
* Build both normal and pae hypervisor packages
* Change maintainer and add uploaders field
* Add force-reload support for init script xendomains
* Remove dependency against bash
* Bump standards version to 3.6.2.2
* xen-utils-3.0 conflicts and replaces xen
* Add dpatch structure to the package
* Remove build-dependency on gcc (it's build essential anyway)
* Make SrvServer.py not executable
* Create NEWS.Debian file with important upgrade notices
* Update copyright file
* Remove the linux-patch-xen package
* Removed useless build-dependencies: libncurses5-dev, wget
* Changed xendomains config path to /etc/default
* xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
xen-hypervisor
* Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
xen2 -> xen3 don't fail because of a running xen2 hypervisor
* Updated the "Replaces & Conflicts"
* Install only and correctly udev files
* Compile date is no more in current locale
* Add patch which add the debian version and maintainer in the version
string and removes the banner.
* Don't install unusable cruft in xen-utils
* Remove libxen packages (no stable API/ABI)
-- Julien Danjou <acid@debian.org> Wed, 5 Apr 2006 16:05:07 +0200
xen (2.0.6-1) unstable; urgency=low
* Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
python-install.patch, disable-html-docs.patch.
* New upstream released. Closes: #311336.
* Remove comparison to UML from xen short description. Closes: #317066.
* Make packages conflicts with 1.2 doc debs. Closes: #304285.
* Add iproute to xen depends, as it uses /bin/ip. Closes: #300488,
#317468.
-- Adam Heath <doogie@brainfood.com> Wed, 06 Jul 2005 12:35:50 -0500
xen (2.0.5-3) experimental; urgency=low
* Change priority/section to match the overrides file.
-- Adam Heath <doogie@brainfood.com> Fri, 18 Mar 2005 12:43:50 -0600
xen (2.0.5-2) experimental; urgency=low
* Mike McCallister <mike+debian@metalogue.com>,
Tommi Virtanen <tv@debian.org>, Tom Hibbert <tom@nsp.co.nz>:
Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384
-- Adam Heath <doogie@brainfood.com> Fri, 18 Mar 2005 11:39:56 -0600
xen (2.0.5-1) experimental; urgency=low
* New upstream.
* Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
as they have been applied upstream(in various forms).
* xend now starts at priority 20, stops at 21, while xendomains starts
at 21, and stops at 20.
-- Adam Heath <doogie@brainfood.com> Fri, 11 Mar 2005 14:33:33 -0600
xen (2.0.4-4) experimental; urgency=low
* Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will
get shipped. Reported by Clint Adams <schizo@debian.org>.
-- Adam Heath <doogie@brainfood.com> Tue, 15 Feb 2005 13:00:57 -0600
xen (2.0.4-3) experimental; urgency=low
* Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
xen-docs. Reported by Tupshin Harper <tupshin@tupshin.com>.
-- Adam Heath <doogie@brainfood.com> Sun, 06 Feb 2005 01:22:45 -0600
xen (2.0.4-2) experimental; urgency=low
* Fix kernel patch generation. It was broken when I integrated with
debian's kernel source. I used a symlink, and diff doesn't follow
those.
-- Adam Heath <doogie@brainfood.com> Sat, 05 Feb 2005 18:16:35 -0600
xen (2.0.4-1) experimental; urgency=low
* New upstream.
* xen.deb can now install on a plain kernel; that is, the init scripts
exit successfully if /proc/xen/privcmd doesn't exist. This allows
for dual-boot setups.
* Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend
xfrd are daemons, and take little if any options. I've not had a need
to use xenperf nor xensv yet. xm has nice built in help(xm help).
* Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is
not yet in debian, disable the 2.4 patch generation. Closes: #271245.
* Not certain how the kernel-patch-xen was empty. It's not now, with
the repackaging. Closes: #272299.
* Xen no longer produces kernel images, so problems about missing features
are no longer valid. Closes: #253924.
* Acknowledge nmu bugs:
* No longer build-depend on gcc 3.3, as the default gcc works. Closes:
#243048.
-- Adam Heath <doogie@brainfood.com> Sat, 05 Feb 2005 18:04:27 -0600
xen (2.0.3-0.1) unstable; urgency=low
* Changes from Tommi Virtanen:
* Added dh-kpatches and libcurl3-dev to Build-Depends.
* Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
* Add xmexample1 and xmexample2 to xen/doc/examples.
-- Adam Heath <doogie@brainfood.com> Wed, 26 Jan 2005 10:55:07 -0600
xen (2.0.3-0) unstable; urgency=low
* New upstream. Closes: #280733.
* Repackaged from scratch.
* Using unreleased patch management system. See debian/README.build.
* After extracting the .dsc, there are no special steps needed
* Those wanting to change the source, use the normal procedures for
any package, including using interdiff(or other tool) to send a
patch to me or the bts.
* No longer try to do anything fancy with regard to the layout of the
built kernels. Now, only patches are distributed. Please make use of
the xen support in kernel-package.
* Early preview release to #debian-devel.
-- Adam Heath <doogie@brainfood.com> Tue, 25 Jan 2005 13:24:54 -0600
xen (1.2-4.1) unstable; urgency=high
* NMU
* Remove gcc-3.2 from Build-Depends as isn't used during build
(Closes: #243048)
-- Frank Lichtenheld <djpig@debian.org> Sat, 21 Aug 2004 17:42:28 +0200
xen (1.2-4) unstable; urgency=low
* Added xen-docs.README.Debian, which explains the kernel image layout,
and contains references on the locations differ from what is mentioned
by the upstream documentation. Closes: #230345.
-- Adam Heath <doogie@brainfood.com> Fri, 26 Mar 2004 17:36:41 -0600
xen (1.2-3) unstable; urgency=low
* Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
Build-Depends-Indep.
-- Adam Heath <doogie@brainfood.com> Tue, 23 Mar 2004 20:14:39 -0600
xen (1.2-2) unstable; urgency=low
* xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
* kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
/usr/lib/kernels.
* Add kernel-patch-nfs-swap deb.
* Apply additional patches to kernel-image-xen:
* nfs-group
* nfs-swap
-- Adam Heath <doogie@brainfood.com> Thu, 04 Mar 2004 12:47:47 -0600
xen (1.2-1) unstable; urgency=low
* Initial version.
-- Adam Heath <doogie@brainfood.com> Tue, 02 Mar 2004 13:21:52 -0600