[Pkg-xen-changes] [xen] 02/02: merge patched-develop into develop
Bastian Blank
waldi at moszumanska.debian.org
Tue Dec 9 19:13:14 UTC 2014
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch develop
in repository xen.
commit 289370342769293aa69a706d127280e5394274d2
Merge: 5c47e22 46c58c1
Author: Bastian Blank <waldi at debian.org>
Date: Tue Dec 9 20:06:35 2014 +0100
merge patched-develop into develop
debian/.git-dpm | 4 +-
debian/changelog | 7 +
debian/patches/CVE-2014-9065.diff | 524 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
xen/common/spinlock.c | 136 +++++----
xen/include/asm-arm/arm32/spinlock.h | 78 ------
xen/include/asm-arm/arm64/spinlock.h | 63 -----
xen/include/asm-x86/spinlock.h | 54 ----
xen/include/xen/spinlock.h | 6 +-
9 files changed, 627 insertions(+), 246 deletions(-)
diff --cc debian/.git-dpm
index f797aab,0000000..c83cedb
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,8 -1,0 +1,8 @@@
+# see git-dpm(1) from git-dpm package
- 260a7a8659cb54d90b238bf9dd0f2961a6b38025
- 260a7a8659cb54d90b238bf9dd0f2961a6b38025
++46c58c1d1a991e596fe3a2b6474add1d391b2282
++46c58c1d1a991e596fe3a2b6474add1d391b2282
+3387be132d526263f246c24d3bbc94767a4eba76
+3387be132d526263f246c24d3bbc94767a4eba76
+xen_4.4.1.orig.tar.xz
+900ed093d14caf511fa1a22f48bbf0499bb2ee11
+3778516
diff --cc debian/changelog
index cc355d4,0000000..a9a1795
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,1181 -1,0 +1,1188 @@@
++xen (4.4.1-6) UNRELEASED; urgency=medium
++
++ * Fix starvation of writers in locks.
++ CVE-2014-9065
++
++ -- Bastian Blank <waldi at debian.org> Tue, 09 Dec 2014 20:06:48 +0100
++
+xen (4.4.1-5) unstable; urgency=medium
+
+ * Fix excessive checks of hypercall arguments.
+ CVE-2014-8866
+ * Fix boundary checks of emulated MMIO access.
+ CVE-2014-8867
+ * Fix additional memory leaks in xl. (closes: #767295)
+
+ -- Bastian Blank <waldi at debian.org> Sun, 30 Nov 2014 20:13:32 +0100
+
+xen (4.4.1-4) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Make operations pre-emptible.
+ CVE-2014-5146, CVE-2014-5149
+ * Don't allow page table updates from non-PV page tables.
+ CVE-2014-8594
+ * Enforce privilege level while loading code segment.
+ CVE-2014-8595
+ * Fix reference counter leak.
+ CVE-2014-9030
+ * Use linux 3.16.0-4 stuff.
+ * Fix memory leak in xl. (closes: #767295)
+
+ [ Ian Campbell ]
+ * Add licensing for tools/python/logging to debian/copyright.
+ (Closes: #759384)
+ * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
+ * xen-utils recommends grub-xen-host package (Closes: #770460)
+
+ -- Bastian Blank <waldi at debian.org> Thu, 27 Nov 2014 20:17:36 +0100
+
+xen (4.4.1-3) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Remove unused build-depencencies.
+ * Extend list affected systems for broken interrupt assignment.
+ CVE-2013-3495
+ * Fix race in hvm memory management.
+ CVE-2014-7154
+ * Fix missing privilege checks on instruction emulation.
+ CVE-2014-7155, CVE-2014-7156
+ * Fix uninitialized control structures in FIFO handling.
+ CVE-2014-6268
+ * Fix MSR range check in emulation.
+ CVE-2014-7188
+
+ [ Ian Campbell ]
+ * Install xen.efi into /boot for amd64 builds.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Oct 2014 16:27:46 +0200
+
+xen (4.4.1-2) unstable; urgency=medium
+
+ * Re-build with correct content.
+ * Use dh_lintian.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 24 Sep 2014 20:23:14 +0200
+
+xen (4.4.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fix several vulnerabilities. (closes: #757724)
+ CVE-2014-2599, CVE-2014-3124,
+ CVE-2014-3967, CVE-2014-3968,
+ CVE-2014-4021
+
+ -- Bastian Blank <waldi at debian.org> Sun, 21 Sep 2014 10:45:47 +0200
+
+xen (4.4.0-5) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Expand on the descriptions of some packages. (Closes: #466683)
+ * Clarify where xen-utils-common is required. (Closes: #612403)
+ * No longer depend on gawk. Xen can now use any awk one of which is always
+ present. (Closes: #589176)
+ * Put core dumps in /var/lib/xen/dump and ensure it exists.
+ (Closes: #444000)
+
+ [ Bastian Blank ]
+ * Handle JSON output from xl in xendomains init script.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 06 Sep 2014 22:11:20 +0200
+
+xen (4.4.0-4) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Also remove unused OCaml packages from control file.
+ * Make library packages multi-arch: same. (closes: #730417)
+ * Use debhelper compat level 9. (closes: #692352)
+
+ [ Ian Campbell ]
+ * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
+ * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
+ * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 30 Aug 2014 13:34:04 +0200
+
+xen (4.4.0-3) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Use correct SeaBIOS binary which supports Xen (Closes: #737905).
+
+ [ Bastian Blank ]
+ * Really update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 29 Aug 2014 16:33:19 +0200
+
+xen (4.4.0-2) unstable; urgency=medium
+
+ * Remove broken and unused OCaml-support.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Aug 2014 15:18:42 +0200
+
+xen (4.4.0-1) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * New upstream release.
+ - Update scripts for compatiblity with latest coreutils.
+ (closes: #718898)
+ - Fix guest reboot with xl toolstack. (closes: #727100)
+ - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
+ (closes: #730254)
+ - xl support for global VNC options. (closes: #744157)
+ - vif scripts can now be named relative to /etc/xen/scripts.
+ (closes: #744160)
+ - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
+ - pygrub searches for extlinux.conf in the expected places.
+ (closes: #697407)
+ - Update scripts to use correct syntax for ip command.
+ (closes: #705659)
+ * Fix install of xend configs to not break compatibility.
+
+ [ Ian Campbell ]
+ * Disable blktap1 support using new configure option instead of by patching.
+ * Disable qemu-traditional and rombios support using new configure option
+ instead of by patching. No need to build-depend on ipxe any more.
+ * Use system qemu-xen via new configure option instead of patching.
+ * Use system seabios via new configure option instead of patching.
+ * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
+ * Add support for armhf and arm64.
+ * Update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 09 Aug 2014 13:09:00 +0200
+
+xen (4.3.0-3) unstable; urgency=low
+
+ * Revive hypervisor on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 18 Oct 2013 00:15:16 +0200
+
+xen (4.3.0-2) unstable; urgency=low
+
+ * Force proper install order. (closes: #721999)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 05 Oct 2013 15:03:36 +0000
+
+xen (4.3.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix HVM PCI passthrough. (closes: #706543)
+ * Call configure with proper arguments.
+ * Remove now empty xen-docs package.
+ * Disable external code retrieval.
+ * Drop all i386 hypervisor packages.
+ * Drop complete blktap support.
+ * Create /run/xen.
+ * Make xen-utils recommend qemu-system-x86. (closes: #688311)
+ - This version comes with audio support. (closes: #635166)
+ * Make libxenlight and libxlutil public. (closes: #644390)
+ - Set versioned ABI name.
+ - Install headers.
+ - Move libs into normal library path.
+ * Use build flags in the tools build.
+ - Fix fallout from harderning flags.
+ * Update Standards-Version to 3.9.4. No changes.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 05 Sep 2013 13:54:03 +0200
+
+xen (4.2.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix build with gcc 4.8. (closes: #712376)
+ * Build-depend on libssl-dev. (closes: #712366)
+ * Enable hardening as much as possible.
+ * Re-enable ocaml build fixes. (closes: #695176)
+ * Check for out-of-bound values in CPU affinity setup.
+ CVE-2013-2072
+ * Fix information leak on AMD CPUs.
+ CVE-2013-2076
+ * Recover from faults on XRSTOR.
+ CVE-2013-2077
+ * Properly check guest input to XSETBV.
+ CVE-2013-2078
+
+ -- Bastian Blank <waldi at debian.org> Thu, 11 Jul 2013 00:28:24 +0200
+
+xen (4.2.1-2) unstable; urgency=low
+
+ * Actually upload to unstable.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 12 May 2013 00:20:58 +0200
+
+xen (4.2.1-1) experimental; urgency=low
+
+ * New upstream release.
+ * Enable usage of seabios.
+ * Fix some toolchain issues.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 11 May 2013 23:55:46 +0200
+
+xen (4.2.0-2) experimental; urgency=low
+
+ * Support JSON output in domain init script helper.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Oct 2012 15:11:30 +0200
+
+xen (4.2.0-1) experimental; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:54:30 +0200
+
+xen (4.2.0~rc3-1) experimental; urgency=low
+
+ * New upstream snapshot.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 20:28:46 +0200
+
+xen (4.2.0~rc2-1) experimental; urgency=low
+
+ * New upstream snapshot.
+ * Build-depend against libglib2.0-dev and libyajl-dev.
+ * Disable seabios build for now.
+ * Remove support for Lenny and earlier.
+ * Support build-arch and build-indep make targets.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 13 May 2012 12:21:10 +0000
+
+xen (4.1.4-4) unstable; urgency=high
+
+ * Make several long runing operations preemptible.
+ CVE-2013-1918
+ * Fix source validation for VT-d interrupt remapping.
+ CVE-2013-1952
+
+ -- Bastian Blank <waldi at debian.org> Thu, 02 May 2013 14:30:29 +0200
+
+xen (4.1.4-3) unstable; urgency=high
+
+ * Fix return from SYSENTER.
+ CVE-2013-1917
+ * Fix various problems with guest interrupt handling.
+ CVE-2013-1919
+ * Only save pointer after access checks.
+ CVE-2013-1920
+ * Fix domain locking for transitive grants.
+ CVE-2013-1964
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Apr 2013 13:01:57 +0200
+
+xen (4.1.4-2) unstable; urgency=low
+
+ * Use pre-device interrupt remapping mode per default. Fix removing old
+ remappings.
+ CVE-2013-0153
+
+ -- Bastian Blank <waldi at debian.org> Wed, 06 Feb 2013 13:04:52 +0100
+
+xen (4.1.4-1) unstable; urgency=low
+
+ * New upstream release.
+ - Disable process-context identifier support in newer CPUs for all
+ domains.
+ - Add workarounds for AMD errata.
+ - Don't allow any non-canonical addresses.
+ - Use Multiboot memory map if BIOS emulation does not provide one.
+ - Fix several problems in tmem.
+ CVE-2012-3497
+ - Fix error handling in domain creation.
+ - Adjust locking and interrupt handling during S3 resume.
+ - Tighten more resource and memory range checks.
+ - Reset performance counters. (closes: #698651)
+ - Remove special-case for first IO-APIC.
+ - Fix MSI handling for HVM domains. (closes: #695123)
+ - Revert cache value of disks in HVM domains.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 31 Jan 2013 15:44:50 +0100
+
+xen (4.1.3-8) unstable; urgency=high
+
+ * Fix error in VT-d interrupt remapping source validation.
+ CVE-2012-5634
+ * Fix buffer overflow in qemu e1000 emulation.
+ CVE-2012-6075
+ * Update patch, mention second CVE.
+ CVE-2012-5511, CVE-2012-6333
+
+ -- Bastian Blank <waldi at debian.org> Sat, 19 Jan 2013 13:55:07 +0100
+
+xen (4.1.3-7) unstable; urgency=low
+
+ * Fix clock jump due to incorrect annotated inline assembler.
+ (closes: #599161)
+ * Add support for XZ compressed Linux kernels to hypervisor and userspace
+ based loaders, it is needed for any Linux kernels newer then Wheezy.
+ (closes: #695056)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 11 Dec 2012 18:54:59 +0100
+
+xen (4.1.3-6) unstable; urgency=high
+
+ * Fix error handling in physical to machine memory mapping.
+ CVE-2012-5514
+
+ -- Bastian Blank <waldi at debian.org> Tue, 04 Dec 2012 10:51:43 +0100
+
+xen (4.1.3-5) unstable; urgency=high
+
+ * Fix state corruption due to incomplete grant table switch.
+ CVE-2012-5510
+ * Check range of arguments to several HVM operations.
+ CVE-2012-5511, CVE-2012-6333
+ * Check array index before using it in HVM memory operation.
+ CVE-2012-5512
+ * Check memory range in memory exchange operation.
+ CVE-2012-5513
+ * Don't allow too large memory size and avoid busy looping.
+ CVE-2012-5515
+
+ -- Bastian Blank <waldi at debian.org> Mon, 03 Dec 2012 19:37:38 +0100
+
+xen (4.1.3-4) unstable; urgency=high
+
+ * Use linux 3.2.0-4 stuff.
+ * Fix overflow in timer calculations.
+ CVE-2012-4535
+ * Check value of physical interrupts parameter before using it.
+ CVE-2012-4536
+ * Error out on incorrect memory mapping updates.
+ CVE-2012-4537
+ * Check if toplevel page tables are present.
+ CVE-2012-4538
+ * Fix infinite loop in compatibility code.
+ CVE-2012-4539
+ * Limit maximum kernel and ramdisk size.
+ CVE-2012-2625, CVE-2012-4544
+
+ -- Bastian Blank <waldi at debian.org> Tue, 20 Nov 2012 15:51:01 +0100
+
+xen (4.1.3-3) unstable; urgency=low
+
+ * Xen domain init script:
+ - Make sure Open vSwitch is started before any domain.
+ - Properly handle and show output of failed migration and save.
+ - Ask all domains to shut down before checking them.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:26:32 +0200
+
+xen (4.1.3-2) unstable; urgency=medium
+
+ * Don't allow writing reserved bits in debug register.
+ CVE-2012-3494
+ * Fix error handling in interrupt assignment.
+ CVE-2012-3495
+ * Don't trigger bug messages on invalid flags.
+ CVE-2012-3496
+ * Check array bounds in interrupt assignment.
+ CVE-2012-3498
+ * Properly check bounds while setting the cursor in qemu.
+ CVE-2012-3515
+ * Disable monitor in qemu by default.
+ CVE-2012-4411
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 19:41:46 +0200
+
+xen (4.1.3-1) unstable; urgency=medium
+
+ * New upstream release: (closes: #683286)
+ - Don't leave the x86 emulation in a bad state. (closes: #683279)
+ CVE-2012-3432
+ - Only check for shared pages while any exist on teardown.
+ CVE-2012-3433
+ - Fix error handling for unexpected conditions.
+ - Update CPUID masking to latest Intel spec.
+ - Allow large ACPI ids.
+ - Fix IOMMU support for PCI-to-PCIe bridges.
+ - Disallow access to some sensitive IO-ports.
+ - Fix wrong address in IOTLB.
+ - Fix deadlock on CPUs without working cpufreq driver.
+ - Use uncached disk access in qemu.
+ - Fix buffer size on emulated e1000 device in qemu.
+ * Fixup broken and remove applied patches.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Aug 2012 11:25:02 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
+
+ [ Ian Campbell ]
+ * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
+ * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
+
+ [ Bastian Blank ]
+ * Actually build-depend on new enough version of dpkg-dev.
+ * Add xen-sytem-* meta-packages. We are finally in a position to do
+ automatic upgrades and this package is missing. (closes: #681376)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jul 2012 10:23:26 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
+
+ * Add Build-Using info to xen-utils package.
+ * Fix build-arch target.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 19:52:30 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
+
+ * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
+ compatible.
+ * Fix init script usage.
+ * Fix udev rules for emulated network devices:
+ - Force names of emulated network devices to a predictable name.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 16:59:04 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
+
+ * Fix pointer missmatch in interrupt functions. Fixes build on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Jun 2012 18:00:51 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ - Fix privilege escalation and syscall/sysenter DoS while using
+ non-canonical addresses by untrusted PV guests. (closes: #677221)
+ CVE-2012-0217
+ CVE-2012-0218
+ - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
+ cause a DoS of the host.
+ CVE-2012-2934
+ * Don't fail if standard toolstacks are not available. (closes: #677244)
+
+ -- Bastian Blank <waldi at debian.org> Thu, 14 Jun 2012 17:06:25 +0200
+
+xen (4.1.2-7) unstable; urgency=low
+
+ * Really use ucf.
+ * Update init script dependencies:
+ - Start $syslog before xen.
+ - Start drbd and iscsi before xendomains. (closes: #626356)
+ - Start corosync and heartbeat after xendomains.
+ * Remove /var/log/xen on purge. (closes: #656216)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 May 2012 10:44:41 +0200
+
+xen (4.1.2-6) unstable; urgency=low
+
+ * Fix generation of architectures for hypervisor packages.
+ * Remove information about loop devices, it is incorrect. (closes: #503044)
+ * Update xendomains init script:
+ - Create directory for domain images only root readable. (closes: #596048)
+ - Add missing sanity checks for variables. (closes: #671750)
+ - Remove not longer supported config options.
+ - Don't fail if no config is available.
+ - Remove extra output if domain was restored.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 06 May 2012 20:07:41 +0200
+
+xen (4.1.2-5) unstable; urgency=low
+
+ * Actually force init script rename. (closes: #669341)
+ * Fix long output from xl.
+ * Move complete init script setup.
+ * Rewrite xendomains init script:
+ - Use LSB output functions.
+ - Make output more clear.
+ - Use xen toolstack wrapper.
+ - Use a python script to properly read domain details.
+ * Set name for Domain-0.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 23 Apr 2012 11:56:45 +0200
+
+xen (4.1.2-4) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
+ * Don't longer use a4wide latex package.
+ * Use ucf for /etc/default/xen.
+ * Remove handling for old udev rules link and xenstored directory.
+ * Rename xend init script to xen.
+
+ [ Lionel Elie Mamane ]
+ * Fix toolstack script to work with old dash. (closes: #648029)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Apr 2012 08:47:29 +0000
+
+xen (4.1.2-3) unstable; urgency=low
+
+ * Merge xen-common source package.
+ * Remove xend wrapper, it should not be called by users.
+ * Support xl in init script.
+ * Restart xen daemons on upgrade.
+ * Restart and stop xenconsoled in init script.
+ * Load xen-gntdev module.
+ * Create /var/lib/xen. (closes: #658101)
+ * Cleanup udev rules. (closes: #657745)
+
+ -- Bastian Blank <waldi at debian.org> Wed, 01 Feb 2012 19:28:28 +0100
+
+xen (4.1.2-2) unstable; urgency=low
+
+ [ Jon Ludlam ]
+ * Import (partially reworked) upstream changes for OCaml support.
+ - Rename the ocamlfind packages.
+ - Remove uuid and log libraries.
+ - Fix 2 bit-twiddling bugs and an off-by-one
+ * Fix build of OCaml libraries.
+ * Add OCaml library and development package.
+ * Include some missing headers.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 10 Dec 2011 19:13:25 +0000
+
+xen (4.1.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Build-depend on pkg-config.
+ * Add package libxen-4.1. Includes some shared libs.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Nov 2011 18:28:06 +0100
+
+xen (4.1.1-3) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * Remove Julien Danjou from the Uploaders field. (closes: #590439)
+
+ [ Bastian Blank ]
+ * Use current version of python. (closes: #646660)
+ * Build-depend against liblzma-dev, it is used if available.
+ (closes: #646694)
+ * Update Standards-Version to 3.9.2. No changes.
+ * Don't use brace-expansion in debhelper install files.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 26 Oct 2011 14:42:33 +0200
+
+xen (4.1.1-2) unstable; urgency=low
+
+ * Fix hvmloader with gcc 4.6.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 05 Aug 2011 23:58:36 +0200
+
+xen (4.1.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
+ * Use dh_python2.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Jul 2011 19:38:38 +0200
+
+xen (4.1.0-3) unstable; urgency=low
+
+ * Add ghostscript to build-deps.
+ * Enable qemu-dm build.
+ - Add qemu as another orig tar.
+ - Remove blktap1, bluetooth and sdl support from qemu.
+ - Recommend qemu-keymaps and qemu-utils.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 28 Apr 2011 15:20:45 +0200
+
+xen (4.1.0-2) unstable; urgency=low
+
+ * Re-enable hvmloader:
+ - Use packaged ipxe.
+ * Workaround incompatibility with xenstored of Xen 4.0.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Apr 2011 11:38:25 +0200
+
+xen (4.1.0-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 27 Mar 2011 18:09:28 +0000
+
+xen (4.1.0~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Build documentation using pdflatex.
+ * Use python 2.6. (closes: #596545)
+ * Fix lintian override.
+ * Install new tools: xl, xenpaging.
+ * Enable blktap2.
+ - Use own md5 implementation.
+ - Fix includes.
+ - Fix linking of blktap2 binaries.
+ - Remove optimization setting.
+ * Temporarily disable hvmloader, wants to download ipxe.
+ * Remove xenstored pid check from xl.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Mar 2011 16:12:45 +0100
+
+xen (4.0.1-2) unstable; urgency=low
+
+ * Fix races in memory management.
+ * Make sure that frame-table compression leaves enough alligned.
+ * Disable XSAVE support. (closes: #595490)
+ * Check for dying domain instead of raising an assertion.
+ * Add C6 state with EOI errata for Intel.
+ * Make some memory management interrupt safe. Unsure if really needed.
+ * Raise bar for inter-socket migrations on mostly-idle systems.
+ * Fix interrupt handling for legacy routed interrupts.
+ * Allow to set maximal domain memory even during a running change.
+ * Support new partition name in pygrub. (closes: #599243)
+ * Fix some comparisions "< 0" that may be optimized away.
+ * Check for MWAIT support before using it.
+ * Fix endless loop on interrupts on Nehalem cpus.
+ * Don't crash upon direct GDT/LDT access. (closes: #609531)
+ CVE-2010-4255
+ * Don't loose timer ticks after domain restore.
+ * Reserve some space for IOMMU area in dom0. (closes: #608715)
+ * Fix hypercall arguments after trace callout.
+ * Fix some error paths in vtd support. Memory leak.
+ * Reinstate ACPI DMAR table.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 12 Jan 2011 15:01:40 +0100
+
+xen (4.0.1-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix IOAPIC S3 with interrupt remapping enabled.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 03 Sep 2010 17:14:28 +0200
+
+xen (4.0.1~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Add some missing locks for page table walk.
+ - Fix NMU injection into guest.
+ - Fix ioapic updates for vt-d.
+ - Add check for GRUB2 commandline behaviour.
+ - Fix handling of invalid kernel images.
+ - Allow usage of powernow.
+ * Remove lowlevel python modules usage from pygrub. (closes: #588811)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 17 Aug 2010 23:15:34 +0200
+
+xen (4.0.1~rc5-1) unstable; urgency=low
+
+ * New upstream release candidate.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 02 Aug 2010 17:06:27 +0200
+
+xen (4.0.1~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Call dh_pyversion with the correct version.
+ * Restart xen daemon on upgrade.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 30 Jun 2010 16:30:47 +0200
+
+xen (4.0.0-2) unstable; urgency=low
+
+ * Fix python dependency. (closes: #586666)
+ - Use python-support.
+ - Hardcode to use python 2.5 for now.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 21 Jun 2010 17:23:16 +0200
+
+xen (4.0.0-1) unstable; urgency=low
+
+ * Update to unstable.
+ * Fix spelling in README.
+ * Remove unnecessary build-depends.
+ * Fixup xend to use different filename lookup.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Jun 2010 11:16:55 +0200
+
+xen (4.0.0-1~experimental.2) experimental; urgency=low
+
+ * Merge changes from 3.4.3-1.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 12:58:12 +0200
+
+xen (4.0.0-1~experimental.1) experimental; urgency=low
+
+ * New upstream version.
+ * Rename source package to xen.
+ * Build depend against iasl and uuid-dev.
+ * Disable blktap2 support, it links against OpenSSL.
+ * Update copyright file.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 06 May 2010 15:47:38 +0200
+
+xen-3 (3.4.3-1) unstable; urgency=low
+
+ * New upstream version.
+ * Disable blktap support, it is unusable with current kernels.
+ * Disable libaio, was only used by blktap.
+ * Drop device creation support. (closes: #583283)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 11:43:18 +0200
+
+xen-3 (3.4.3~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Relocate multiboot modules. (closes: #580045)
+ - Support grub2 in pygrub. (closes: #573311)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 May 2010 11:32:29 +0200
+
+xen-3 (3.4.3~rc3-2) unstable; urgency=low
+
+ * Again list the complete version in the hypervisor.
+ * Fix path detection for bootloader, document it. (closes: #481105)
+ * Rewrite README.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 08 Apr 2010 16:14:58 +0200
+
+xen-3 (3.4.3~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Use 3.0 (quilt) source format.
+ * Always use current python version.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Mar 2010 22:14:22 +0100
+
+xen-3 (3.4.2-2) unstable; urgency=low
+
+ * Remove Jeremy T. Bouse from uploaders.
+ * Export blktap lib and headers.
+ * Build amd64 hypervisor on i386. (closes: #366315)
+
+ -- Bastian Blank <waldi at debian.org> Sun, 22 Nov 2009 16:54:47 +0100
+
+xen-3 (3.4.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Strip hvmloader by hand.
+ * Remove extra license file from libxen-dev.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Nov 2009 20:57:07 +0100
+
+xen-3 (3.4.1-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 21 Aug 2009 21:34:38 +0200
+
+xen-3 (3.4.0-2) unstable; urgency=low
+
+ * Add symbols file for libxenstore3.0. (closes: #536173)
+ * Document that ioemu is currently unsupported. (closes: #536175)
+ * Fix location of fsimage plugins. (closes: #536174)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 18 Jul 2009 18:05:35 +0200
+
+xen-3 (3.4.0-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version.
+ * Remove ioemu for now. (closes: #490409, #496367)
+ * Remove non-pae hypervisor.
+ * Use debhelper compat level 7.
+ * Make the init script start all daemons.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 30 Jun 2009 22:33:22 +0200
+
+xen-3 (3.2.1-2) unstable; urgency=low
+
+ * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
+ * Fix missing checks in pvfb code.
+ See CVE-2008-1952. (closes: #487095)
+ * Add support for loading bzImage files. (closes: #474509)
+ * Enable TLS support in ioemu code.
+ * Drop libcrypto usage because of GPL-incompatibility.
+ * Remove AES code from blktap drivers. Considered broken.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jun 2008 11:30:43 +0200
+
+xen-3 (3.2.1-1) unstable; urgency=low
+
+ * New upstream version.
+ * Set rpath relative to ${ORIGIN}.
+ * Add lintian override to xen-utils package.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 22 May 2008 14:01:47 +0200
+
+xen-3 (3.2.0-5) unstable; urgency=low
+
+ * Provide correct directory to dh_pycentral.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 14 Apr 2008 21:43:49 +0200
+
+xen-3 (3.2.0-4) unstable; urgency=low
+
+ * Pull in newer xen-utils-common.
+ * Fix missing size checks in the ioemu block driver. (closes: #469654)
+ See: CVE-2008-0928
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Mar 2008 14:21:38 +0100
+
+xen-3 (3.2.0-3) unstable; urgency=low
+
+ * Clean environment for build.
+ * Add packages libxenstore3.0 and xenstore-utils.
+ * Move docs package in docs section to match overwrites.
+ * Make the hypervisor only recommend the utils.
+ * Cleanup installation. (closes: #462989)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 12 Feb 2008 12:40:56 +0000
+
+xen-3 (3.2.0-2) unstable; urgency=low
+
+ * Fix broken patch. (closes: #462522)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Jan 2008 17:21:52 +0000
+
+xen-3 (3.2.0-1) unstable; urgency=low
+
+ * New upstream version.
+ * Add package libxen-dev. Including public headers and static libs.
+ (closes: #402249)
+ * Don't longer install xenfb, removed upstream.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 Jan 2008 12:51:49 +0000
+
+xen-3 (3.1.2-2) unstable; urgency=low
+
+ * Add missing rpath definitions.
+ * Fix building of pae version.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 Dec 2007 12:07:42 +0000
+
+xen-3 (3.1.2-1) unstable; urgency=high
+
+ * New upstream release:
+ - Move shared file into /var/run. (closes: #447795)
+ See CVE-2007-3919.
+ - x86: Fix various problems with debug-register handling. (closes: #451626)
+ See CVE-2007-5906.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 24 Nov 2007 13:24:45 +0000
+
+xen-3 (3.1.1-1) unstable; urgency=low
+
+ * New upstream release:
+ - Don't use exec with untrusted values in pygrub. (closes: #444430)
+ See CVE-2007-4993.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Oct 2007 16:02:37 +0000
+
+xen-3 (3.1.0-2) unstable; urgency=low
+
+ * Switch to texlive for documentation.
+ * Drop unused transfig.
+ * Drop unused latex features from documentation.
+ * Build depend against gcc-multilib for amd64. (closes: #439662)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 31 Aug 2007 08:15:50 +0000
+
+xen-3 (3.1.0-1) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * New upstream version.
+
+ [ Ralph Passgang ]
+ * Added graphviz to Build-Indeps
+
+ [ Bastian Blank ]
+ * Upstream removed one part of the version. Do it also.
+ * Merge utils packages.
+ * Install blktap support.
+ * Install pygrub.
+ * Install xenfb tools.
+ * xenconsoled startup is racy, wait a little bit.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 20 Aug 2007 15:05:08 +0000
+
+xen-3.0 (3.0.4-1-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version (closes: #394411)
+
+ [ Guido Trotter ]
+ * Actually try to build and release xen 3.0.4
+ * Update build dependencies
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 23 May 2007 11:57:29 +0100
+
+xen-3.0 (3.0.3-0-2) unstable; urgency=medium
+
+ [Bastian Blank]
+ * Remove device recreate code.
+ * Remove build dependency on linux-support-X
+
+ [ Guido Trotter ]
+ * Add missing build dependency on zlib1g-dev (closes: #396557)
+ * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
+ (closes: #396561, #396567)
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 2 Nov 2006 16:38:02 +0000
+
+xen-3.0 (3.0.3-0-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 20 Oct 2006 11:04:35 +0000
+
+xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Ignore update-grub errors. (closes: #392534)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 14 Oct 2006 13:09:53 +0000
+
+xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename ioemu package to include the complete version.
+ * Fix name of hypervisor. (closes: #391771)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 9 Oct 2006 12:48:13 +0000
+
+xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename hypervisor and utils packages to include the complete version.
+ * Redo build environment.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 4 Sep 2006 18:43:12 +0000
+
+xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update xen-utils' README.Debian (closes: #372524)
+
+ [ Bastian Blank ]
+ * Adopt new python policy. (closes: #380990)
+ * Add patch to make new kernels working on the hypervisor.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 15 Aug 2006 19:20:08 +0000
+
+xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update Standards Version
+ * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)
+
+ [ Bastian Blank ]
+ * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 31 May 2006 10:50:05 +0200
+
+xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low
+
+ * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
+ descriptions, specifying what the difference between the two packages is
+ (closes: #366019)
+ * Merge upstream fixes trunk
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 18 May 2006 15:25:02 +0200
+
+xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ - This includes a fix for CVE-2006-1056
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 27 Apr 2006 17:34:03 +0200
+
+xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ * Fix PAE disabled in pae build (Closes: #364875)
+
+ -- Julien Danjou <acid at debian.org> Wed, 26 Apr 2006 13:19:39 +0200
+
+xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Merge upstream fixes trunk
+
+ [ Bastian Blank ]
+ * debian/patches/libdir.dpatch: Update to make xm save work
+
+ -- Julien Danjou <acid at debian.org> Mon, 24 Apr 2006 18:02:07 +0200
+
+xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low
+
+ * Merge upstream bug fixes
+ * Fix bug with xend init.d script
+
+ -- Julien Danjou <acid at debian.org> Wed, 12 Apr 2006 17:35:35 +0200
+
+xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low
+
+ * New upstream release
+ * Fix copyright file
+
+ -- Julien Danjou <acid at debian.org> Mon, 10 Apr 2006 17:02:55 +0200
+
+xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low
+
+ * The "preserve our homes" release
+ * Now cooperatively maintained by the Debian Xen Team
+ * New upstream release (closes: #327493, #342249)
+ * Build depend on transfig (closes: #321157)
+ * Use gcc rather than gcc-3.4 to compile (closes: #323698)
+ * Split xen-hypervisor-3.0 and xen-utils-3.0
+ * Build both normal and pae hypervisor packages
+ * Change maintainer and add uploaders field
+ * Add force-reload support for init script xendomains
+ * Remove dependency against bash
+ * Bump standards version to 3.6.2.2
+ * xen-utils-3.0 conflicts and replaces xen
+ * Add dpatch structure to the package
+ * Remove build-dependency on gcc (it's build essential anyway)
+ * Make SrvServer.py not executable
+ * Create NEWS.Debian file with important upgrade notices
+ * Update copyright file
+ * Remove the linux-patch-xen package
+ * Removed useless build-dependencies: libncurses5-dev, wget
+ * Changed xendomains config path to /etc/default
+ * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
+ xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
+ xen-hypervisor
+ * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
+ xen2 -> xen3 don't fail because of a running xen2 hypervisor
+ * Updated the "Replaces & Conflicts"
+ * Install only and correctly udev files
+ * Compile date is no more in current locale
+ * Add patch which add the debian version and maintainer in the version
+ string and removes the banner.
+ * Don't install unusable cruft in xen-utils
+ * Remove libxen packages (no stable API/ABI)
+
+ -- Julien Danjou <acid at debian.org> Wed, 5 Apr 2006 16:05:07 +0200
+
+xen (2.0.6-1) unstable; urgency=low
+
+ * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
+ python-install.patch, disable-html-docs.patch.
+ * New upstream released. Closes: #311336.
+ * Remove comparison to UML from xen short description. Closes: #317066.
+ * Make packages conflicts with 1.2 doc debs. Closes: #304285.
+ * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488,
+ #317468.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 06 Jul 2005 12:35:50 -0500
+
+xen (2.0.5-3) experimental; urgency=low
+
+ * Change priority/section to match the overrides file.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 12:43:50 -0600
+
+xen (2.0.5-2) experimental; urgency=low
+
+ * Mike McCallister <mike+debian at metalogue.com>,
+ Tommi Virtanen <tv at debian.org>, Tom Hibbert <tom at nsp.co.nz>:
+ Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 11:39:56 -0600
+
+xen (2.0.5-1) experimental; urgency=low
+
+ * New upstream.
+ * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
+ as they have been applied upstream(in various forms).
+ * xend now starts at priority 20, stops at 21, while xendomains starts
+ at 21, and stops at 20.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 11 Mar 2005 14:33:33 -0600
+
+xen (2.0.4-4) experimental; urgency=low
+
+ * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will
+ get shipped. Reported by Clint Adams <schizo at debian.org>.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 15 Feb 2005 13:00:57 -0600
+
+xen (2.0.4-3) experimental; urgency=low
+
+ * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
+ xen-docs. Reported by Tupshin Harper <tupshin at tupshin.com>.
+
+ -- Adam Heath <doogie at brainfood.com> Sun, 06 Feb 2005 01:22:45 -0600
+
+xen (2.0.4-2) experimental; urgency=low
+
+ * Fix kernel patch generation. It was broken when I integrated with
+ debian's kernel source. I used a symlink, and diff doesn't follow
+ those.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:16:35 -0600
+
+xen (2.0.4-1) experimental; urgency=low
+
+ * New upstream.
+ * xen.deb can now install on a plain kernel; that is, the init scripts
+ exit successfully if /proc/xen/privcmd doesn't exist. This allows
+ for dual-boot setups.
+ * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend
+ xfrd are daemons, and take little if any options. I've not had a need
+ to use xenperf nor xensv yet. xm has nice built in help(xm help).
+ * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is
+ not yet in debian, disable the 2.4 patch generation. Closes: #271245.
+ * Not certain how the kernel-patch-xen was empty. It's not now, with
+ the repackaging. Closes: #272299.
+ * Xen no longer produces kernel images, so problems about missing features
+ are no longer valid. Closes: #253924.
+ * Acknowledge nmu bugs:
+ * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
+ #243048.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:04:27 -0600
+
+xen (2.0.3-0.1) unstable; urgency=low
+
+ * Changes from Tommi Virtanen:
+ * Added dh-kpatches and libcurl3-dev to Build-Depends.
+ * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
+ * Add xmexample1 and xmexample2 to xen/doc/examples.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 26 Jan 2005 10:55:07 -0600
+
+xen (2.0.3-0) unstable; urgency=low
+
+ * New upstream. Closes: #280733.
+ * Repackaged from scratch.
+ * Using unreleased patch management system. See debian/README.build.
+ * After extracting the .dsc, there are no special steps needed
+ * Those wanting to change the source, use the normal procedures for
+ any package, including using interdiff(or other tool) to send a
+ patch to me or the bts.
+ * No longer try to do anything fancy with regard to the layout of the
+ built kernels. Now, only patches are distributed. Please make use of
+ the xen support in kernel-package.
+ * Early preview release to #debian-devel.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 25 Jan 2005 13:24:54 -0600
+
+xen (1.2-4.1) unstable; urgency=high
+
+ * NMU
+ * Remove gcc-3.2 from Build-Depends as isn't used during build
+ (Closes: #243048)
+
+ -- Frank Lichtenheld <djpig at debian.org> Sat, 21 Aug 2004 17:42:28 +0200
+
+xen (1.2-4) unstable; urgency=low
+
+ * Added xen-docs.README.Debian, which explains the kernel image layout,
+ and contains references on the locations differ from what is mentioned
+ by the upstream documentation. Closes: #230345.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 26 Mar 2004 17:36:41 -0600
+
+xen (1.2-3) unstable; urgency=low
+
+ * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
+ Build-Depends-Indep.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 23 Mar 2004 20:14:39 -0600
+
+xen (1.2-2) unstable; urgency=low
+
+ * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
+ * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
+ /usr/lib/kernels.
+ * Add kernel-patch-nfs-swap deb.
+ * Apply additional patches to kernel-image-xen:
+ * nfs-group
+ * nfs-swap
+
+ -- Adam Heath <doogie at brainfood.com> Thu, 04 Mar 2004 12:47:47 -0600
+
+xen (1.2-1) unstable; urgency=low
+
+ * Initial version.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 02 Mar 2004 13:21:52 -0600
diff --cc debian/patches/CVE-2014-9065.diff
index 0000000,0000000..965d7af
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2014-9065.diff
@@@ -1,0 -1,0 +1,524 @@@
++From 46c58c1d1a991e596fe3a2b6474add1d391b2282 Mon Sep 17 00:00:00 2001
++From: Keir Fraser <keir at xen.org>
++Date: Mon, 8 Dec 2014 15:26:57 +0100
++Subject: switch to write-biased r/w locks
++
++This is to improve fairness: A permanent flow of read acquires can
++otherwise lock out eventual writers indefinitely.
++
++This is CVE-2014-9065 / XSA-114.
++
++Signed-off-by: Keir Fraser <keir at xen.org>
++Reviewed-by: Jan Beulich <jbeulich at suse.com>
++Reviewed-by: Andrew Cooper <andrew.cooper3 at citrix.com>
++Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
++master commit: 2a549b9c8aa48dc39d7c97e5a93978b781b3a1db
++master date: 2014-12-08 14:45:46 +0100
++
++(cherry picked from commit 8029dc43f4b232968168ca5bbd0ef47589243140)
++
++Patch-Name: CVE-2014-9065.diff
++---
++ xen/common/spinlock.c | 136 +++++++++++++++++++++++------------
++ xen/include/asm-arm/arm32/spinlock.h | 78 --------------------
++ xen/include/asm-arm/arm64/spinlock.h | 63 ----------------
++ xen/include/asm-x86/spinlock.h | 54 --------------
++ xen/include/xen/spinlock.h | 6 +-
++ 5 files changed, 93 insertions(+), 244 deletions(-)
++
++diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c
++index 575cc6d..f9f19a8 100644
++--- a/xen/common/spinlock.c
+++++ b/xen/common/spinlock.c
++@@ -271,112 +271,151 @@ void _spin_unlock_recursive(spinlock_t *lock)
++
++ void _read_lock(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
++- {
++- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
+++ do {
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
++- }
+++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
++ preempt_disable();
++ }
++
++ void _read_lock_irq(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ ASSERT(local_irq_is_enabled());
++ local_irq_disable();
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
++- {
++- local_irq_enable();
++- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
++- cpu_relax();
++- local_irq_disable();
++- }
+++ do {
+++ if ( (x = lock->lock) & RW_WRITE_FLAG )
+++ {
+++ local_irq_enable();
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+++ cpu_relax();
+++ local_irq_disable();
+++ }
+++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
++ preempt_disable();
++ }
++
++ unsigned long _read_lock_irqsave(rwlock_t *lock)
++ {
+++ uint32_t x;
++ unsigned long flags;
+++
++ local_irq_save(flags);
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_read_trylock(&lock->raw)) )
++- {
++- local_irq_restore(flags);
++- while ( likely(_raw_rw_is_write_locked(&lock->raw)) )
++- cpu_relax();
++- local_irq_save(flags);
++- }
+++ do {
+++ if ( (x = lock->lock) & RW_WRITE_FLAG )
+++ {
+++ local_irq_restore(flags);
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+++ cpu_relax();
+++ local_irq_save(flags);
+++ }
+++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
++ preempt_disable();
++ return flags;
++ }
++
++ int _read_trylock(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ check_lock(&lock->debug);
++- if ( !_raw_read_trylock(&lock->raw) )
++- return 0;
+++ do {
+++ if ( (x = lock->lock) & RW_WRITE_FLAG )
+++ return 0;
+++ } while ( cmpxchg(&lock->lock, x, x+1) != x );
++ preempt_disable();
++ return 1;
++ }
++
++ void _read_unlock(rwlock_t *lock)
++ {
+++ uint32_t x, y;
+++
++ preempt_enable();
++- _raw_read_unlock(&lock->raw);
+++ x = lock->lock;
+++ while ( (y = cmpxchg(&lock->lock, x, x-1)) != x )
+++ x = y;
++ }
++
++ void _read_unlock_irq(rwlock_t *lock)
++ {
++- preempt_enable();
++- _raw_read_unlock(&lock->raw);
+++ _read_unlock(lock);
++ local_irq_enable();
++ }
++
++ void _read_unlock_irqrestore(rwlock_t *lock, unsigned long flags)
++ {
++- preempt_enable();
++- _raw_read_unlock(&lock->raw);
+++ _read_unlock(lock);
++ local_irq_restore(flags);
++ }
++
++ void _write_lock(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
++- {
++- while ( likely(_raw_rw_is_locked(&lock->raw)) )
+++ do {
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
++ cpu_relax();
+++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
+++ while ( x != 0 )
+++ {
+++ cpu_relax();
+++ x = lock->lock & ~RW_WRITE_FLAG;
++ }
++ preempt_disable();
++ }
++
++ void _write_lock_irq(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ ASSERT(local_irq_is_enabled());
++ local_irq_disable();
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
+++ do {
+++ if ( (x = lock->lock) & RW_WRITE_FLAG )
+++ {
+++ local_irq_enable();
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+++ cpu_relax();
+++ local_irq_disable();
+++ }
+++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
+++ while ( x != 0 )
++ {
++- local_irq_enable();
++- while ( likely(_raw_rw_is_locked(&lock->raw)) )
++- cpu_relax();
++- local_irq_disable();
+++ cpu_relax();
+++ x = lock->lock & ~RW_WRITE_FLAG;
++ }
++ preempt_disable();
++ }
++
++ unsigned long _write_lock_irqsave(rwlock_t *lock)
++ {
+++ uint32_t x;
++ unsigned long flags;
+++
++ local_irq_save(flags);
++ check_lock(&lock->debug);
++- while ( unlikely(!_raw_write_trylock(&lock->raw)) )
+++ do {
+++ if ( (x = lock->lock) & RW_WRITE_FLAG )
+++ {
+++ local_irq_restore(flags);
+++ while ( (x = lock->lock) & RW_WRITE_FLAG )
+++ cpu_relax();
+++ local_irq_save(flags);
+++ }
+++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
+++ while ( x != 0 )
++ {
++- local_irq_restore(flags);
++- while ( likely(_raw_rw_is_locked(&lock->raw)) )
++- cpu_relax();
++- local_irq_save(flags);
+++ cpu_relax();
+++ x = lock->lock & ~RW_WRITE_FLAG;
++ }
++ preempt_disable();
++ return flags;
++@@ -384,9 +423,13 @@ unsigned long _write_lock_irqsave(rwlock_t *lock)
++
++ int _write_trylock(rwlock_t *lock)
++ {
+++ uint32_t x;
+++
++ check_lock(&lock->debug);
++- if ( !_raw_write_trylock(&lock->raw) )
++- return 0;
+++ do {
+++ if ( (x = lock->lock) != 0 )
+++ return 0;
+++ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x );
++ preempt_disable();
++ return 1;
++ }
++@@ -394,33 +437,32 @@ int _write_trylock(rwlock_t *lock)
++ void _write_unlock(rwlock_t *lock)
++ {
++ preempt_enable();
++- _raw_write_unlock(&lock->raw);
+++ if ( cmpxchg(&lock->lock, RW_WRITE_FLAG, 0) != RW_WRITE_FLAG )
+++ BUG();
++ }
++
++ void _write_unlock_irq(rwlock_t *lock)
++ {
++- preempt_enable();
++- _raw_write_unlock(&lock->raw);
+++ _write_unlock(lock);
++ local_irq_enable();
++ }
++
++ void _write_unlock_irqrestore(rwlock_t *lock, unsigned long flags)
++ {
++- preempt_enable();
++- _raw_write_unlock(&lock->raw);
+++ _write_unlock(lock);
++ local_irq_restore(flags);
++ }
++
++ int _rw_is_locked(rwlock_t *lock)
++ {
++ check_lock(&lock->debug);
++- return _raw_rw_is_locked(&lock->raw);
+++ return (lock->lock != 0); /* anyone in critical section? */
++ }
++
++ int _rw_is_write_locked(rwlock_t *lock)
++ {
++ check_lock(&lock->debug);
++- return _raw_rw_is_write_locked(&lock->raw);
+++ return (lock->lock == RW_WRITE_FLAG); /* writer in critical section? */
++ }
++
++ #ifdef LOCK_PROFILE
++diff --git a/xen/include/asm-arm/arm32/spinlock.h b/xen/include/asm-arm/arm32/spinlock.h
++index ba11ad6..bc0343c 100644
++--- a/xen/include/asm-arm/arm32/spinlock.h
+++++ b/xen/include/asm-arm/arm32/spinlock.h
++@@ -55,84 +55,6 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
++ }
++ }
++
++-typedef struct {
++- volatile unsigned int lock;
++-} raw_rwlock_t;
++-
++-#define _RAW_RW_LOCK_UNLOCKED { 0 }
++-
++-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
++-{
++- unsigned long tmp, tmp2 = 1;
++-
++- __asm__ __volatile__(
++-"1: ldrex %0, [%2]\n"
++-" adds %0, %0, #1\n"
++-" strexpl %1, %0, [%2]\n"
++- : "=&r" (tmp), "+r" (tmp2)
++- : "r" (&rw->lock)
++- : "cc");
++-
++- smp_mb();
++- return tmp2 == 0;
++-}
++-
++-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
++-{
++- unsigned long tmp;
++-
++- __asm__ __volatile__(
++-"1: ldrex %0, [%1]\n"
++-" teq %0, #0\n"
++-" strexeq %0, %2, [%1]"
++- : "=&r" (tmp)
++- : "r" (&rw->lock), "r" (0x80000000)
++- : "cc");
++-
++- if (tmp == 0) {
++- smp_mb();
++- return 1;
++- } else {
++- return 0;
++- }
++-}
++-
++-static inline void _raw_read_unlock(raw_rwlock_t *rw)
++-{
++- unsigned long tmp, tmp2;
++-
++- smp_mb();
++-
++- __asm__ __volatile__(
++-"1: ldrex %0, [%2]\n"
++-" sub %0, %0, #1\n"
++-" strex %1, %0, [%2]\n"
++-" teq %1, #0\n"
++-" bne 1b"
++- : "=&r" (tmp), "=&r" (tmp2)
++- : "r" (&rw->lock)
++- : "cc");
++-
++- if (tmp == 0)
++- dsb_sev();
++-}
++-
++-static inline void _raw_write_unlock(raw_rwlock_t *rw)
++-{
++- smp_mb();
++-
++- __asm__ __volatile__(
++- "str %1, [%0]\n"
++- :
++- : "r" (&rw->lock), "r" (0)
++- : "cc");
++-
++- dsb_sev();
++-}
++-
++-#define _raw_rw_is_locked(x) ((x)->lock != 0)
++-#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000)
++-
++ #endif /* __ASM_SPINLOCK_H */
++ /*
++ * Local variables:
++diff --git a/xen/include/asm-arm/arm64/spinlock.h b/xen/include/asm-arm/arm64/spinlock.h
++index 3a36cfd..5ae034d 100644
++--- a/xen/include/asm-arm/arm64/spinlock.h
+++++ b/xen/include/asm-arm/arm64/spinlock.h
++@@ -52,69 +52,6 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
++ return !tmp;
++ }
++
++-typedef struct {
++- volatile unsigned int lock;
++-} raw_rwlock_t;
++-
++-#define _RAW_RW_LOCK_UNLOCKED { 0 }
++-
++-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
++-{
++- unsigned int tmp, tmp2 = 1;
++-
++- asm volatile(
++- " ldaxr %w0, %2\n"
++- " add %w0, %w0, #1\n"
++- " tbnz %w0, #31, 1f\n"
++- " stxr %w1, %w0, %2\n"
++- "1:\n"
++- : "=&r" (tmp), "+r" (tmp2), "+Q" (rw->lock)
++- :
++- : "cc", "memory");
++-
++- return !tmp2;
++-}
++-
++-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
++-{
++- unsigned int tmp;
++-
++- asm volatile(
++- " ldaxr %w0, %1\n"
++- " cbnz %w0, 1f\n"
++- " stxr %w0, %w2, %1\n"
++- "1:\n"
++- : "=&r" (tmp), "+Q" (rw->lock)
++- : "r" (0x80000000)
++- : "cc", "memory");
++-
++- return !tmp;
++-}
++-
++-static inline void _raw_read_unlock(raw_rwlock_t *rw)
++-{
++- unsigned int tmp, tmp2;
++-
++- asm volatile(
++- " 1: ldxr %w0, %2\n"
++- " sub %w0, %w0, #1\n"
++- " stlxr %w1, %w0, %2\n"
++- " cbnz %w1, 1b\n"
++- : "=&r" (tmp), "=&r" (tmp2), "+Q" (rw->lock)
++- :
++- : "cc", "memory");
++-}
++-
++-static inline void _raw_write_unlock(raw_rwlock_t *rw)
++-{
++- asm volatile(
++- " stlr %w1, %0\n"
++- : "=Q" (rw->lock) : "r" (0) : "memory");
++-}
++-
++-#define _raw_rw_is_locked(x) ((x)->lock != 0)
++-#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000)
++-
++ #endif /* __ASM_SPINLOCK_H */
++ /*
++ * Local variables:
++diff --git a/xen/include/asm-x86/spinlock.h b/xen/include/asm-x86/spinlock.h
++index 6bc044c..06d9b04 100644
++--- a/xen/include/asm-x86/spinlock.h
+++++ b/xen/include/asm-x86/spinlock.h
++@@ -31,58 +31,4 @@ static always_inline int _raw_spin_trylock(raw_spinlock_t *lock)
++ return (oldval > 0);
++ }
++
++-typedef struct {
++- volatile int lock;
++-} raw_rwlock_t;
++-
++-#define RW_WRITE_BIAS 0x7fffffff
++-#define _RAW_RW_LOCK_UNLOCKED /*(raw_rwlock_t)*/ { 0 }
++-
++-static always_inline int _raw_read_trylock(raw_rwlock_t *rw)
++-{
++- int acquired;
++-
++- asm volatile (
++- " lock; decl %0 \n"
++- " jns 2f \n"
++-#ifdef __clang__ /* clang's builtin assember can't do .subsection */
++- "1: .pushsection .fixup,\"ax\"\n"
++-#else
++- "1: .subsection 1 \n"
++-#endif
++- "2: lock; incl %0 \n"
++- " decl %1 \n"
++- " jmp 1b \n"
++-#ifdef __clang__
++- " .popsection \n"
++-#else
++- " .subsection 0 \n"
++-#endif
++- : "=m" (rw->lock), "=r" (acquired) : "1" (1) : "memory" );
++-
++- return acquired;
++-}
++-
++-static always_inline int _raw_write_trylock(raw_rwlock_t *rw)
++-{
++- return (cmpxchg(&rw->lock, 0, RW_WRITE_BIAS) == 0);
++-}
++-
++-static always_inline void _raw_read_unlock(raw_rwlock_t *rw)
++-{
++- asm volatile (
++- "lock ; incl %0"
++- : "=m" ((rw)->lock) : : "memory" );
++-}
++-
++-static always_inline void _raw_write_unlock(raw_rwlock_t *rw)
++-{
++- asm volatile (
++- "lock ; subl %1,%0"
++- : "=m" ((rw)->lock) : "i" (RW_WRITE_BIAS) : "memory" );
++-}
++-
++-#define _raw_rw_is_locked(x) ((x)->lock != 0)
++-#define _raw_rw_is_write_locked(x) ((x)->lock > 0)
++-
++ #endif /* __ASM_SPINLOCK_H */
++diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h
++index 12b0a89..eda9b2e 100644
++--- a/xen/include/xen/spinlock.h
+++++ b/xen/include/xen/spinlock.h
++@@ -141,11 +141,13 @@ typedef struct spinlock {
++ #define spin_lock_init(l) (*(l) = (spinlock_t)SPIN_LOCK_UNLOCKED)
++
++ typedef struct {
++- raw_rwlock_t raw;
+++ volatile uint32_t lock;
++ struct lock_debug debug;
++ } rwlock_t;
++
++-#define RW_LOCK_UNLOCKED { _RAW_RW_LOCK_UNLOCKED, _LOCK_DEBUG }
+++#define RW_WRITE_FLAG (1u<<31)
+++
+++#define RW_LOCK_UNLOCKED { 0, _LOCK_DEBUG }
++ #define DEFINE_RWLOCK(l) rwlock_t l = RW_LOCK_UNLOCKED
++ #define rwlock_init(l) (*(l) = (rwlock_t)RW_LOCK_UNLOCKED)
++
diff --cc debian/patches/series
index 5465bc1,0000000..f84eca9
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,47 -1,0 +1,48 @@@
+0001-version.patch
+0002-config-prefix.diff.patch
+0003-tools-libfsimage-abiname.diff.patch
+0004-tools-libxc-abiname.diff.patch
+0005-tools-libxl-abiname.diff.patch
+0006-tools-xenstat-abiname.diff.patch
+0007-tools-rpath.diff.patch
+0008-tools-blktap2-prefix.diff.patch
+0009-tools-console-prefix.diff.patch
+0010-tools-libfsimage-prefix.diff.patch
+0011-tools-libxl-prefix.diff.patch
+0012-tools-misc-prefix.diff.patch
+0013-tools-pygrub-prefix.diff.patch
+0014-tools-python-prefix.diff.patch
+0015-tools-xcutils-rpath.diff.patch
+0016-tools-xenmon-prefix.diff.patch
+0017-tools-xenpaging-prefix.diff.patch
+0018-tools-xenstat-prefix.diff.patch
+0019-tools-xenstore-prefix.diff.patch
+0020-tools-xentrace-prefix.diff.patch
+0021-tools-python-xen-relative-path.diff.patch
+0022-tools-misc-xend-startup.diff.patch
+0023-tools-disable.diff.patch
+0024-tools-examples-xend-disable-network.diff.patch
+0025-tools-examples-xend-disable-relocation.diff.patch
+0026-tools-pygrub-remove-static-solaris-support.patch
+0027-tools-include-install.diff.patch
+0028-tools-xenmon-install.diff.patch
+0029-tools-hotplug-udevrules.diff.patch
+0030-tools-python-shebang.diff.patch
+0031-tools-xenstore-compatibility.diff.patch
+0032-send-xl-coredumps-var-lib-xen-dump-NAME.patch
+0033-evtchn-check-control-block-exists-when-using-FIFO-ba.patch
+0034-x86-shadow-fix-race-condition-sampling-the-dirty-vra.patch
+0035-x86-emulate-check-cpl-for-all-privileged-instruction.patch
+0036-x86emul-only-emulate-software-interrupt-injection-fo.patch
+0037-x86-HVM-properly-bound-x2APIC-MSR-range.patch
+0038-VT-d-suppress-UR-signaling-for-further-desktop-chips.patch
+0039-x86-paging-make-log-dirty-operations-preemptible.patch
+0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
+0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
+0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
+0043-tools-libxl-do-not-overrun-input-buffer-in-libxl__pa.patch
+0044-x86-limit-checks-in-hypercall_xlat_continuation-to-a.patch
+0045-x86-HVM-confine-internally-handled-MMIO-to-solitary-.patch
+0046-libxc-don-t-leak-buffer-containing-the-uncompressed-.patch
+0047-tools-libxl-do-not-leak-diskpath-during-local-disk-a.patch
++CVE-2014-9065.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list