[ubuntu-cloud-archive/havana-proposed] xen (Accepted)

James Page james.page at ubuntu.com
Mon Aug 5 11:23:30 UTC 2013


 xen (4.2.2-1ubuntu1~cloud1) precise-havana; urgency=low
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 xen (4.2.2-1ubuntu1~cloud0) precise-havana; urgency=low
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 xen (4.2.2-1ubuntu1) saucy; urgency=low
 .
   * Merge with Debian unstable. Dropping the following patches in favour
     of Debian ones:
     - xsa52-4.2-unstable.patch
     - xsa53-4.2.patch
     - xsa54.patch
     - xsa56.patch
   * Remaining changes:
     - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
       This will again use the Ubuntu specific LDFLAGS (using some
       hardening options). Older releases would always pass those options
       in the environment but that changed.
     - Ressurrect qemu-dm for now (upstream qemu would not support
       migration, yet). Forward-port some patches from the old Debian
       package which still included qemu-dm:
       - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
       - qemu-disable-blktap (this is not present in upstream)
       - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
         be provided by qemu/kvm package)
   * Remaining additional patches:
     - qemu-fix-librt-test.patch
       Fix build regression caused by glibc not requiring to link against
       librt for the clock_gettime function. Patch picked from xen-devel
       mailing list.
     - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
       Add direct include to sys/types.h for xg_main.c which likely was
       indirectly done before. Needed to get ulong type definition.
     - tools-ocaml-fix-build: refresh and reenable (and fix the description
       of) this patch.  Without it the ocam native libraries (*.cmxa)
       build in /build local paths rather than appropriatly versioned
       library references.
     - APIC Register Virtualization (backported from Xen 4.3)
       - 0001-xen-enable-APIC-Register-Virtualization.patch
       - 0002-xen-enable-Virtual-interrupt-delivery.patch
       - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
     - TSC Adjust Support (backported from Xen 4.3)
       - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
       - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
       - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
     - Fix FTBS on i386
       - 0007-x86-Fix-i386-virtual-apic.patch
     - silence-gcc-warnings.patch: Silence gcc warnings.
 .
 xen (4.2.2-1) unstable; urgency=low
 .
   * New upstream release.
     - Fix build with gcc 4.8. (closes: #712376)
   * Build-depend on libssl-dev. (closes: #712366)
   * Enable hardening as much as possible.
   * Re-enable ocaml build fixes. (closes: #695176)
   * Check for out-of-bound values in CPU affinity setup.
     CVE-2013-2072
   * Fix information leak on AMD CPUs.
     CVE-2013-2076
   * Recover from faults on XRSTOR.
     CVE-2013-2077
   * Properly check guest input to XSETBV.
     CVE-2013-2078
 .
 xen (4.2.1-2ubuntu2) saucy; urgency=low
 .
   * Applying Xen Security Advisories:
     - CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55
       * libelf: abolish libelf-relocate.c
       * libxc: introduce xc_dom_seg_to_ptr_pages
       * libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
       * libelf: add `struct elf_binary*' parameter to elf_load_image
       * libelf: abolish elf_sval and elf_access_signed
       * libelf: move include of <asm/guest_access.h> to top of file
       * libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised
       * libelf: introduce macros for memory access and pointer handling
       * tools/xcutils/readnotes: adjust print_l1_mfn_valid_note
       * libelf: check nul-terminated strings properly
       * libelf: check all pointer accesses
       * libelf: Check pointer references in elf_is_elfbinary
       * libelf: Make all callers call elf_check_broken
       * libelf: use C99 bool for booleans
       * libelf: use only unsigned integers
       * libelf: check loops for running away
       * libelf: abolish obsolete macros
       * libxc: Add range checking to xc_dom_binloader
       * libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
       * libxc: check return values from malloc
       * libxc: range checks in xc_dom_p2m_host and _guest
       * libxc: check blob size before proceeding in xc_dom_check_gzip
       * libxc: Better range check in xc_dom_alloc_segment
     - CVE-XXXX-XXXX / XSA57
       * libxl: Restrict permissions on PV console device xenstore nodes
 .
 xen (4.2.1-2ubuntu1) saucy; urgency=low
 .
   * Merge with Debian unstable. Dropping the following patches in favour
     of Debian ones:
     - xsa33-4.2-unstable.patch
     - xsa36-4.2.patch
     - xsa44-4.2.patch
     - xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch
     - xsa45-4.2-02-new-guest-cr3-preemptible.patch
     - xsa45-4.2-03-new-user-base-preemptible.patch
     - xsa45-4.2-04-vcpu-reset-preemptible.patch
     - xsa45-4.2-05-set-info-guest-preemptible.patch
     - xsa45-4.2-06-unpin-preemptible.patch
     - xsa45-4.2-07-mm-error-paths-preemptible.patch
     - xsa46-4.2.patch
     - xsa47-4.2-unstable.patch
     - xsa49-4.2.patch
   * Remaining changes:
     - debian/control: Depend on libssl-dev
     - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
       This will again use the Ubuntu specific LDFLAGS (using some
       hardening options). Older releases would always pass those options
       in the environment but that changed.
     - Ressurrect qemu-dm for now (upstream qemu would not support
       migration, yet). Forward-port some patches from the old Debian
       package which still included qemu-dm:
       - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
       - qemu-disable-blktap (this is not present in upstream)
       - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
         be provided by qemu/kvm package)
   * Remaining additional patches:
     - qemu-cve-2012-6075-1.patch / qemu-cve-2012-6075-2.patch
     - xsa34-4.2.patch
     - xsa35-4.2-with-xsa34.patch
     - xsa38.patch
     - xsa52-4.2-unstable.patch
     - xsa53-4.2.patch
     - xsa54.patch
     - xsa56.patch
     - qemu-fix-librt-test.patch
       Fix build regression caused by glibc not requiring to link against
       librt for the clock_gettime function. Patch picked from xen-devel
       mailing list.
     - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
       Add direct include to sys/types.h for xg_main.c which likely was
       indirectly done before. Needed to get ulong type definition.
     - tools-ocaml-fix-build: refresh and reenable (and fix the description
       of) this patch.  Without it the ocam native libraries (*.cmxa)
       build in /build local paths rather than appropriatly versioned
       library references.
     - APIC Register Virtualization (backported from Xen 4.3)
       - 0001-xen-enable-APIC-Register-Virtualization.patch
       - 0002-xen-enable-Virtual-interrupt-delivery.patch
       - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
     - TSC Adjust Support (backported from Xen 4.3)
       - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
       - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
       - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
     - Fix FTBS on i386
       - 0007-x86-Fix-i386-virtual-apic.patch
     - Fix HVM regression when host supports SMEP
       - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
       - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
       - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
     - silence-gcc-warnings.patch: Silence gcc warnings.
     - gcc48-ftbfs.patch
     - gcc48-ftbfs-2.patch
 .
 xen (4.2.1-2) unstable; urgency=low
 .
   * Actually upload to unstable.
 .
 xen (4.2.1-1) experimental; urgency=low
 .
   * New upstream release.
   * Enable usage of seabios.
   * Fix some toolchain issues.
 .
 xen (4.2.1-0ubuntu4) saucy; urgency=low
 .
   [ Stefan Bader ]
   * Applying Xen Security Advisories:
     - CVE-2013-1918 / XSA-45
       * x86: make vcpu_destroy_pagetables() preemptible
       * x86: make new_guest_cr3() preemptible
       * x86: make MMUEXT_NEW_USER_BASEPTR preemptible
       * x86: make vcpu_reset() preemptible
       * x86: make arch_set_info_guest() preemptible
       * x86: make page table unpinning preemptible
       * x86: make page table handling error paths preemptible
     - CVE-2013-1952 / XSA-49
       * VT-d: don't permit SVT_NO_VERIFY entries for known device types
     - CVE-2013-2076 / XSA-52
       * x86/xsave: fix information leak on AMD CPUs
     - CVE-2013-2077 / XSA-53
       * x86/xsave: recover from faults on XRSTOR
     - CVE-2013-2078 / XSA-54
       * x86/xsave: properly check guest input to XSETBV
     - CVE-2013-2072 / XSA-56
       * libxc: limit cpu values when setting vcpu affinity
 .
   [ Marc Deslauriers ]
   * debian/patches/gcc48-ftbfs.patch: Add -Wno-unused-local-typedefs to
     CFLAGS.
   * debian/patches/gcc48-ftbfs-2.patch: fix memset(&p,0,sizeof(p)) idiom in
     several places.
 .
 xen (4.2.1-0ubuntu3.1) raring-security; urgency=low
 .
   * Applying Xen Security Advisories:
     - CVE-2013-1917 / XSA-44
       x86: clear EFLAGS.NT in SYSENTER entry path
     - CVE-2013-1919 / XSA-46
       x86: fix various issues with handling guest IRQs
     - CVE-2013-1920 / XSA-47
       defer event channel bucket pointer store until after XSM checks
 .
 xen (4.2.1-0ubuntu3) raring; urgency=low
 .
   * Fix FTBS on i386
     - 0007-x86-Fix-i386-virtual-apic.patch
   * Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
     - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
     - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
     - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
 .
 xen (4.2.1-0ubuntu2) raring; urgency=low
 .
   * Backporting support for Intel APIC virtualization (LP: #1160373)
     - 0001-xen-enable-APIC-Register-Virtualization.patch
     - 0002-xen-enable-Virtual-interrupt-delivery.patch
     - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
   * Backporting support for Intel TSC adjust (LP: #1160378)
     - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
     - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
     - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
 .
 xen (4.2.1-0ubuntu1) raring; urgency=low
 .
   * New upstream stable release. Remaining changes:
     - Fix to qemu for CVE-2012-6075
     - Patches for XSA33-36 and 38
     - qemu-fix-librt-test.patch
       Fix build regression caused by glibc not requiring to link against
       librt for the clock_gettime function. Patch picked from xen-devel
       mailing list.
     - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
       Add direct include to sys/types.h for xg_main.c which likely was
       indirectly done before. Needed to get ulong type definition.
     - tools-ocaml-fix-build: refresh and reenable (and fix the description
       of) this patch.  Without it the ocam native libraries (*.cmxa)
       build in /build local paths rather than appropriatly versioned
       library references.
     - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
       This will again use the Ubuntu specific LDFLAGS (using some
       hardening options). Older releases would always pass those options
       in the environment but that changed.
     - Ressurrect qemu-dm for now (upstream qemu would not support
       migration, yet). Forward-port some patches from the old Debian
       package which still included qemu-dm:
       - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
       - qemu-disable-blktap (this is not present in upstream)
       - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
         be provided by qemu/kvm package)
     - Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
       up hvmloader build. kvm-ipxe contains a subset of the rom files from
       which the Xen build only uses two to be embedded in the hvmloader.
     - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
 .
 xen (4.2.0-2) experimental; urgency=low
 .
   * Support JSON output in domain init script helper.
 .
 xen (4.2.0-1ubuntu6) raring; urgency=low
 .
   * Applying Xen Security Advisory:
     - VT-d: fix interrupt remapping source validation for devices behind
       legacy bridges
       CVE-2012-5634 / XSA-33
     - x86_32: don't allow use of nested HVM
       CVE-2013-0151 / XSA-34
     - xen: Do not allow guests to enable nested HVM on themselves
       CVE-2013-0152 / XSA-35
     - ACPI: acpi_table_parse() should return handler's error code
       CVE-2013-0153 / XSA-36
     - oxenstored incorrect handling of certain Xenbus ring states
       CVE-2013-0215 / XSA-38
   * Applying qemu security fixes:
     - e1000: Discard packets that are too long if !SBP and !LPE
       CVE-2012-6075 / XSA-41
     - Discard packets longer than 16384 when !SBP to match the hardware
       behavior.
       CVE-2012-6075 / XSA-41
   * qemu-fix-librt-test.patch
     Fix build regression caused by glibc not requiring to link against
     librt for the clock_gettime function. Patch picked from xen-devel
     mailing list.
   * tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
     Add direct include to sys/types.h for xg_main.c which likely was
     indirectly done before. Needed to get ulong type definition.
 .
 xen (4.2.0-1ubuntu5) raring; urgency=low
 .
   * Add libssl-dev to Build-Depends.
 .
 xen (4.2.0-1ubuntu4) raring; urgency=low
 .
   * Applying Xen Security fixes (LP: #1086875)
     - gnttab: fix releasing of memory upon switches between versions
       CVE-2012-5510
     - hvm: Limit the size of large HVM op batches
       CVE-2012-5511
     - xen: add missing guest address range checks to XENMEM_exchange handlers
       CVE-2012-5513
     - xen: fix error handling of guest_physmap_mark_populate_on_demand()
       CVE-2012-5514
     - memop: limit guest specified extent order
       CVE-2012-5515
     - x86: get_page_from_gfn() must return NULL for invalid GFNs
       CVE-2012-5525
 .
 xen (4.2.0-1ubuntu3) raring; urgency=low
 .
   * tools-ocaml-fix-build: refresh and reenable (and fix the description
     of) this patch.  Without it the ocam native libraries (*.cmxa)
     build in /build local paths rather than appropriatly versioned
     library references.
 .
 xen (4.2.0-1ubuntu2) raring; urgency=low
 .
   * Drop replaces and conflicts for xen3 packages (they are no longer
     in the upgrade path) from debian/control:
     - libxenstore3.0: Conflict and replaces libxen3.
     - libxen-dev: Conflict and replaces libxen3-dev.
     - xenstore-utils: Conflict and replaces libxen3
     - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
       and xen-utils-3.3
   * Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
     This will again use the Ubuntu specific LDFLAGS (using some
     hardening options). Older releases would always pass those options
     in the environment but that changed.
   * Ressurrect qemu-dm for now (upstream qemu would not support
     migration, yet). Forward-port some patches from the old Debian
     package which still included qemu-dm:
     - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
     - qemu-disable-blktap (this is not present in upstream)
     - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
       be provided by qemu/kvm package)
   * Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
     up hvmloader build. kvm-ipxe contains a subset of the rom files from
     which the Xen build only uses two to be embedded in the hvmloader.
   * XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
     - CVE-2012-4535
   * XSA-22: Prevent incorrect updates of m2p mappings
     - CVE-2012-4537
   * XSA-23: check toplevel pagetables are present before unhooking them
     - CVE-2012-4538
   * XSA-24: Prevent infinite loop in compat code
     - CVE-2012-4539
   * XSA-25: limit maximum size of kernel/ramdisk
     - CVE-2012-4544
 .
 xen (4.2.0-1ubuntu1) raring; urgency=low
 .
   * Merge from Debian Experimental, Remaining changes:
     - debian/control:
       - Build depends on ipxe-qemu.
       - libxenstore3.0: Conflict and replaces libxen3.
       - libxen-dev: Conflict and replaces libxen3-dev.
       - xenstore-utils: Conflict and replaces libxen3
       - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
         and xen-utils-4.1.
       - Make sure the LDFLAGS value passed is suitable for use by ld
         rather than gcc.
     - disable debian/patches/config-etherboot.diff.
     - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
 .
 xen (4.2.0-1) experimental; urgency=low
 .
   * New upstream release.
 .
 xen (4.2.0~rc3-1) experimental; urgency=low
 .
   * New upstream snapshot.
 .
 xen (4.2.0~rc2-1) experimental; urgency=low
 .
   * New upstream snapshot.
   * Build-depend against libglib2.0-dev and libyajl-dev.
   * Disable seabios build for now.
   * Remove support for Lenny and earlier.
   * Support build-arch and build-indep make targets.
 .
 xen (4.1.4-4) unstable; urgency=high
 .
   * Make several long runing operations preemptible.
     CVE-2013-1918
   * Fix source validation for VT-d interrupt remapping.
     CVE-2013-1952
 .
 xen (4.1.4-3) unstable; urgency=high
 .
   * Fix return from SYSENTER.
     CVE-2013-1917
   * Fix various problems with guest interrupt handling.
     CVE-2013-1919
   * Only save pointer after access checks.
     CVE-2013-1920
   * Fix domain locking for transitive grants.
     CVE-2013-1964
 .
 xen (4.1.4-2) unstable; urgency=low
 .
   * Use pre-device interrupt remapping mode per default. Fix removing old
     remappings.
     CVE-2013-0153
 .
 xen (4.1.4-1) unstable; urgency=low
 .
   * New upstream release.
     - Disable process-context identifier support in newer CPUs for all
       domains.
     - Add workarounds for AMD errata.
     - Don't allow any non-canonical addresses.
     - Use Multiboot memory map if BIOS emulation does not provide one.
     - Fix several problems in tmem.
       CVE-2012-3497
     - Fix error handling in domain creation.
     - Adjust locking and interrupt handling during S3 resume.
     - Tighten more resource and memory range checks.
     - Reset performance counters. (closes: #698651)
     - Remove special-case for first IO-APIC.
     - Fix MSI handling for HVM domains. (closes: #695123)
     - Revert cache value of disks in HVM domains.
 .
 xen (4.1.3-8) unstable; urgency=high
 .
   * Fix error in VT-d interrupt remapping source validation.
     CVE-2012-5634
   * Fix buffer overflow in qemu e1000 emulation.
     CVE-2012-6075
   * Update patch, mention second CVE.
     CVE-2012-5511, CVE-2012-6333
 .
 xen (4.1.3-7) unstable; urgency=low
 .
   * Fix clock jump due to incorrect annotated inline assembler.
     (closes: #599161)
   * Add support for XZ compressed Linux kernels to hypervisor and userspace
     based loaders, it is needed for any Linux kernels newer then Wheezy.
     (closes: #695056)
 .
 xen (4.1.3-6) unstable; urgency=high
 .
   * Fix error handling in physical to machine memory mapping.
     CVE-2012-5514
 .
 xen (4.1.3-5) unstable; urgency=high
 .
   * Fix state corruption due to incomplete grant table switch.
     CVE-2012-5510
   * Check range of arguments to several HVM operations.
     CVE-2012-5511, CVE-2012-6333
   * Check array index before using it in HVM memory operation.
     CVE-2012-5512
   * Check memory range in memory exchange operation.
     CVE-2012-5513
   * Don't allow too large memory size and avoid busy looping.
     CVE-2012-5515
 .
 xen (4.1.3-4) unstable; urgency=high
 .
   * Use linux 3.2.0-4 stuff.
   * Fix overflow in timer calculations.
     CVE-2012-4535
   * Check value of physical interrupts parameter before using it.
     CVE-2012-4536
   * Error out on incorrect memory mapping updates.
     CVE-2012-4537
   * Check if toplevel page tables are present.
     CVE-2012-4538
   * Fix infinite loop in compatibility code.
     CVE-2012-4539
   * Limit maximum kernel and ramdisk size.
     CVE-2012-2625, CVE-2012-4544
 .
 xen (4.1.3-3ubuntu1) quantal; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - libxenstore3.0: Conflict and replaces libxen3.
     - libxen-dev: Conflict and replaces libxen3-dev.
     - xenstore-utils: Conflict and replaces libxen3.
     - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
       and xen-utils-4.1.
     - Change depend back to ipxe as we do not have ipxe-qemu.
     - etherboot: Change the config back to include the 8086100e.rom
     - Dropped:
       - Make sure the LDFLAGS value passed is suitable for use by ld
         rather than gcc. Right now there seem to be no LDFLAGS passed.
   * Backported AMD specific improvements from upstream Xen (LP: #1009098):
     - svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
     - x86: Use deep C states for off-lined CPUs
     - x86/AMD: Add support for AMD's OSVW feature in guests.
     - hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors
 .
 xen (4.1.3-3) unstable; urgency=low
 .
   * Xen domain init script:
     - Make sure Open vSwitch is started before any domain.
     - Properly handle and show output of failed migration and save.
     - Ask all domains to shut down before checking them.
 .
 xen (4.1.3-2) unstable; urgency=medium
 .
   * Don't allow writing reserved bits in debug register.
     CVE-2012-3494
   * Fix error handling in interrupt assignment.
     CVE-2012-3495
   * Don't trigger bug messages on invalid flags.
     CVE-2012-3496
   * Check array bounds in interrupt assignment.
     CVE-2012-3498
   * Properly check bounds while setting the cursor in qemu.
     CVE-2012-3515
   * Disable monitor in qemu by default.
     CVE-2012-4411
 .
 xen (4.1.3-1) unstable; urgency=medium
 .
   * New upstream release: (closes: #683286)
     - Don't leave the x86 emulation in a bad state. (closes: #683279)
       CVE-2012-3432
     - Only check for shared pages while any exist on teardown.
       CVE-2012-3433
     - Fix error handling for unexpected conditions.
     - Update CPUID masking to latest Intel spec.
     - Allow large ACPI ids.
     - Fix IOMMU support for PCI-to-PCIe bridges.
     - Disallow access to some sensitive IO-ports.
     - Fix wrong address in IOTLB.
     - Fix deadlock on CPUs without working cpufreq driver.
     - Use uncached disk access in qemu.
     - Fix buffer size on emulated e1000 device in qemu.
   * Fixup broken and remove applied patches.
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
 .
   [ Ian Campbell ]
   * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
   * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
 .
   [ Bastian Blank ]
   * Actually build-depend on new enough version of dpkg-dev.
   * Add xen-sytem-* meta-packages. We are finally in a position to do
     automatic upgrades and this package is missing. (closes: #681376)
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4ubuntu1) quantal; urgency=low
 .
   [ Ubuntu Merge-o-Matic ]
   * Merge from Debian unstable.  Remaining changes:
       - Thanks to Stefan Bader.
       - libxenstore3.0: Conflict and replaces libxen3.
       - libxen-dev: Conflict and replaces libxen3-dev.
       - xenstore-utils: Conflict and replaces libxen3.
       - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
         and xen-utils-4.1.
       - Change depend back to ipxe as we do not have ipxe-qemu.
       - etherboot: Change the config back to include the 8086100e.rom
       - Dropped:
         - Make sure the LDFLAGS value passed is suitable for use by ld
           rather than gcc. Right now there seem to be no LDFLAGS passed.
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
 .
   * Add Build-Using info to xen-utils package.
   * Fix build-arch target.
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
 .
   * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
     compatible.
   * Fix init script usage.
   * Fix udev rules for emulated network devices:
     - Force names of emulated network devices to a predictable name.
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
 .
   * Fix pointer missmatch in interrupt functions. Fixes build on i386.
 .
 xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
 .
   * New upstream snapshot.
     - Fix privilege escalation and syscall/sysenter DoS while using
       non-canonical addresses by untrusted PV guests. (closes: #677221)
       CVE-2012-0217
       CVE-2012-0218
     - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
       cause a DoS of the host.
       CVE-2012-2934
   * Don't fail if standard toolstacks are not available. (closes: #677244)
 .
 xen (4.1.2-7) unstable; urgency=low
 .
   * Really use ucf.
   * Update init script dependencies:
     - Start $syslog before xen.
     - Start drbd and iscsi before xendomains. (closes: #626356)
     - Start corosync and heartbeat after xendomains.
   * Remove /var/log/xen on purge. (closes: #656216)
 .
 xen (4.1.2-6) unstable; urgency=low
 .
   * Fix generation of architectures for hypervisor packages.
   * Remove information about loop devices, it is incorrect. (closes: #503044)
   * Update xendomains init script:
     - Create directory for domain images only root readable. (closes: #596048)
     - Add missing sanity checks for variables. (closes: #671750)
     - Remove not longer supported config options.
     - Don't fail if no config is available.
     - Remove extra output if domain was restored.
 .
 xen (4.1.2-5) unstable; urgency=low
 .
   * Actually force init script rename. (closes: #669341)
   * Fix long output from xl.
   * Move complete init script setup.
   * Rewrite xendomains init script:
     - Use LSB output functions.
     - Make output more clear.
     - Use xen toolstack wrapper.
     - Use a python script to properly read domain details.
   * Set name for Domain-0.
 .
 xen (4.1.2-4) unstable; urgency=low
 .
   [ Bastian Blank ]
   * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
   * Don't longer use a4wide latex package.
   * Use ucf for /etc/default/xen.
   * Remove handling for old udev rules link and xenstored directory.
   * Rename xend init script to xen.
 .
   [ Lionel Elie Mamane ]
   * Fix toolstack script to work with old dash. (closes: #648029)
 .
 xen (4.1.2-3) unstable; urgency=low
 .
   * Merge xen-common source package.
   * Remove xend wrapper, it should not be called by users.
   * Support xl in init script.
   * Restart xen daemons on upgrade.
   * Restart and stop xenconsoled in init script.
   * Load xen-gntdev module.
   * Create /var/lib/xen. (closes: #658101)
   * Cleanup udev rules. (closes: #657745)

Date: Wed, 24 Jul 2013 12:58:13 -0400
Changed-By: Chuck Short <zulcss at ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com> 
Published-By: James Page <james.page at ubuntu.com>


More information about the Cloud-archive-changes mailing list