[Pkg-xen-changes] [xen] 04/06: merge patched-hotfix/4.4.1-8 into hotfix/4.4.1-8
Bastian Blank
waldi at moszumanska.debian.org
Thu Mar 12 17:35:03 UTC 2015
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch debian/jessie
in repository xen.
commit 66e1be93469328fb4b97f5e28ed78b1edccf3b0d
Merge: 49ebfb5 c6e1481
Author: Bastian Blank <waldi at debian.org>
Date: Tue Mar 10 21:06:06 2015 +0100
merge patched-hotfix/4.4.1-8 into hotfix/4.4.1-8
Fix CVE-2015-2044, CVE-2015-2045 and CVE-2015-2151
debian/.git-dpm | 4 +-
debian/changelog | 11 +++++
debian/patches/CVE-2015-2044.diff | 75 ++++++++++++++++++++++++++++++++++
debian/patches/CVE-2015-2045.diff | 54 ++++++++++++++++++++++++
debian/patches/CVE-2015-2151.diff | 38 +++++++++++++++++
debian/patches/series | 3 ++
xen/arch/x86/hvm/i8254.c | 1 +
xen/arch/x86/hvm/pmtimer.c | 1 +
xen/arch/x86/hvm/rtc.c | 3 +-
xen/arch/x86/hvm/vpic.c | 1 +
xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
xen/common/kernel.c | 6 +++
12 files changed, 195 insertions(+), 4 deletions(-)
diff --cc debian/.git-dpm
index 0e9b8fc,0000000..9646994
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,8 -1,0 +1,8 @@@
+# see git-dpm(1) from git-dpm package
- dd6514afbfc96f53c7d73df3f4dcaec875ca934e
- dd6514afbfc96f53c7d73df3f4dcaec875ca934e
++c6e14813d790bbf6c9400466ff17c4b9d6abee8e
++c6e14813d790bbf6c9400466ff17c4b9d6abee8e
+3387be132d526263f246c24d3bbc94767a4eba76
+3387be132d526263f246c24d3bbc94767a4eba76
+xen_4.4.1.orig.tar.xz
+900ed093d14caf511fa1a22f48bbf0499bb2ee11
+3778516
diff --cc debian/changelog
index ba115bd,0000000..870f806
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,1201 -1,0 +1,1212 @@@
++xen (4.4.1-8) UNRELEASED; urgency=medium
++
++ * Fix uninitialized return from wrong-sized reads from system devices.
++ CVE-2015-2044
++ * Fix hypervisor memory leak in uninitialized structures.
++ CVE-2015-2045
++ * Fix hypervisor memory corruption in x86 emulation. (closes: #780227)
++ CVE-2015-2151
++
++ -- Bastian Blank <waldi at debian.org> Tue, 10 Mar 2015 21:07:34 +0100
++
+xen (4.4.1-7) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Fix use after free on guest shutdown.
+ CVE-2015-0361
+ * Fix rate limits of guest triggered locking.
+ CVE-2015-1563
+
+ [ Ian Campbell ]
+ * Use xen-init-dom0 from initscript when it is available.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Mar 2015 00:56:58 +0100
+
+xen (4.4.1-6) unstable; urgency=medium
+
+ * Fix starvation of writers in locks.
+ CVE-2014-9065
+
+ -- Bastian Blank <waldi at debian.org> Thu, 11 Dec 2014 15:56:08 +0100
+
+xen (4.4.1-5) unstable; urgency=medium
+
+ * Fix excessive checks of hypercall arguments.
+ CVE-2014-8866
+ * Fix boundary checks of emulated MMIO access.
+ CVE-2014-8867
+ * Fix additional memory leaks in xl. (closes: #767295)
+
+ -- Bastian Blank <waldi at debian.org> Sun, 30 Nov 2014 20:13:32 +0100
+
+xen (4.4.1-4) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Make operations pre-emptible.
+ CVE-2014-5146, CVE-2014-5149
+ * Don't allow page table updates from non-PV page tables.
+ CVE-2014-8594
+ * Enforce privilege level while loading code segment.
+ CVE-2014-8595
+ * Fix reference counter leak.
+ CVE-2014-9030
+ * Use linux 3.16.0-4 stuff.
+ * Fix memory leak in xl. (closes: #767295)
+
+ [ Ian Campbell ]
+ * Add licensing for tools/python/logging to debian/copyright.
+ (Closes: #759384)
+ * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
+ * xen-utils recommends grub-xen-host package (Closes: #770460)
+
+ -- Bastian Blank <waldi at debian.org> Thu, 27 Nov 2014 20:17:36 +0100
+
+xen (4.4.1-3) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Remove unused build-depencencies.
+ * Extend list affected systems for broken interrupt assignment.
+ CVE-2013-3495
+ * Fix race in hvm memory management.
+ CVE-2014-7154
+ * Fix missing privilege checks on instruction emulation.
+ CVE-2014-7155, CVE-2014-7156
+ * Fix uninitialized control structures in FIFO handling.
+ CVE-2014-6268
+ * Fix MSR range check in emulation.
+ CVE-2014-7188
+
+ [ Ian Campbell ]
+ * Install xen.efi into /boot for amd64 builds.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Oct 2014 16:27:46 +0200
+
+xen (4.4.1-2) unstable; urgency=medium
+
+ * Re-build with correct content.
+ * Use dh_lintian.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 24 Sep 2014 20:23:14 +0200
+
+xen (4.4.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fix several vulnerabilities. (closes: #757724)
+ CVE-2014-2599, CVE-2014-3124,
+ CVE-2014-3967, CVE-2014-3968,
+ CVE-2014-4021
+
+ -- Bastian Blank <waldi at debian.org> Sun, 21 Sep 2014 10:45:47 +0200
+
+xen (4.4.0-5) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Expand on the descriptions of some packages. (Closes: #466683)
+ * Clarify where xen-utils-common is required. (Closes: #612403)
+ * No longer depend on gawk. Xen can now use any awk one of which is always
+ present. (Closes: #589176)
+ * Put core dumps in /var/lib/xen/dump and ensure it exists.
+ (Closes: #444000)
+
+ [ Bastian Blank ]
+ * Handle JSON output from xl in xendomains init script.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 06 Sep 2014 22:11:20 +0200
+
+xen (4.4.0-4) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * Also remove unused OCaml packages from control file.
+ * Make library packages multi-arch: same. (closes: #730417)
+ * Use debhelper compat level 9. (closes: #692352)
+
+ [ Ian Campbell ]
+ * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
+ * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
+ * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 30 Aug 2014 13:34:04 +0200
+
+xen (4.4.0-3) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * Use correct SeaBIOS binary which supports Xen (Closes: #737905).
+
+ [ Bastian Blank ]
+ * Really update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 29 Aug 2014 16:33:19 +0200
+
+xen (4.4.0-2) unstable; urgency=medium
+
+ * Remove broken and unused OCaml-support.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Aug 2014 15:18:42 +0200
+
+xen (4.4.0-1) unstable; urgency=medium
+
+ [ Bastian Blank ]
+ * New upstream release.
+ - Update scripts for compatiblity with latest coreutils.
+ (closes: #718898)
+ - Fix guest reboot with xl toolstack. (closes: #727100)
+ - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
+ (closes: #730254)
+ - xl support for global VNC options. (closes: #744157)
+ - vif scripts can now be named relative to /etc/xen/scripts.
+ (closes: #744160)
+ - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
+ - pygrub searches for extlinux.conf in the expected places.
+ (closes: #697407)
+ - Update scripts to use correct syntax for ip command.
+ (closes: #705659)
+ * Fix install of xend configs to not break compatibility.
+
+ [ Ian Campbell ]
+ * Disable blktap1 support using new configure option instead of by patching.
+ * Disable qemu-traditional and rombios support using new configure option
+ instead of by patching. No need to build-depend on ipxe any more.
+ * Use system qemu-xen via new configure option instead of patching.
+ * Use system seabios via new configure option instead of patching.
+ * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
+ * Add support for armhf and arm64.
+ * Update config.{sub,guess}.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 09 Aug 2014 13:09:00 +0200
+
+xen (4.3.0-3) unstable; urgency=low
+
+ * Revive hypervisor on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 18 Oct 2013 00:15:16 +0200
+
+xen (4.3.0-2) unstable; urgency=low
+
+ * Force proper install order. (closes: #721999)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 05 Oct 2013 15:03:36 +0000
+
+xen (4.3.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix HVM PCI passthrough. (closes: #706543)
+ * Call configure with proper arguments.
+ * Remove now empty xen-docs package.
+ * Disable external code retrieval.
+ * Drop all i386 hypervisor packages.
+ * Drop complete blktap support.
+ * Create /run/xen.
+ * Make xen-utils recommend qemu-system-x86. (closes: #688311)
+ - This version comes with audio support. (closes: #635166)
+ * Make libxenlight and libxlutil public. (closes: #644390)
+ - Set versioned ABI name.
+ - Install headers.
+ - Move libs into normal library path.
+ * Use build flags in the tools build.
+ - Fix fallout from harderning flags.
+ * Update Standards-Version to 3.9.4. No changes.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 05 Sep 2013 13:54:03 +0200
+
+xen (4.2.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix build with gcc 4.8. (closes: #712376)
+ * Build-depend on libssl-dev. (closes: #712366)
+ * Enable hardening as much as possible.
+ * Re-enable ocaml build fixes. (closes: #695176)
+ * Check for out-of-bound values in CPU affinity setup.
+ CVE-2013-2072
+ * Fix information leak on AMD CPUs.
+ CVE-2013-2076
+ * Recover from faults on XRSTOR.
+ CVE-2013-2077
+ * Properly check guest input to XSETBV.
+ CVE-2013-2078
+
+ -- Bastian Blank <waldi at debian.org> Thu, 11 Jul 2013 00:28:24 +0200
+
+xen (4.2.1-2) unstable; urgency=low
+
+ * Actually upload to unstable.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 12 May 2013 00:20:58 +0200
+
+xen (4.2.1-1) experimental; urgency=low
+
+ * New upstream release.
+ * Enable usage of seabios.
+ * Fix some toolchain issues.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 11 May 2013 23:55:46 +0200
+
+xen (4.2.0-2) experimental; urgency=low
+
+ * Support JSON output in domain init script helper.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Oct 2012 15:11:30 +0200
+
+xen (4.2.0-1) experimental; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:54:30 +0200
+
+xen (4.2.0~rc3-1) experimental; urgency=low
+
+ * New upstream snapshot.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 20:28:46 +0200
+
+xen (4.2.0~rc2-1) experimental; urgency=low
+
+ * New upstream snapshot.
+ * Build-depend against libglib2.0-dev and libyajl-dev.
+ * Disable seabios build for now.
+ * Remove support for Lenny and earlier.
+ * Support build-arch and build-indep make targets.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 13 May 2012 12:21:10 +0000
+
+xen (4.1.4-4) unstable; urgency=high
+
+ * Make several long runing operations preemptible.
+ CVE-2013-1918
+ * Fix source validation for VT-d interrupt remapping.
+ CVE-2013-1952
+
+ -- Bastian Blank <waldi at debian.org> Thu, 02 May 2013 14:30:29 +0200
+
+xen (4.1.4-3) unstable; urgency=high
+
+ * Fix return from SYSENTER.
+ CVE-2013-1917
+ * Fix various problems with guest interrupt handling.
+ CVE-2013-1919
+ * Only save pointer after access checks.
+ CVE-2013-1920
+ * Fix domain locking for transitive grants.
+ CVE-2013-1964
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Apr 2013 13:01:57 +0200
+
+xen (4.1.4-2) unstable; urgency=low
+
+ * Use pre-device interrupt remapping mode per default. Fix removing old
+ remappings.
+ CVE-2013-0153
+
+ -- Bastian Blank <waldi at debian.org> Wed, 06 Feb 2013 13:04:52 +0100
+
+xen (4.1.4-1) unstable; urgency=low
+
+ * New upstream release.
+ - Disable process-context identifier support in newer CPUs for all
+ domains.
+ - Add workarounds for AMD errata.
+ - Don't allow any non-canonical addresses.
+ - Use Multiboot memory map if BIOS emulation does not provide one.
+ - Fix several problems in tmem.
+ CVE-2012-3497
+ - Fix error handling in domain creation.
+ - Adjust locking and interrupt handling during S3 resume.
+ - Tighten more resource and memory range checks.
+ - Reset performance counters. (closes: #698651)
+ - Remove special-case for first IO-APIC.
+ - Fix MSI handling for HVM domains. (closes: #695123)
+ - Revert cache value of disks in HVM domains.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 31 Jan 2013 15:44:50 +0100
+
+xen (4.1.3-8) unstable; urgency=high
+
+ * Fix error in VT-d interrupt remapping source validation.
+ CVE-2012-5634
+ * Fix buffer overflow in qemu e1000 emulation.
+ CVE-2012-6075
+ * Update patch, mention second CVE.
+ CVE-2012-5511, CVE-2012-6333
+
+ -- Bastian Blank <waldi at debian.org> Sat, 19 Jan 2013 13:55:07 +0100
+
+xen (4.1.3-7) unstable; urgency=low
+
+ * Fix clock jump due to incorrect annotated inline assembler.
+ (closes: #599161)
+ * Add support for XZ compressed Linux kernels to hypervisor and userspace
+ based loaders, it is needed for any Linux kernels newer then Wheezy.
+ (closes: #695056)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 11 Dec 2012 18:54:59 +0100
+
+xen (4.1.3-6) unstable; urgency=high
+
+ * Fix error handling in physical to machine memory mapping.
+ CVE-2012-5514
+
+ -- Bastian Blank <waldi at debian.org> Tue, 04 Dec 2012 10:51:43 +0100
+
+xen (4.1.3-5) unstable; urgency=high
+
+ * Fix state corruption due to incomplete grant table switch.
+ CVE-2012-5510
+ * Check range of arguments to several HVM operations.
+ CVE-2012-5511, CVE-2012-6333
+ * Check array index before using it in HVM memory operation.
+ CVE-2012-5512
+ * Check memory range in memory exchange operation.
+ CVE-2012-5513
+ * Don't allow too large memory size and avoid busy looping.
+ CVE-2012-5515
+
+ -- Bastian Blank <waldi at debian.org> Mon, 03 Dec 2012 19:37:38 +0100
+
+xen (4.1.3-4) unstable; urgency=high
+
+ * Use linux 3.2.0-4 stuff.
+ * Fix overflow in timer calculations.
+ CVE-2012-4535
+ * Check value of physical interrupts parameter before using it.
+ CVE-2012-4536
+ * Error out on incorrect memory mapping updates.
+ CVE-2012-4537
+ * Check if toplevel page tables are present.
+ CVE-2012-4538
+ * Fix infinite loop in compatibility code.
+ CVE-2012-4539
+ * Limit maximum kernel and ramdisk size.
+ CVE-2012-2625, CVE-2012-4544
+
+ -- Bastian Blank <waldi at debian.org> Tue, 20 Nov 2012 15:51:01 +0100
+
+xen (4.1.3-3) unstable; urgency=low
+
+ * Xen domain init script:
+ - Make sure Open vSwitch is started before any domain.
+ - Properly handle and show output of failed migration and save.
+ - Ask all domains to shut down before checking them.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 18 Sep 2012 13:26:32 +0200
+
+xen (4.1.3-2) unstable; urgency=medium
+
+ * Don't allow writing reserved bits in debug register.
+ CVE-2012-3494
+ * Fix error handling in interrupt assignment.
+ CVE-2012-3495
+ * Don't trigger bug messages on invalid flags.
+ CVE-2012-3496
+ * Check array bounds in interrupt assignment.
+ CVE-2012-3498
+ * Properly check bounds while setting the cursor in qemu.
+ CVE-2012-3515
+ * Disable monitor in qemu by default.
+ CVE-2012-4411
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Sep 2012 19:41:46 +0200
+
+xen (4.1.3-1) unstable; urgency=medium
+
+ * New upstream release: (closes: #683286)
+ - Don't leave the x86 emulation in a bad state. (closes: #683279)
+ CVE-2012-3432
+ - Only check for shared pages while any exist on teardown.
+ CVE-2012-3433
+ - Fix error handling for unexpected conditions.
+ - Update CPUID masking to latest Intel spec.
+ - Allow large ACPI ids.
+ - Fix IOMMU support for PCI-to-PCIe bridges.
+ - Disallow access to some sensitive IO-ports.
+ - Fix wrong address in IOTLB.
+ - Fix deadlock on CPUs without working cpufreq driver.
+ - Use uncached disk access in qemu.
+ - Fix buffer size on emulated e1000 device in qemu.
+ * Fixup broken and remove applied patches.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 17 Aug 2012 11:25:02 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low
+
+ [ Ian Campbell ]
+ * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
+ * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)
+
+ [ Bastian Blank ]
+ * Actually build-depend on new enough version of dpkg-dev.
+ * Add xen-sytem-* meta-packages. We are finally in a position to do
+ automatic upgrades and this package is missing. (closes: #681376)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jul 2012 10:23:26 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low
+
+ * Add Build-Using info to xen-utils package.
+ * Fix build-arch target.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 19:52:30 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low
+
+ * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
+ compatible.
+ * Fix init script usage.
+ * Fix udev rules for emulated network devices:
+ - Force names of emulated network devices to a predictable name.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 01 Jul 2012 16:59:04 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low
+
+ * Fix pointer missmatch in interrupt functions. Fixes build on i386.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Jun 2012 18:00:51 +0200
+
+xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ - Fix privilege escalation and syscall/sysenter DoS while using
+ non-canonical addresses by untrusted PV guests. (closes: #677221)
+ CVE-2012-0217
+ CVE-2012-0218
+ - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
+ cause a DoS of the host.
+ CVE-2012-2934
+ * Don't fail if standard toolstacks are not available. (closes: #677244)
+
+ -- Bastian Blank <waldi at debian.org> Thu, 14 Jun 2012 17:06:25 +0200
+
+xen (4.1.2-7) unstable; urgency=low
+
+ * Really use ucf.
+ * Update init script dependencies:
+ - Start $syslog before xen.
+ - Start drbd and iscsi before xendomains. (closes: #626356)
+ - Start corosync and heartbeat after xendomains.
+ * Remove /var/log/xen on purge. (closes: #656216)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 May 2012 10:44:41 +0200
+
+xen (4.1.2-6) unstable; urgency=low
+
+ * Fix generation of architectures for hypervisor packages.
+ * Remove information about loop devices, it is incorrect. (closes: #503044)
+ * Update xendomains init script:
+ - Create directory for domain images only root readable. (closes: #596048)
+ - Add missing sanity checks for variables. (closes: #671750)
+ - Remove not longer supported config options.
+ - Don't fail if no config is available.
+ - Remove extra output if domain was restored.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 06 May 2012 20:07:41 +0200
+
+xen (4.1.2-5) unstable; urgency=low
+
+ * Actually force init script rename. (closes: #669341)
+ * Fix long output from xl.
+ * Move complete init script setup.
+ * Rewrite xendomains init script:
+ - Use LSB output functions.
+ - Make output more clear.
+ - Use xen toolstack wrapper.
+ - Use a python script to properly read domain details.
+ * Set name for Domain-0.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 23 Apr 2012 11:56:45 +0200
+
+xen (4.1.2-4) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
+ * Don't longer use a4wide latex package.
+ * Use ucf for /etc/default/xen.
+ * Remove handling for old udev rules link and xenstored directory.
+ * Rename xend init script to xen.
+
+ [ Lionel Elie Mamane ]
+ * Fix toolstack script to work with old dash. (closes: #648029)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Apr 2012 08:47:29 +0000
+
+xen (4.1.2-3) unstable; urgency=low
+
+ * Merge xen-common source package.
+ * Remove xend wrapper, it should not be called by users.
+ * Support xl in init script.
+ * Restart xen daemons on upgrade.
+ * Restart and stop xenconsoled in init script.
+ * Load xen-gntdev module.
+ * Create /var/lib/xen. (closes: #658101)
+ * Cleanup udev rules. (closes: #657745)
+
+ -- Bastian Blank <waldi at debian.org> Wed, 01 Feb 2012 19:28:28 +0100
+
+xen (4.1.2-2) unstable; urgency=low
+
+ [ Jon Ludlam ]
+ * Import (partially reworked) upstream changes for OCaml support.
+ - Rename the ocamlfind packages.
+ - Remove uuid and log libraries.
+ - Fix 2 bit-twiddling bugs and an off-by-one
+ * Fix build of OCaml libraries.
+ * Add OCaml library and development package.
+ * Include some missing headers.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 10 Dec 2011 19:13:25 +0000
+
+xen (4.1.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Build-depend on pkg-config.
+ * Add package libxen-4.1. Includes some shared libs.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Nov 2011 18:28:06 +0100
+
+xen (4.1.1-3) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * Remove Julien Danjou from the Uploaders field. (closes: #590439)
+
+ [ Bastian Blank ]
+ * Use current version of python. (closes: #646660)
+ * Build-depend against liblzma-dev, it is used if available.
+ (closes: #646694)
+ * Update Standards-Version to 3.9.2. No changes.
+ * Don't use brace-expansion in debhelper install files.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 26 Oct 2011 14:42:33 +0200
+
+xen (4.1.1-2) unstable; urgency=low
+
+ * Fix hvmloader with gcc 4.6.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 05 Aug 2011 23:58:36 +0200
+
+xen (4.1.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
+ * Use dh_python2.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 18 Jul 2011 19:38:38 +0200
+
+xen (4.1.0-3) unstable; urgency=low
+
+ * Add ghostscript to build-deps.
+ * Enable qemu-dm build.
+ - Add qemu as another orig tar.
+ - Remove blktap1, bluetooth and sdl support from qemu.
+ - Recommend qemu-keymaps and qemu-utils.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 28 Apr 2011 15:20:45 +0200
+
+xen (4.1.0-2) unstable; urgency=low
+
+ * Re-enable hvmloader:
+ - Use packaged ipxe.
+ * Workaround incompatibility with xenstored of Xen 4.0.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 15 Apr 2011 11:38:25 +0200
+
+xen (4.1.0-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Bastian Blank <waldi at debian.org> Sun, 27 Mar 2011 18:09:28 +0000
+
+xen (4.1.0~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Build documentation using pdflatex.
+ * Use python 2.6. (closes: #596545)
+ * Fix lintian override.
+ * Install new tools: xl, xenpaging.
+ * Enable blktap2.
+ - Use own md5 implementation.
+ - Fix includes.
+ - Fix linking of blktap2 binaries.
+ - Remove optimization setting.
+ * Temporarily disable hvmloader, wants to download ipxe.
+ * Remove xenstored pid check from xl.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Mar 2011 16:12:45 +0100
+
+xen (4.0.1-2) unstable; urgency=low
+
+ * Fix races in memory management.
+ * Make sure that frame-table compression leaves enough alligned.
+ * Disable XSAVE support. (closes: #595490)
+ * Check for dying domain instead of raising an assertion.
+ * Add C6 state with EOI errata for Intel.
+ * Make some memory management interrupt safe. Unsure if really needed.
+ * Raise bar for inter-socket migrations on mostly-idle systems.
+ * Fix interrupt handling for legacy routed interrupts.
+ * Allow to set maximal domain memory even during a running change.
+ * Support new partition name in pygrub. (closes: #599243)
+ * Fix some comparisions "< 0" that may be optimized away.
+ * Check for MWAIT support before using it.
+ * Fix endless loop on interrupts on Nehalem cpus.
+ * Don't crash upon direct GDT/LDT access. (closes: #609531)
+ CVE-2010-4255
+ * Don't loose timer ticks after domain restore.
+ * Reserve some space for IOMMU area in dom0. (closes: #608715)
+ * Fix hypercall arguments after trace callout.
+ * Fix some error paths in vtd support. Memory leak.
+ * Reinstate ACPI DMAR table.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 12 Jan 2011 15:01:40 +0100
+
+xen (4.0.1-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix IOAPIC S3 with interrupt remapping enabled.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 03 Sep 2010 17:14:28 +0200
+
+xen (4.0.1~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Add some missing locks for page table walk.
+ - Fix NMU injection into guest.
+ - Fix ioapic updates for vt-d.
+ - Add check for GRUB2 commandline behaviour.
+ - Fix handling of invalid kernel images.
+ - Allow usage of powernow.
+ * Remove lowlevel python modules usage from pygrub. (closes: #588811)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 17 Aug 2010 23:15:34 +0200
+
+xen (4.0.1~rc5-1) unstable; urgency=low
+
+ * New upstream release candidate.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 02 Aug 2010 17:06:27 +0200
+
+xen (4.0.1~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Call dh_pyversion with the correct version.
+ * Restart xen daemon on upgrade.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 30 Jun 2010 16:30:47 +0200
+
+xen (4.0.0-2) unstable; urgency=low
+
+ * Fix python dependency. (closes: #586666)
+ - Use python-support.
+ - Hardcode to use python 2.5 for now.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 21 Jun 2010 17:23:16 +0200
+
+xen (4.0.0-1) unstable; urgency=low
+
+ * Update to unstable.
+ * Fix spelling in README.
+ * Remove unnecessary build-depends.
+ * Fixup xend to use different filename lookup.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 17 Jun 2010 11:16:55 +0200
+
+xen (4.0.0-1~experimental.2) experimental; urgency=low
+
+ * Merge changes from 3.4.3-1.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 12:58:12 +0200
+
+xen (4.0.0-1~experimental.1) experimental; urgency=low
+
+ * New upstream version.
+ * Rename source package to xen.
+ * Build depend against iasl and uuid-dev.
+ * Disable blktap2 support, it links against OpenSSL.
+ * Update copyright file.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 06 May 2010 15:47:38 +0200
+
+xen-3 (3.4.3-1) unstable; urgency=low
+
+ * New upstream version.
+ * Disable blktap support, it is unusable with current kernels.
+ * Disable libaio, was only used by blktap.
+ * Drop device creation support. (closes: #583283)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 28 May 2010 11:43:18 +0200
+
+xen-3 (3.4.3~rc6-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ - Relocate multiboot modules. (closes: #580045)
+ - Support grub2 in pygrub. (closes: #573311)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 May 2010 11:32:29 +0200
+
+xen-3 (3.4.3~rc3-2) unstable; urgency=low
+
+ * Again list the complete version in the hypervisor.
+ * Fix path detection for bootloader, document it. (closes: #481105)
+ * Rewrite README.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 08 Apr 2010 16:14:58 +0200
+
+xen-3 (3.4.3~rc3-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Use 3.0 (quilt) source format.
+ * Always use current python version.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 01 Mar 2010 22:14:22 +0100
+
+xen-3 (3.4.2-2) unstable; urgency=low
+
+ * Remove Jeremy T. Bouse from uploaders.
+ * Export blktap lib and headers.
+ * Build amd64 hypervisor on i386. (closes: #366315)
+
+ -- Bastian Blank <waldi at debian.org> Sun, 22 Nov 2009 16:54:47 +0100
+
+xen-3 (3.4.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Strip hvmloader by hand.
+ * Remove extra license file from libxen-dev.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 16 Nov 2009 20:57:07 +0100
+
+xen-3 (3.4.1-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 21 Aug 2009 21:34:38 +0200
+
+xen-3 (3.4.0-2) unstable; urgency=low
+
+ * Add symbols file for libxenstore3.0. (closes: #536173)
+ * Document that ioemu is currently unsupported. (closes: #536175)
+ * Fix location of fsimage plugins. (closes: #536174)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 18 Jul 2009 18:05:35 +0200
+
+xen-3 (3.4.0-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version.
+ * Remove ioemu for now. (closes: #490409, #496367)
+ * Remove non-pae hypervisor.
+ * Use debhelper compat level 7.
+ * Make the init script start all daemons.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 30 Jun 2009 22:33:22 +0200
+
+xen-3 (3.2.1-2) unstable; urgency=low
+
+ * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
+ * Fix missing checks in pvfb code.
+ See CVE-2008-1952. (closes: #487095)
+ * Add support for loading bzImage files. (closes: #474509)
+ * Enable TLS support in ioemu code.
+ * Drop libcrypto usage because of GPL-incompatibility.
+ * Remove AES code from blktap drivers. Considered broken.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 28 Jun 2008 11:30:43 +0200
+
+xen-3 (3.2.1-1) unstable; urgency=low
+
+ * New upstream version.
+ * Set rpath relative to ${ORIGIN}.
+ * Add lintian override to xen-utils package.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 22 May 2008 14:01:47 +0200
+
+xen-3 (3.2.0-5) unstable; urgency=low
+
+ * Provide correct directory to dh_pycentral.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 14 Apr 2008 21:43:49 +0200
+
+xen-3 (3.2.0-4) unstable; urgency=low
+
+ * Pull in newer xen-utils-common.
+ * Fix missing size checks in the ioemu block driver. (closes: #469654)
+ See: CVE-2008-0928
+
+ -- Bastian Blank <waldi at debian.org> Fri, 07 Mar 2008 14:21:38 +0100
+
+xen-3 (3.2.0-3) unstable; urgency=low
+
+ * Clean environment for build.
+ * Add packages libxenstore3.0 and xenstore-utils.
+ * Move docs package in docs section to match overwrites.
+ * Make the hypervisor only recommend the utils.
+ * Cleanup installation. (closes: #462989)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 12 Feb 2008 12:40:56 +0000
+
+xen-3 (3.2.0-2) unstable; urgency=low
+
+ * Fix broken patch. (closes: #462522)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 26 Jan 2008 17:21:52 +0000
+
+xen-3 (3.2.0-1) unstable; urgency=low
+
+ * New upstream version.
+ * Add package libxen-dev. Including public headers and static libs.
+ (closes: #402249)
+ * Don't longer install xenfb, removed upstream.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 22 Jan 2008 12:51:49 +0000
+
+xen-3 (3.1.2-2) unstable; urgency=low
+
+ * Add missing rpath definitions.
+ * Fix building of pae version.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 08 Dec 2007 12:07:42 +0000
+
+xen-3 (3.1.2-1) unstable; urgency=high
+
+ * New upstream release:
+ - Move shared file into /var/run. (closes: #447795)
+ See CVE-2007-3919.
+ - x86: Fix various problems with debug-register handling. (closes: #451626)
+ See CVE-2007-5906.
+
+ -- Bastian Blank <waldi at debian.org> Sat, 24 Nov 2007 13:24:45 +0000
+
+xen-3 (3.1.1-1) unstable; urgency=low
+
+ * New upstream release:
+ - Don't use exec with untrusted values in pygrub. (closes: #444430)
+ See CVE-2007-4993.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 19 Oct 2007 16:02:37 +0000
+
+xen-3 (3.1.0-2) unstable; urgency=low
+
+ * Switch to texlive for documentation.
+ * Drop unused transfig.
+ * Drop unused latex features from documentation.
+ * Build depend against gcc-multilib for amd64. (closes: #439662)
+
+ -- Bastian Blank <waldi at debian.org> Fri, 31 Aug 2007 08:15:50 +0000
+
+xen-3 (3.1.0-1) unstable; urgency=low
+
+ [ Julien Danjou ]
+ * New upstream version.
+
+ [ Ralph Passgang ]
+ * Added graphviz to Build-Indeps
+
+ [ Bastian Blank ]
+ * Upstream removed one part of the version. Do it also.
+ * Merge utils packages.
+ * Install blktap support.
+ * Install pygrub.
+ * Install xenfb tools.
+ * xenconsoled startup is racy, wait a little bit.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 20 Aug 2007 15:05:08 +0000
+
+xen-3.0 (3.0.4-1-1) unstable; urgency=low
+
+ [ Bastian Blank ]
+ * New upstream version (closes: #394411)
+
+ [ Guido Trotter ]
+ * Actually try to build and release xen 3.0.4
+ * Update build dependencies
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 23 May 2007 11:57:29 +0100
+
+xen-3.0 (3.0.3-0-2) unstable; urgency=medium
+
+ [Bastian Blank]
+ * Remove device recreate code.
+ * Remove build dependency on linux-support-X
+
+ [ Guido Trotter ]
+ * Add missing build dependency on zlib1g-dev (closes: #396557)
+ * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
+ (closes: #396561, #396567)
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 2 Nov 2006 16:38:02 +0000
+
+xen-3.0 (3.0.3-0-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Bastian Blank <waldi at debian.org> Fri, 20 Oct 2006 11:04:35 +0000
+
+xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Ignore update-grub errors. (closes: #392534)
+
+ -- Bastian Blank <waldi at debian.org> Sat, 14 Oct 2006 13:09:53 +0000
+
+xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename ioemu package to include the complete version.
+ * Fix name of hypervisor. (closes: #391771)
+
+ -- Bastian Blank <waldi at debian.org> Mon, 9 Oct 2006 12:48:13 +0000
+
+xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low
+
+ * New upstream snapshot.
+ * Rename hypervisor and utils packages to include the complete version.
+ * Redo build environment.
+
+ -- Bastian Blank <waldi at debian.org> Mon, 4 Sep 2006 18:43:12 +0000
+
+xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update xen-utils' README.Debian (closes: #372524)
+
+ [ Bastian Blank ]
+ * Adopt new python policy. (closes: #380990)
+ * Add patch to make new kernels working on the hypervisor.
+
+ -- Bastian Blank <waldi at debian.org> Tue, 15 Aug 2006 19:20:08 +0000
+
+xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Update Standards Version
+ * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)
+
+ [ Bastian Blank ]
+ * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)
+
+ -- Guido Trotter <ultrotter at debian.org> Wed, 31 May 2006 10:50:05 +0200
+
+xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low
+
+ * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
+ descriptions, specifying what the difference between the two packages is
+ (closes: #366019)
+ * Merge upstream fixes trunk
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 18 May 2006 15:25:02 +0200
+
+xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ - This includes a fix for CVE-2006-1056
+
+ -- Guido Trotter <ultrotter at debian.org> Thu, 27 Apr 2006 17:34:03 +0200
+
+xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low
+
+ * Merge upstream fixes trunk
+ * Fix PAE disabled in pae build (Closes: #364875)
+
+ -- Julien Danjou <acid at debian.org> Wed, 26 Apr 2006 13:19:39 +0200
+
+xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low
+
+ [ Guido Trotter ]
+ * Merge upstream fixes trunk
+
+ [ Bastian Blank ]
+ * debian/patches/libdir.dpatch: Update to make xm save work
+
+ -- Julien Danjou <acid at debian.org> Mon, 24 Apr 2006 18:02:07 +0200
+
+xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low
+
+ * Merge upstream bug fixes
+ * Fix bug with xend init.d script
+
+ -- Julien Danjou <acid at debian.org> Wed, 12 Apr 2006 17:35:35 +0200
+
+xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low
+
+ * New upstream release
+ * Fix copyright file
+
+ -- Julien Danjou <acid at debian.org> Mon, 10 Apr 2006 17:02:55 +0200
+
+xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low
+
+ * The "preserve our homes" release
+ * Now cooperatively maintained by the Debian Xen Team
+ * New upstream release (closes: #327493, #342249)
+ * Build depend on transfig (closes: #321157)
+ * Use gcc rather than gcc-3.4 to compile (closes: #323698)
+ * Split xen-hypervisor-3.0 and xen-utils-3.0
+ * Build both normal and pae hypervisor packages
+ * Change maintainer and add uploaders field
+ * Add force-reload support for init script xendomains
+ * Remove dependency against bash
+ * Bump standards version to 3.6.2.2
+ * xen-utils-3.0 conflicts and replaces xen
+ * Add dpatch structure to the package
+ * Remove build-dependency on gcc (it's build essential anyway)
+ * Make SrvServer.py not executable
+ * Create NEWS.Debian file with important upgrade notices
+ * Update copyright file
+ * Remove the linux-patch-xen package
+ * Removed useless build-dependencies: libncurses5-dev, wget
+ * Changed xendomains config path to /etc/default
+ * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
+ xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
+ xen-hypervisor
+ * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
+ xen2 -> xen3 don't fail because of a running xen2 hypervisor
+ * Updated the "Replaces & Conflicts"
+ * Install only and correctly udev files
+ * Compile date is no more in current locale
+ * Add patch which add the debian version and maintainer in the version
+ string and removes the banner.
+ * Don't install unusable cruft in xen-utils
+ * Remove libxen packages (no stable API/ABI)
+
+ -- Julien Danjou <acid at debian.org> Wed, 5 Apr 2006 16:05:07 +0200
+
+xen (2.0.6-1) unstable; urgency=low
+
+ * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
+ python-install.patch, disable-html-docs.patch.
+ * New upstream released. Closes: #311336.
+ * Remove comparison to UML from xen short description. Closes: #317066.
+ * Make packages conflicts with 1.2 doc debs. Closes: #304285.
+ * Add iproute to xen depends, as it uses /bin/ip. Closes: #300488,
+ #317468.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 06 Jul 2005 12:35:50 -0500
+
+xen (2.0.5-3) experimental; urgency=low
+
+ * Change priority/section to match the overrides file.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 12:43:50 -0600
+
+xen (2.0.5-2) experimental; urgency=low
+
+ * Mike McCallister <mike+debian at metalogue.com>,
+ Tommi Virtanen <tv at debian.org>, Tom Hibbert <tom at nsp.co.nz>:
+ Fix missing '.' in update-rc.d call in xen.postinst. Closes: #299384
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 18 Mar 2005 11:39:56 -0600
+
+xen (2.0.5-1) experimental; urgency=low
+
+ * New upstream.
+ * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
+ as they have been applied upstream(in various forms).
+ * xend now starts at priority 20, stops at 21, while xendomains starts
+ at 21, and stops at 20.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 11 Mar 2005 14:33:33 -0600
+
+xen (2.0.4-4) experimental; urgency=low
+
+ * Bah, major booboo. Add /boot to debian/xen.install, so xen.gz will
+ get shipped. Reported by Clint Adams <schizo at debian.org>.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 15 Feb 2005 13:00:57 -0600
+
+xen (2.0.4-3) experimental; urgency=low
+
+ * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
+ xen-docs. Reported by Tupshin Harper <tupshin at tupshin.com>.
+
+ -- Adam Heath <doogie at brainfood.com> Sun, 06 Feb 2005 01:22:45 -0600
+
+xen (2.0.4-2) experimental; urgency=low
+
+ * Fix kernel patch generation. It was broken when I integrated with
+ debian's kernel source. I used a symlink, and diff doesn't follow
+ those.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:16:35 -0600
+
+xen (2.0.4-1) experimental; urgency=low
+
+ * New upstream.
+ * xen.deb can now install on a plain kernel; that is, the init scripts
+ exit successfully if /proc/xen/privcmd doesn't exist. This allows
+ for dual-boot setups.
+ * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm. xend
+ xfrd are daemons, and take little if any options. I've not had a need
+ to use xenperf nor xensv yet. xm has nice built in help(xm help).
+ * Upstream now requires either linux 2.4.29, or 2.6.10. Since 2.4.29 is
+ not yet in debian, disable the 2.4 patch generation. Closes: #271245.
+ * Not certain how the kernel-patch-xen was empty. It's not now, with
+ the repackaging. Closes: #272299.
+ * Xen no longer produces kernel images, so problems about missing features
+ are no longer valid. Closes: #253924.
+ * Acknowledge nmu bugs:
+ * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
+ #243048.
+
+ -- Adam Heath <doogie at brainfood.com> Sat, 05 Feb 2005 18:04:27 -0600
+
+xen (2.0.3-0.1) unstable; urgency=low
+
+ * Changes from Tommi Virtanen:
+ * Added dh-kpatches and libcurl3-dev to Build-Depends.
+ * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
+ * Add xmexample1 and xmexample2 to xen/doc/examples.
+
+ -- Adam Heath <doogie at brainfood.com> Wed, 26 Jan 2005 10:55:07 -0600
+
+xen (2.0.3-0) unstable; urgency=low
+
+ * New upstream. Closes: #280733.
+ * Repackaged from scratch.
+ * Using unreleased patch management system. See debian/README.build.
+ * After extracting the .dsc, there are no special steps needed
+ * Those wanting to change the source, use the normal procedures for
+ any package, including using interdiff(or other tool) to send a
+ patch to me or the bts.
+ * No longer try to do anything fancy with regard to the layout of the
+ built kernels. Now, only patches are distributed. Please make use of
+ the xen support in kernel-package.
+ * Early preview release to #debian-devel.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 25 Jan 2005 13:24:54 -0600
+
+xen (1.2-4.1) unstable; urgency=high
+
+ * NMU
+ * Remove gcc-3.2 from Build-Depends as isn't used during build
+ (Closes: #243048)
+
+ -- Frank Lichtenheld <djpig at debian.org> Sat, 21 Aug 2004 17:42:28 +0200
+
+xen (1.2-4) unstable; urgency=low
+
+ * Added xen-docs.README.Debian, which explains the kernel image layout,
+ and contains references on the locations differ from what is mentioned
+ by the upstream documentation. Closes: #230345.
+
+ -- Adam Heath <doogie at brainfood.com> Fri, 26 Mar 2004 17:36:41 -0600
+
+xen (1.2-3) unstable; urgency=low
+
+ * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
+ Build-Depends-Indep.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 23 Mar 2004 20:14:39 -0600
+
+xen (1.2-2) unstable; urgency=low
+
+ * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
+ * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
+ /usr/lib/kernels.
+ * Add kernel-patch-nfs-swap deb.
+ * Apply additional patches to kernel-image-xen:
+ * nfs-group
+ * nfs-swap
+
+ -- Adam Heath <doogie at brainfood.com> Thu, 04 Mar 2004 12:47:47 -0600
+
+xen (1.2-1) unstable; urgency=low
+
+ * Initial version.
+
+ -- Adam Heath <doogie at brainfood.com> Tue, 02 Mar 2004 13:21:52 -0600
diff --cc debian/patches/CVE-2015-2044.diff
index 0000000,0000000..ecd37ea
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2015-2044.diff
@@@ -1,0 -1,0 +1,75 @@@
++From 0006677db8fedebe3704ca229750bf9b23207768 Mon Sep 17 00:00:00 2001
++From: Jan Beulich <jbeulich at suse.com>
++Date: Thu, 5 Mar 2015 13:45:22 +0100
++Subject: x86/HVM: return all ones on wrong-sized reads of system device I/O
++ ports
++
++So far the value presented to the guest remained uninitialized.
++
++This is CVE-2015-2044 / XSA-121.
++
++Signed-off-by: Jan Beulich <jbeulich at suse.com>
++Acked-by: Ian Campbell <ian.campbell at citrix.com>
++master commit: c9e57594e1ba5da9d705dee9f00aa4e7e925963d
++master date: 2015-03-05 13:34:54 +0100
++
++(cherry picked from commit 9d699dde9f0b46cf55b2250fa13b5c402c45fc1e)
++
++Patch-Name: CVE-2015-2044.diff
++---
++ xen/arch/x86/hvm/i8254.c | 1 +
++ xen/arch/x86/hvm/pmtimer.c | 1 +
++ xen/arch/x86/hvm/rtc.c | 3 ++-
++ xen/arch/x86/hvm/vpic.c | 1 +
++ 4 files changed, 5 insertions(+), 1 deletion(-)
++
++diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c
++index f7493b8..e92424e 100644
++--- a/xen/arch/x86/hvm/i8254.c
+++++ b/xen/arch/x86/hvm/i8254.c
++@@ -477,6 +477,7 @@ static int handle_pit_io(
++ if ( bytes != 1 )
++ {
++ gdprintk(XENLOG_WARNING, "PIT bad access\n");
+++ *val = ~0;
++ return X86EMUL_OKAY;
++ }
++
++diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c
++index 01ae31d..6ad2797 100644
++--- a/xen/arch/x86/hvm/pmtimer.c
+++++ b/xen/arch/x86/hvm/pmtimer.c
++@@ -213,6 +213,7 @@ static int handle_pmt_io(
++ if ( bytes != 4 )
++ {
++ gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n");
+++ *val = ~0;
++ return X86EMUL_OKAY;
++ }
++
++diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c
++index 639b4c5..30270cb 100644
++--- a/xen/arch/x86/hvm/rtc.c
+++++ b/xen/arch/x86/hvm/rtc.c
++@@ -696,7 +696,8 @@ static int handle_rtc_io(
++
++ if ( bytes != 1 )
++ {
++- gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n");
+++ gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n");
+++ *val = ~0;
++ return X86EMUL_OKAY;
++ }
++
++diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c
++index fea3f68..6e4d422 100644
++--- a/xen/arch/x86/hvm/vpic.c
+++++ b/xen/arch/x86/hvm/vpic.c
++@@ -324,6 +324,7 @@ static int vpic_intercept_pic_io(
++ if ( bytes != 1 )
++ {
++ gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes);
+++ *val = ~0;
++ return X86EMUL_OKAY;
++ }
++
diff --cc debian/patches/CVE-2015-2045.diff
index 0000000,0000000..dd41719
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2015-2045.diff
@@@ -1,0 -1,0 +1,54 @@@
++From 1c0f5093a6bd646df4b8f3e4abe7190abf8579c7 Mon Sep 17 00:00:00 2001
++From: Aaron Adams <Aaron.Adams at nccgroup.com>
++Date: Thu, 5 Mar 2015 13:46:24 +0100
++Subject: pre-fill structures for certain HYPERVISOR_xen_version sub-ops
++
++... avoiding to pass hypervisor stack contents back to the caller
++through space unused by the respective strings.
++
++This is CVE-2015-2045 / XSA-122.
++
++Signed-off-by: Aaron Adams <Aaron.Adams at nccgroup.com>
++Acked-by: Jan Beulich <jbeulich at suse.com>
++Acked-by: Ian Campbell <ian.campbell at citrix.com>
++master commit: fe2e079f642effb3d24a6e1a7096ef26e691d93e
++master date: 2015-03-05 13:35:54 +0100
++
++(cherry picked from commit 40ab3d6b78a9f5a8a22bb333fdca0309e4a2fb4b)
++
++Patch-Name: CVE-2015-2045.diff
++---
++ xen/common/kernel.c | 6 ++++++
++ 1 file changed, 6 insertions(+)
++
++diff --git a/xen/common/kernel.c b/xen/common/kernel.c
++index 877d461..adc68a5 100644
++--- a/xen/common/kernel.c
+++++ b/xen/common/kernel.c
++@@ -233,6 +233,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
++ case XENVER_extraversion:
++ {
++ xen_extraversion_t extraversion;
+++
+++ memset(extraversion, 0, sizeof(extraversion));
++ safe_strcpy(extraversion, xen_extra_version());
++ if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
++ return -EFAULT;
++@@ -242,6 +244,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
++ case XENVER_compile_info:
++ {
++ struct xen_compile_info info;
+++
+++ memset(&info, 0, sizeof(info));
++ safe_strcpy(info.compiler, xen_compiler());
++ safe_strcpy(info.compile_by, xen_compile_system_maintainer_local());
++ safe_strcpy(info.compile_domain, xen_compile_system_maintainer_domain());
++@@ -277,6 +281,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
++ case XENVER_changeset:
++ {
++ xen_changeset_info_t chgset;
+++
+++ memset(chgset, 0, sizeof(chgset));
++ safe_strcpy(chgset, xen_changeset());
++ if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
++ return -EFAULT;
diff --cc debian/patches/CVE-2015-2151.diff
index 0000000,0000000..1a31030
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2015-2151.diff
@@@ -1,0 -1,0 +1,38 @@@
++From c6e14813d790bbf6c9400466ff17c4b9d6abee8e Mon Sep 17 00:00:00 2001
++From: Jan Beulich <jbeulich at suse.com>
++Date: Tue, 10 Mar 2015 13:58:00 +0100
++Subject: x86emul: fully ignore segment override for register-only operations
++
++For ModRM encoded instructions with register operands we must not
++overwrite ea.mem.seg (if a - bogus in that case - segment override was
++present) as it aliases with ea.reg.
++
++This is CVE-2015-2151 / XSA-123.
++
++Reported-by: Felix Wilhelm <fwilhelm at ernw.de>
++Signed-off-by: Jan Beulich <jbeulich at suse.com>
++Reviewed-by: Tim Deegan <tim at xen.org>
++Reviewed-by: Keir Fraser <keir at xen.org>
++master commit: bcf92a5382b75fd964c1f8678b2d9a3abe6dec39
++master date: 2015-03-10 13:45:51 +0100
++
++(cherry picked from commit 4cefc72fc883945dcc71c877ceab779f16e52e76)
++
++Patch-Name: CVE-2015-2151.diff
++---
++ xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
++index 25571c6..9ebff22 100644
++--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++++ b/xen/arch/x86/x86_emulate/x86_emulate.c
++@@ -1641,7 +1641,7 @@ x86_emulate(
++ }
++ }
++
++- if ( override_seg != -1 )
+++ if ( override_seg != -1 && ea.type == OP_MEM )
++ ea.mem.seg = override_seg;
++
++ /* Early operand adjustments. */
diff --cc debian/patches/series
index e319b13,0000000..3b2434a
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,50 -1,0 +1,53 @@@
+0001-version.patch
+0002-config-prefix.diff.patch
+0003-tools-libfsimage-abiname.diff.patch
+0004-tools-libxc-abiname.diff.patch
+0005-tools-libxl-abiname.diff.patch
+0006-tools-xenstat-abiname.diff.patch
+0007-tools-rpath.diff.patch
+0008-tools-blktap2-prefix.diff.patch
+0009-tools-console-prefix.diff.patch
+0010-tools-libfsimage-prefix.diff.patch
+0011-tools-libxl-prefix.diff.patch
+0012-tools-misc-prefix.diff.patch
+0013-tools-pygrub-prefix.diff.patch
+0014-tools-python-prefix.diff.patch
+0015-tools-xcutils-rpath.diff.patch
+0016-tools-xenmon-prefix.diff.patch
+0017-tools-xenpaging-prefix.diff.patch
+0018-tools-xenstat-prefix.diff.patch
+0019-tools-xenstore-prefix.diff.patch
+0020-tools-xentrace-prefix.diff.patch
+0021-tools-python-xen-relative-path.diff.patch
+0022-tools-misc-xend-startup.diff.patch
+0023-tools-disable.diff.patch
+0024-tools-examples-xend-disable-network.diff.patch
+0025-tools-examples-xend-disable-relocation.diff.patch
+0026-tools-pygrub-remove-static-solaris-support.patch
+0027-tools-include-install.diff.patch
+0028-tools-xenmon-install.diff.patch
+0029-tools-hotplug-udevrules.diff.patch
+0030-tools-python-shebang.diff.patch
+0031-tools-xenstore-compatibility.diff.patch
+0032-send-xl-coredumps-var-lib-xen-dump-NAME.patch
+0033-evtchn-check-control-block-exists-when-using-FIFO-ba.patch
+0034-x86-shadow-fix-race-condition-sampling-the-dirty-vra.patch
+0035-x86-emulate-check-cpl-for-all-privileged-instruction.patch
+0036-x86emul-only-emulate-software-interrupt-injection-fo.patch
+0037-x86-HVM-properly-bound-x2APIC-MSR-range.patch
+0038-VT-d-suppress-UR-signaling-for-further-desktop-chips.patch
+0039-x86-paging-make-log-dirty-operations-preemptible.patch
+0040-x86-don-t-allow-page-table-updates-on-non-PV-page-ta.patch
+0041-x86emul-enforce-privilege-level-restrictions-when-lo.patch
+0042-x86-mm-fix-a-reference-counting-error-in-MMU_MACHPHY.patch
+0043-tools-libxl-do-not-overrun-input-buffer-in-libxl__pa.patch
+0044-x86-limit-checks-in-hypercall_xlat_continuation-to-a.patch
+0045-x86-HVM-confine-internally-handled-MMIO-to-solitary-.patch
+0046-libxc-don-t-leak-buffer-containing-the-uncompressed-.patch
+0047-tools-libxl-do-not-leak-diskpath-during-local-disk-a.patch
+CVE-2014-9065.diff
+CVE-2015-0361.diff
+CVE-2015-1563.diff
++CVE-2015-2044.diff
++CVE-2015-2045.diff
++CVE-2015-2151.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list