| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: xen-libs | Distribution: SUSE Linux Enterprise 15 |
| Version: 4.17.0_06 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150500.1.10 | Build date: Wed May 17 16:41:36 2023 |
| Group: System/Kernel | Build host: sheep22 |
| Size: 1771864 | Source RPM: xen-4.17.0_06-150500.1.10.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ | |
| Summary: Xen Virtualization: Libraries | |
Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
This package contains the libraries used to interact with the Xen
virtual machine monitor.
In addition to this package you need to install xen and xen-tools
to use Xen.
Authors:
--------
Ian Pratt <ian.pratt@cl.cam.ac.uk>
GPL-2.0-only
* Tue Mar 07 2023 carnold@suse.com
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
* Wed Feb 15 2023 carnold@suse.com
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
Address Predictions (XSA-426)
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
* Thu Feb 09 2023 carnold@suse.com
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
SLES15 SP4 xen kernel.
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
* Mon Feb 06 2023 jbeulich@suse.com
- bsc#1026236 - tidy/modernize patch
xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Feb 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch ->
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
* Wed Jan 25 2023 carnold@suse.com
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch
* Tue Dec 20 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03e28-x86-high-freq-TSC-overflow.patch
* Thu Dec 08 2022 carnold@suse.com
- Update to Xen 4.17.0 FCS release (jsc#PED-1858)
xen-4.17.0-testing-src.tar.bz2
* On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
* The "gnttab" option now has a new command line sub-option for disabling the
GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C,
added MISRA-C checker build integration, and defined how to document
deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
when they don't share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own
protection. Both Shadow Stacks (ROP protection) and Indirect Branch
Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically
booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at
domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line
option on Arm.
* Grant-table support on Arm was improved and hardened by implementing
"simplified M2P-like approach for the xenheap pages"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
- Drop patches contained in new tarball or invalid
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
631b5ba6-gnttab-acquire-resource-vaddrs.patch
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
634561f1-x86emul-respect-NSCB.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
xsa412.patch
xsa414.patch
xsa415.patch
xsa416.patch
xsa417.patch
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
xsa418-07.patch
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
xsa421-01.patch
xsa421-02.patch
* Fri Oct 28 2022 carnold@suse.com
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
(XSA-376)
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
* Tue Oct 25 2022 jbeulich@suse.com
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
for 2nd-level page tables on ARM systems (XSA-409)
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
631b5ba6-gnttab-acquire-resource-vaddrs.patch
634561f1-x86emul-respect-NSCB.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
* Wed Oct 19 2022 carnold@suse.com
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
crash xenstored (XSA-414)
xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
create orphaned Xenstore nodes (XSA-415)
xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
cause Xenstore to not free temporary memory (XSA-416)
xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
get access to Xenstore nodes of deleted domains (XSA-417)
xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
crash xenstored via exhausting the stack (XSA-418)
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
xsa418-07.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
Xenstore: cooperating guests can create arbitrary numbers of
nodes (XSA-419)
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
Xenstore: Guests can create arbitray number of nodes via
transactions (XSA-421)
xsa421-01.patch
xsa421-02.patch
* Wed Oct 19 2022 carnold@suse.com
- bsc#1204483 - VUL-0: CVE-2022-42327: xen: x86: unintended memory
sharing between guests (XSA-412)
xsa412.patch
* Wed Sep 28 2022 carnold@suse.com
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
* Mon Aug 29 2022 carnold@suse.com
- bsc#1201994 - Xen DomU unable to emulate audio device
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
* Tue Aug 23 2022 carnold@suse.com
- Things are compiling fine now with gcc12.
Drop gcc12-fixes.patch
* Thu Aug 18 2022 carnold@suse.com
- Update to Xen 4.16.2 bug fix release (bsc#1027519)
xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
62a99614-IOMMU-x86-gcc12.patch
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
xsa408.patch
* Thu Jul 28 2022 ohering@suse.de
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
* Wed Jul 13 2022 carnold@suse.com
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
* Wed Jul 13 2022 jbeulich@suse.com
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue Jul 12 2022 carnold@suse.com
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
* Tue Jun 28 2022 schubi@suse.com
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 jbeulich@suse.com
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch
* Tue May 31 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue May 10 2022 dmueller@suse.com
- fix python3 >= 3.10 version detection
* Wed Apr 13 2022 carnold@suse.com
- Update to Xen 4.16.1 bug fix release (bsc#1027519)
xen-4.16.1-testing-src.tar.bz2
- Drop patches contained in new tarball
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
* Fri Apr 08 2022 jbeulich@suse.com
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
* Mon Apr 04 2022 carnold@suse.com
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
* Mon Mar 14 2022 jbeulich@suse.com
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
* Thu Mar 03 2022 carnold@suse.com
- bsc#1196545 - GCC 12: xen package fails
gcc12-fixes.patch
* Mon Feb 14 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Drop patches replaced by the above:
xsa393.patch
xsa394.patch
xsa395.patch
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Thu Jan 13 2022 carnold@suse.com
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
* Wed Jan 12 2022 carnold@suse.com
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Tue Jan 11 2022 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Drop libxl-PCI-defer-backend-wait.patch
* Thu Jan 06 2022 jbeulich@suse.com
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
* Tue Jan 04 2022 jfehlig@suse.com
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
* Mon Jan 03 2022 carnold@suse.com
- Now that the ovmf package has been updated, reset the configure
script to use ovmf-x86_64-xen-4m.bin from ovmf-x86_64-ms.bin
References bsc#1194105, bsc#1193274
xen.spec
* Thu Dec 09 2021 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-PCI-defer-backend-wait.patch
* Wed Dec 01 2021 carnold@suse.com
- Update to Xen 4.16.0 FCS release
xen-4.16.0-testing-src.tar.bz2
* Miscellaneous fixes to the TPM manager software in preparation
for TPM 2.0 support.
* Increased reliance on the PV shim as 32-bit PV guests will only
be supported in shim mode going forward. This change reduces
the attack surface in the hypervisor.
* Increased hardware support by allowing Xen to boot on Intel
devices that lack a Programmable Interval Timer.
* Cleanup of legacy components by no longer building QEMU
Traditional or PV-Grub by default. Note both projects have
upstream Xen support merged now, so it is no longer recommended
to use the Xen specific forks.
* Initial support for guest virtualized Performance Monitor
Counters on Arm.
* Improved support for dom0less mode by allowing the usage on
Arm 64bit hardware with EFI firmware.
* Improved support for Arm 64-bit heterogeneous systems by
leveling the CPU features across all to improve big.LITTLE
support.
- bsc#1193274 - [Build67.2][Xen][uefi] xen fullvirt uefi guest can
not be created with default 'type=plash' in virt-manager
xen.spec
* Thu Nov 18 2021 carnold@suse.com
- Update to Xen 4.16.0 RC4 release (jsc#SLE-18467)
xen-4.16.0-testing-src.tar.bz2
* Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
* Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
* Xenstored and oxenstored both now support LiveUpdate (tech preview).
* Unified boot images
* Switched x86 MSR accesses to deny by default policy.
* Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
* Support for zstd-compressed dom0 (x86) and domU kernels.
* Reduce ACPI verbosity by default.
* Add ucode=allow-same option to test late microcode loading path.
* Library improvements from NetBSD ports upstreamed.
* x86: Allow domains to use AVX-VNNI instructions.
* Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
* xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
* On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
* Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Drop iPXE sources and patches. iPXE is only used by QEMU
traditional which has never shipped with SLE15.
ipxe.tar.bz2
ipxe-enable-nics.patch
ipxe-no-error-logical-not-parentheses.patch
ipxe-use-rpm-opt-flags.patch
- Drop building ocaml xenstored in the spec file. There are no
plans or need to support this version.
- Drop patches contained in new tarball or no longer required
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
61001231-x86-work-around-GNU-ld-2-37-issue.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6126339d-AMD-IOMMU-global-ER-extending.patch
6126344f-AMD-IOMMU-unity-map-handling.patch
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
6126349a-AMD-IOMMU-rearrange-reassignment.patch
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
612634c3-x86-p2m-introduce-p2m_is_special.patch
612634dc-x86-p2m-guard-identity-mappings.patch
612634f4-x86-mm-widen-locked-region-in-xatp1.patch
6126350a-gnttab-release-mappings-preemption.patch
6126351f-gnttab-replace-mapkind.patch
6126353d-gnttab-get-status-frames-array-capacity.patch
61263553-Arm-restrict-maxmem-for-dom0less.patch
6128a856-gnttab-radix-tree-node-init.patch
init.xen_loop
libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
libxc-bitmap-longs.patch
libxc.migrate_tracking.patch
libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
libxc-sr-add-xc_is_known_page_type.patch
libxc-sr-arrays.patch
libxc-sr-batch_pfns.patch
libxc-sr-page_type_has_stream_data.patch
libxc.sr.superpage.patch
libxc-sr-use-xc_is_known_page_type.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl.fix-libacpi-dependency.patch
libxl-qemu6-scsi.patch
libxl-qemu6-vnc-password.patch
libxl.set-migration-constraints-from-cmdline.patch
reproducible.patch
stubdom-have-iovec.patch
x86-cpufreq-report.patch
xenstore-launch.patch
xenwatchdogd-options.patch
xsa384.patch
* Tue Sep 07 2021 carnold@suse.com
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
XENMAPSPACE_grant_table handling (XSA-384)
xsa384.patch
- Upstream bug fixes (bsc#1027519)
61001231-x86-work-around-GNU-ld-2-37-issue.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6128a856-gnttab-radix-tree-node-init.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces
credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch)
6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch
6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)
* Mon Aug 30 2021 ohering@suse.de
- bsc#1189882 - refresh libxc.sr.superpage.patch
prevent superpage allocation in the LAPIC and ACPI_INFO range
* Thu Aug 19 2021 carnold@suse.com
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
xsa378-1.patch
xsa378-2.patch
xsa378-3.patch
xsa378-4.patch
xsa378-5.patch
xsa378-6.patch
xsa378-7.patch
xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
pages may remain accessible after de-allocation. (XSA-379)
xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
grant table handling. (XSA-380)
xsa380-1.patch
xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
status frames array bounds check. (XSA-382)
xsa382.patch
- bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory
limit for dom0less domUs. (XSA-383)
xsa383.patch
* Fri Aug 06 2021 carnold@suse.com
- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster
See also bsc#1179246.
credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch
* Wed Aug 04 2021 carnold@suse.com
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
* Fri Jul 23 2021 ohering@suse.de
- refresh the migration patches to state v20210713
removed libxc-sr-add-xc_is_known_page_type.patch
removed libxc-sr-arrays.patch
removed libxc-sr-batch_pfns.patch
removed libxc-sr-page_type_has_stream_data.patch
removed libxc-sr-use-xc_is_known_page_type.patch
removed libxc.migrate_tracking.patch
removed libxc.sr.superpage.patch
removed libxl.set-migration-constraints-from-cmdline.patch
added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch
added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch
added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch
added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch
added libxc-sr-abort_if_busy.patch
added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch
added libxc-sr-max_iters.patch
added libxc-sr-min_remaining.patch
added libxc-sr-number-of-iterations.patch
added libxc-sr-precopy_policy.patch
added libxc-sr-restore-hvm-legacy-superpage.patch
added libxc-sr-track-migration-time.patch
added libxc-sr-xg_sr_bitmap-populated_pfns.patch
added libxc-sr-xg_sr_bitmap.patch
added libxc-sr-xl-migration-debug.patch
* Wed Jul 21 2021 ohering@suse.de
- bsc#1176189 - xl monitoring process exits during xl save -p|-c
keep the monitoring process running to cleanup the domU during shutdown
xl-save-pc.patch
* Tue Jul 13 2021 jbeulich@suse.com
- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- Dropped gcc11-fixes.patch
* Tue Jul 06 2021 carnold@suse.com
- bsc#1183243 - L3: Core cannot be opened when using xl dump-core
of VM with PTF
60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
* Tue Jun 29 2021 ohering@suse.de
- bsc#1180350 - some long deprecated commands were finally removed
in qemu6. Adjust libxl to use supported commands.
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl-qemu6-vnc-password.patch
libxl-qemu6-scsi.patch
* Tue Jun 22 2021 ohering@suse.de
- Update logrotate.conf, move global options into per-file sections
to prevent globbering of global state (bsc#1187406)
* Mon Jun 07 2021 ohering@suse.de
- Fix shell macro expansion in xen.spec, so that ExecStart=
in xendomains-wait-disks.service is created correctly (bsc#1183877)
* Tue Jun 01 2021 jbeulich@suse.com
- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules
are not scrubbed (XSA-372)
xsa372-1.patch
xsa372-2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
timeout detection / handling (XSA-373)
xsa373-1.patch
xsa373-2.patch
xsa373-3.patch
xsa373-4.patch
xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
Bypass (XSA-375)
xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
protections not restored after S3 (XSA-377)
xsa377.patch
- Upstream bug fixes (bsc#1027519)
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
* Thu May 06 2021 carnold@suse.com
- Upstream bug fix (bsc#1027519)
608676f2-VT-d-register-based-invalidation-optional.patch
* Tue May 04 2021 ohering@suse.de
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
* Tue May 04 2021 ohering@suse.de
- Refresh xenstore-launch.patch to cover also daemon case
* Thu Apr 29 2021 carnold@suse.com
- Update to Xen 4.14.2 bug fix release (bsc#1027519)
xen-4.14.2-testing-src.tar.bz2
- Drop patches contained in new tarball
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6011bbc7-x86-timer-fix-boot-without-PIT.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
* Mon Apr 19 2021 carnold@suse.com
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
- Upstream bug fixes (bsc#1027519)
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
* Thu Mar 25 2021 ohering@suse.de
- bsc#1137251 - Restore changes for xen-dom0-modules.service which
were silently removed on 2019-10-17
* Fri Mar 12 2021 ohering@suse.de
- bsc#1177112 - Fix libxc.sr.superpage.patch
The receiving side did detect holes in a to-be-allocated superpage,
but allocated a superpage anyway. This resulted to over-allocation.
* Mon Mar 08 2021 ohering@suse.de
- bsc#1167608 - adjust limit for max_event_channels
A previous change allowed an unbound number of event channels
to make sure even large domUs can start of of the box.
This may have a bad side effect in the light of XSA-344.
Adjust the built-in limit based on the number of vcpus.
In case this is not enough, max_event_channels=/maxEventChannels=
has to be used to set the limit as needed for large domUs
adjust libxl.max_event_channels.patch
* Fri Mar 05 2021 carnold@suse.com
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
toolstack (XSA-368). Also resolves,
bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
bsc#1181989 - openQA job causes libvirtd to dump core when
running kdump inside domain
xsa368.patch
* Fri Feb 26 2021 jbeulich@suse.com
- bsc#1177204 - L3-Question: conring size for XEN HV's with huge
memory to small. Inital Xen logs cut
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
- Upstream bug fixes (bsc#1027519)
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch
* Tue Feb 23 2021 carnold@suse.com
- bsc#1182576 - L3: XEN domU crashed on resume when using the xl
unpause command
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
* Thu Feb 18 2021 carnold@suse.com
- Start using the %autosetup macro to simplify patch management
xen.spec
* Wed Feb 10 2021 carnold@suse.com
- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch
- Drop gcc10-fixes.patch
* Tue Feb 02 2021 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
6011bbc7-x86-timer-fix-boot-without-PIT.patch
* Thu Jan 21 2021 carnold@suse.com
- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
xsa360.patch
* Wed Jan 13 2021 carnold@suse.com
- bsc#1180794 - bogus qemu binary path used when creating fv guest
under xen
xen.spec
* Wed Jan 13 2021 carnold@suse.com
- bsc#1180690 - L3-Question: xen: no needsreboot flag set
Add Provides: installhint(reboot-needed) in xen.spec for libzypp
* Mon Jan 04 2021 ohering@suse.de
- Update libxl.set-migration-constraints-from-cmdline.patch
Remove code which handled --max_factor. The total amount of
transferred data is no indicator to trigger the final stop+copy.
This should have been removed during upgrade to Xen 4.7.
Fix off-by-one in --max_iters, it caused one additional copy cycle.
Reduce default value of --max_iters from 5 to 2.
The workload within domU will continue to produce dirty pages.
It is unreasonable to expect any slowdown during migration.
Now there is one initial copy of all memory, one instead of four
iteration for dirty memory, and a final copy iteration prior move.
* Thu Dec 17 2020 carnold@suse.com
- Update to Xen 4.14.1 bug fix release (bsc#1027519)
xen-4.14.1-testing-src.tar.bz2
Contains the following recent security fixes
bsc#1179516 XSA-359 - CVE-2020-29571
bsc#1179514 XSA-358 - CVE-2020-29570
bsc#1179513 XSA-356 - CVE-2020-29567
bsc#1178963 XSA-355 - CVE-2020-29040
bsc#1178591 XSA-351 - CVE-2020-28368
bsc#1179506 XSA-348 - CVE-2020-29566
bsc#1179502 XSA-325 - CVE-2020-29483
bsc#1179501 XSA-324 - CVE-2020-29484
bsc#1179498 XSA-322 - CVE-2020-29481
bsc#1179496 XSA-115 - CVE-2020-29480
- Dropped patches contained in new tarball
5f1a9916-x86-S3-put-data-sregs-into-known-state.patch
5f21b9fd-x86-cpuid-APIC-bit-clearing.patch
5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch
5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch
5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch
5f560c42-x86-PV-64bit-segbase-consistency.patch
5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch
5f5b6b7a-hypfs-fix-custom-param-writes.patch
5f607915-x86-HVM-more-consistent-IO-completion.patch
5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch
5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch
5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch
5f6a008e-x86-MSI-drop-read_msi_msg.patch
5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch
5f6a00c4-evtchn-relax-port_is_valid.patch
5f6a00df-x86-PV-avoid-double-exception-injection.patch
5f6a00f4-evtchn-add-missing-barriers.patch
5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch
5f6a013f-evtchn_reset-shouldnt-succeed-with.patch
5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch
5f6a0178-evtchn-address-races-with-evtchn_reset.patch
5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch
5f6a01c6-evtchn-preempt-in-evtchn_reset.patch
5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch
5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch
5f71a21e-x86-S3-fix-shadow-stack-resume.patch
5f76ca65-evtchn-Flask-prealloc-for-send.patch
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5f897c25-x86-traps-fix-read_registers-for-DF.patch
5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch
5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch
5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch
5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch
5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch
5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch
5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch
5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch
5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch
xsa286-1.patch
xsa286-2.patch
xsa286-3.patch
xsa286-4.patch
xsa286-5.patch
xsa286-6.patch
xsa351-1.patch
xsa351-2.patch
xsa351-3.patch
xsa355.patch
* Wed Dec 16 2020 ohering@suse.de
- Pass --with-rundir to configure to get rid of /var/run
* Tue Dec 15 2020 ohering@suse.de
- bsc#1178736 - allow restart of xenwatchdogd, enable tuning of
keep-alive interval and timeout options via XENWATCHDOGD_ARGS=
add xenwatchdogd-options.patch
add xenwatchdogd-restart.patch
* Tue Dec 15 2020 ohering@suse.de
- bsc#1177112 - Fix libxc.sr.superpage.patch
The receiving side may punch holes incorrectly into optimistically
allocated superpages. Also reduce overhead in bitmap handling.
add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
add libxc-bitmap-long.patch
add libxc-bitmap-longs.patch
* Mon Dec 14 2020 carnold@suse.com
- boo#1029961 - Move files in xen-tools-domU to /usr/bin from /bin
xen-destdir.patch
Drop tmp_build.patch
* Fri Dec 04 2020 carnold@suse.com
- bsc#1176782 - L3: xl dump-core shows missing nr_pages during
core. If maxmem and current are the same the issue doesn't happen
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
* Fri Nov 20 2020 carnold@suse.com
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change
(XSA-355)
xsa355.patch
* Fri Nov 20 2020 ohering@suse.de
- Fix build error with libxl.fix-libacpi-dependency.patch
* Fri Nov 20 2020 ohering@suse.de
- Enhance libxc.migrate_tracking.patch
Hide SUSEINFO messages from pause/unpause/resume from xl command.
They are intended for libvirt logging, but lacked info about
execution context.
Remove extra logging about dirty pages in each iteration, the
number of transferred pages + protocol overhead is already
reported elsewhere.
* Fri Nov 20 2020 ohering@suse.de
- Remove libxl.libxl__domain_pvcontrol.patch
It is already part of 4.14.0-rc1
* Tue Nov 10 2020 carnold@suse.com
- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel
attack aka PLATYPUS attack aka XSA-351
xsa351-1.patch
xsa351-2.patch
xsa351-3.patch
* Mon Nov 02 2020 ohering@suse.de
- bsc#1177950 - adjust help for --max_iters, default is 5
libxl.set-migration-constraints-from-cmdline.patch
* Fri Oct 30 2020 ohering@suse.de
- jsc#SLE-16899 - improve performance of live migration
remove allocations and memcpy from hotpaths on sending and
receiving side to get more throughput on 10Gbs+ connections
libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
libxc-sr-add-xc_is_known_page_type.patch
libxc-sr-arrays.patch
libxc-sr-batch_pfns.patch
libxc-sr-page_type_has_stream_data.patch
libxc-sr-readv_exact.patch
libxc-sr-restore-handle_buffered_page_data.patch
libxc-sr-restore-handle_incoming_page_data.patch
libxc-sr-restore-map_errs.patch
libxc-sr-restore-mfns.patch
libxc-sr-restore-pfns.patch
libxc-sr-restore-populate_pfns-mfns.patch
libxc-sr-restore-populate_pfns-pfns.patch
libxc-sr-restore-read_record.patch
libxc-sr-restore-types.patch
libxc-sr-save-errors.patch
libxc-sr-save-guest_data.patch
libxc-sr-save-iov.patch
libxc-sr-save-local_pages.patch
libxc-sr-save-mfns.patch
libxc-sr-save-rec_pfns.patch
libxc-sr-save-show_transfer_rate.patch
libxc-sr-save-types.patch
libxc-sr-use-xc_is_known_page_type.patch
adjust libxc.sr.superpage.patch
adjust libxc.migrate_tracking.patch
* Wed Oct 21 2020 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch
5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch
5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch
5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch
5f5b6b7a-hypfs-fix-custom-param-writes.patch
5f607915-x86-HVM-more-consistent-IO-completion.patch
5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch
5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch
5f71a21e-x86-S3-fix-shadow-stack-resume.patch
5f76ca65-evtchn-Flask-prealloc-for-send.patch
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5f897c25-x86-traps-fix-read_registers-for-DF.patch
5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch
- Renamed patches
5f560c42-x86-PV-64bit-segbase-consistency.patch
Replaces 5f5b6951-x86-PV-64bit-segbase-consistency.patch
5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch
Replaces 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch
5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch
Replaces 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch
5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch
Replaces 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch
5f6a008e-x86-MSI-drop-read_msi_msg.patch
Replaces 5f6a05fa-msi-get-rid-of-read_msi_msg.patch
5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch
Replaces 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch
5f6a00c4-evtchn-relax-port_is_valid.patch
Replaces 5f6a062c-evtchn-relax-port_is_valid.patch
5f6a00df-x86-PV-avoid-double-exception-injection.patch
Replaces 5f6a065c-pv-Avoid-double-exception-injection.patch
5f6a00f4-evtchn-add-missing-barriers.patch
Replaces 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch
5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch
Replaces 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch
5f6a013f-evtchn_reset-shouldnt-succeed-with.patch
Replaces 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch
5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch
Replaces 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch
5f6a0178-evtchn-address-races-with-evtchn_reset.patch
Replaces 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch
5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch
Replaces 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch
5f6a01c6-evtchn-preempt-in-evtchn_reset.patch
Replaces 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch
* Tue Oct 13 2020 carnold@suse.com
- bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest
INVLPG-like flushes may leave stale TLB entries (XSA-286)
xsa286-1.patch
xsa286-2.patch
xsa286-3.patch
xsa286-4.patch
xsa286-5.patch
xsa286-6.patch
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen
mapping code (XSA-345)
5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch
5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch
5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU
TLB flushes (XSA-346)
5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch
5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page
table updates (XSA-347)
5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch
5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch
5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch
* Mon Oct 12 2020 ohering@suse.de
- Update libxc.sr.superpage.patch
set errno in x86_hvm_alloc_4k (bsc#1177112)
* Tue Sep 22 2020 carnold@suse.com
- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when
handling guest access to MSR_MISC_ENABLE (XSA-333)
5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch
- bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in
XENMEM_acquire_resource error path (XSA-334)
5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch
- bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating
timers between x86 HVM vCPU-s (XSA-336)
5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch
- bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code
reading back hardware registers (XSA-337)
5f6a05fa-msi-get-rid-of-read_msi_msg.patch
5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch
- bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event
channels may not turn invalid (XSA-338)
5f6a062c-evtchn-relax-port_is_valid.patch
- bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel
DoS via SYSENTER (XSA-339)
5f6a065c-pv-Avoid-double-exception-injection.patch
- bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier
barriers when accessing/allocating an event channel (XSA-340)
5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch
- bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event
channels available to 32-bit x86 domains (XSA-342)
5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch
- bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with
evtchn_reset() (XSA-343)
5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch
5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch
5f6a06f2-evtchn-address-races-with-evtchn_reset.patch
- bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in
evtchn_reset() / evtchn_destroy() (XSA-344)
5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch
5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch
- Upstream bug fix (bsc#1027519)
5f5b6951-x86-PV-64bit-segbase-consistency.patch
* Mon Sep 21 2020 carnold@suse.com
- Fix problems in xen.spec with building on aarch64
* Fri Sep 18 2020 carnold@suse.com
- Make use of %service_del_postun_without_restart while preserving
the old behavior for older distros.
- In %post tools, remove unnecessary qemu symlinks.
* Thu Sep 17 2020 ohering@suse.de
- Fix error in xen-tools %post when linking pvgrub64.bin
- Make paths below libexec more explicit
- Create symlink also for pvgrub32.bin
* Fri Sep 11 2020 ohering@suse.de
- Revert previous libexec change for qemu compat wrapper
The path is used in existing domU.xml files in the emulator field
- Escape some % chars in xen.spec, they have to appear verbatim
* Wed Sep 09 2020 ohering@suse.de
- Enhance libxc.migrate_tracking.patch
Print number of allocated pages on sending side, this is more
accurate than p2m_size.
* Wed Sep 02 2020 carnold@suse.com
- jsc#SLE-15926 - Dev: XEN: drop netware support
Dropped the following patches
pygrub-netware-xnloader.patch
xnloader.py
Refreshed pygrub-boot-legacy-sles.patch
* Tue Sep 01 2020 guillaume.gardet@opensuse.org
- Fix build on aarch64 with gcc10
- Package xenhypfs for aarch64
* Wed Aug 05 2020 callumjfarmer13@gmail.com
- Correct license name
* GPL-3.0+ is now GPL-3.0-or-later
* Mon Aug 03 2020 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5f1a9916-x86-S3-put-data-sregs-into-known-state.patch
5f21b9fd-x86-cpuid-APIC-bit-clearing.patch
* Fri Jul 24 2020 carnold@suse.com
- Update to Xen 4.14.0 FCS release
xen-4.14.0-testing-src.tar.bz2
* Linux stubdomains (contributed by QUBES OS)
* Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix)
* Lightweight VM fork for fuzzing / introspection. (contributed by Intel)
* Livepatch: buildid and hotpatch stack requirements
* CONFIG_PV32
* Hypervisor FS support
* Running Xen as a Hyper-V Guest
* Domain ID randomization, persistence across save / restore
* Golang binding autogeneration
* KDD support for Windows 7, 8.x and 10
- Dropped patches contained in new tarball
5eb51be6-cpupool-fix-removing-cpu-from-pool.patch
5eb51caa-sched-vcpu-pause-flags-atomic.patch
5ec2a760-x86-determine-MXCSR-mask-always.patch
5ec50b05-x86-idle-rework-C6-EOI-workaround.patch
5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch
5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch
5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch
5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch
5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch
5ed69804-x86-ucode-fix-start-end-update.patch
5eda60cb-SVM-split-recalc-NPT-fault-handling.patch
5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch
5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch
5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch
5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch
xsa317.patch
xsa319.patch
xsa321-1.patch
xsa321-2.patch
xsa321-3.patch
xsa321-4.patch
xsa321-5.patch
xsa321-6.patch
xsa321-7.patch
xsa328-1.patch
xsa328-2.patch
* Thu Jul 23 2020 carnold@suse.com
- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to
attach on next reboot while it should be live attached
ignore-ip-command-script-errors.patch
* Fri Jul 17 2020 ohering@suse.de
- Enhance libxc.migrate_tracking.patch
After transfer of domU memory, the target host has to assemble
the backend devices. Track the time prior xc_domain_unpause.
* Tue Jun 30 2020 ohering@suse.de
- Add libxc.migrate_tracking.patch to track live migrations
unconditionally in logfiles, especially in libvirt.
This will track how long a domU was suspended during transit.
* Mon Jun 29 2020 carnold@suse.com
- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect
error handling in event channel port allocation
xsa317.patch
- bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code
paths in x86 dirty VRAM tracking
xsa319.patch
- bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient
cache write- back under VT-d
xsa321-1.patch
xsa321-2.patch
xsa321-3.patch
xsa321-4.patch
xsa321-5.patch
xsa321-6.patch
xsa321-7.patch
- bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic
modification of live EPT PTE
xsa328-1.patch
xsa328-2.patch
* Mon Jun 22 2020 carnold@suse.com
- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer
Data Sampling (SRBDS) aka "CrossTalk" (XSA-320)
5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch
5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch)
5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch)
- Upstream bug fixes (bsc#1027519)
5ec50b05-x86-idle-rework-C6-EOI-workaround.patch
5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch
5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch
5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch
5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch
5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch
5ed69804-x86-ucode-fix-start-end-update.patch
5eda60cb-SVM-split-recalc-NPT-fault-handling.patch
5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch
* Fri Jun 05 2020 callumjfarmer13@gmail.com
- Fixes for %_libexecdir changing to /usr/libexec
* Thu May 28 2020 carnold@suse.com
- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer
Data Sampling (SRBDS) aka "CrossTalk" (XSA-320)
xsa320-1.patch
xsa320-2.patch
* Mon May 18 2020 carnold@suse.com
- Update to Xen 4.13.1 bug fix release (bsc#1027519)
xen-4.13.1-testing-src.tar.bz2
5eb51be6-cpupool-fix-removing-cpu-from-pool.patch
5eb51caa-sched-vcpu-pause-flags-atomic.patch
5ec2a760-x86-determine-MXCSR-mask-always.patch
- Drop patches contained in new tarball
5de65f84-gnttab-map-always-do-IOMMU-part.patch
5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch
5e15e03d-sched-fix-S3-resume-with-smt=0.patch
5e16fb6a-x86-clear-per-cpu-stub-page-info.patch
5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch
5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch
5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch
5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch
5e318cd4-x86-apic-fix-disabling-LVT0.patch
5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch
5e3bd385-EFI-recheck-variable-name-strings.patch
5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch
5e3bd3f8-xmalloc-guard-against-overflow.patch
5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch
5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch
5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch
5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch
5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch
5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch
5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch
5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch
5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch
5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch
5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch
5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch
5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch
5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch
5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch
5e86f7fd-credit2-fix-credit-too-few-resets.patch
5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch
5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch
5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch
5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch
5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch
5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch
* Wed May 13 2020 jfehlig@suse.com
- spec: Remove invocation of autogen.sh
- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares
* Wed May 13 2020 carnold@suse.com
- bsc#1170968 - GCC 10: xen build fails on i586
gcc10-fixes.patch
* Tue Apr 14 2020 carnold@suse.com
- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation
handling in GNTTABOP_copy (XSA-318)
5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch
* Mon Apr 06 2020 carnold@suse.com
- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313
multiple xenoprof issues
5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch
5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch
- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing
memory barriers in read-write unlock paths
5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch
- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error
path in GNTTABOP_map_grant
5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch
- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core
analyzed
5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch
- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch
5e86f7fd-credit2-fix-credit-too-few-resets.patch
- Drop for upstream solution (bsc#1165206)
01-xen-credit2-avoid-vcpus-to.patch
default-to-credit1-scheduler.patch
- Upstream bug fixes (bsc#1027519)
5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch
5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch
5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch
5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch
5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch
5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch
5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch
5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch
5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch
5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch
* Wed Mar 25 2020 ohering@suse.de
- bsc#1167608 - unbound limit for max_event_channels
domUs with many vcpus and/or resources fail to start
libxl.max_event_channels.patch
* Wed Mar 18 2020 ohering@suse.de
- bsc#1161480 - Fix xl shutdown for HVM without PV drivers
add libxl.libxl__domain_pvcontrol.patch
* Thu Mar 12 2020 carnold@suse.com
- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
01-xen-credit2-avoid-vcpus-to.patch
* Tue Mar 10 2020 carnold@suse.com
- bsc#1158414 - GCC 10: xen build fails
gcc10-fixes.patch
* Wed Mar 04 2020 carnold@suse.com
- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
default-to-credit1-scheduler.patch
* Thu Feb 20 2020 carnold@suse.com
- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate
past the ERET instruction
5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch
- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch
hardening
5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch
- Upstream bug fixes (bsc#1027519)
5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch
5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch
5e318cd4-x86-apic-fix-disabling-LVT0.patch
5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch
5e3bd385-EFI-recheck-variable-name-strings.patch
5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch
5e3bd3f8-xmalloc-guard-against-overflow.patch
5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch
5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch
5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch
* Tue Feb 18 2020 ohering@suse.de
- bsc#1159755 - use fixed qemu-3.1 machine type for HVM
This must be done in qemu to preserve PCI layout
remove libxl.lock-qemu-machine-for-hvm.patch
* Fri Feb 07 2020 ohering@suse.de
- jsc#SLE-10183 - script to calculate cpuid= mask
add helper script from https://github.com/twizted/xen_maskcalc
domUs may be migrated between different cpus from the same vendor
if their visible cpuid value has incompatible feature bits masked.
* Wed Feb 05 2020 ohering@suse.de
- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains
add helper script and systemd service from
https://github.com/luizluca/xen-tools-xendomains-wait-disk
in new sub package xen-tools-xendomains-wait-disk
See included README for usage instructions
xendomains-wait-disks.LICENSE
xendomains-wait-disks.README.md
xendomains-wait-disks.sh
* Tue Jan 28 2020 ohering@suse.de
- bsc#1159755 - use fixed qemu-3.1 machine type for HVM
qemu4 introduced incompatible changes in pc-i440fx, which revealed
a design bug in 'xenfv'. Live migration from domUs started with
qemu versions prior qemu4 can not be received with qemu4+.
libxl.lock-qemu-machine-for-hvm.patch
* Tue Jan 14 2020 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5de65f84-gnttab-map-always-do-IOMMU-part.patch
5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch
5e15e03d-sched-fix-S3-resume-with-smt=0.patch
5e16fb6a-x86-clear-per-cpu-stub-page-info.patch
5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch
* Wed Jan 08 2020 dimstar@opensuse.org
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.
* Wed Dec 18 2019 carnold@suse.com
- bsc#1159320 - Xen logrotate file needs updated
logrotate.conf
* Wed Dec 18 2019 carnold@suse.com
- Update to Xen 4.13.0 FCS release
xen-4.13.0-testing-src.tar.bz2
* Core Scheduling (contributed by SUSE)
* Branch hardening to mitigate against Spectre v1 (contributed by Citrix)
* Late uCode loading (contributed by Intel)
* Improved live-patching build tools (contributed by AWS)
* OP-TEE support (contributed by EPAM)
* Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM)
* Dom0-less passthrough and ImageBuilder (contributed by XILINX)
* Support for new Hardware
* Tue Dec 03 2019 carnold@suse.com
- Update to Xen 4.13.0 RC4 release
xen-4.13.0-testing-src.tar.bz2
- Rebase libxl.pvscsi.patch
* Mon Nov 25 2019 carnold@suse.com
- Update to Xen 4.13.0 RC3 release
xen-4.13.0-testing-src.tar.bz2
- Drop python38-build.patch
* Tue Nov 12 2019 carnold@suse.com
- Update to Xen 4.13.0 RC2 release
xen-4.13.0-testing-src.tar.bz2
* Tue Oct 29 2019 mcepl@suse.com
- Add python38-build.patch fixing build with Python 3.8 (add
- -embed to python-config call)
* Mon Oct 14 2019 carnold@suse.com
- Update to Xen 4.13.0 RC1 release
xen-4.13.0-testing-src.tar.bz2
- Drop patches contained in new tarball or invalid
5ca7660f-x86-entry-drop-unused-includes.patch
5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch
5cab2ab7-x86-IOMMU-introduce-init-ops.patch
5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch
5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch
5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch
5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch
5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch
5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch
5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch
5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch
5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch
5d358508-x86-IRQ-desc-affinity-represents-request.patch
5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch
5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch
5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch
5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch
5d417813-AMD-IOMMU-bitfield-extended-features.patch
5d417838-AMD-IOMMU-bitfield-control-reg.patch
5d41785b-AMD-IOMMU-bitfield-IRTE.patch
5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch
5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch
5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch
5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch
5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch
5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch
5d417b38-AMD-IOMMU-correct-IRTE-updating.patch
5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4a9d25-AMD-IOMMU-drop-not-found-message.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
5d67ceaf-x86-properly-gate-PKU-clearing.patch
5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch
5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch
5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch
5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch
5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch
5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch
5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch
5d80ea13-vpci-honor-read-only-devices.patch
5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch
5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch
5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch
5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch
5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch
5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch
5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch
5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch
5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch
5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch
CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
blktap2-no-uninit.patch
libxl.prepare-environment-for-domcreate_stream_done.patch
pygrub-python3-conversion.patch
fix-xenpvnetboot.patch
* Thu Oct 10 2019 carnold@suse.com
- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines
5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch
5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch
5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch
* Wed Oct 02 2019 ohering@suse.de
- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime
The included README has details about the impact of this change
libxl.LIBXL_HOTPLUG_TIMEOUT.patch
* Mon Sep 30 2019 carnold@suse.com
- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines
5ca7660f-x86-entry-drop-unused-includes.patch
5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch
5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch
5cab2ab7-x86-IOMMU-introduce-init-ops.patch
5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch
5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch
5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch
5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch
5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch
5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch
5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch
5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch
5d358508-x86-IRQ-desc-affinity-represents-request.patch
5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch
5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch
5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch
5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch
5d417813-AMD-IOMMU-bitfield-extended-features.patch
5d417838-AMD-IOMMU-bitfield-control-reg.patch
5d41785b-AMD-IOMMU-bitfield-IRTE.patch
5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch
5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch
5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch
5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch
5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch
5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch
5d417b38-AMD-IOMMU-correct-IRTE-updating.patch
5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch
5d4a9d25-AMD-IOMMU-drop-not-found-message.patch
5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch
5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch
5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch
5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch
5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch
5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch
5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch
5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch
5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch
- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages
5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch
- bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016
with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD
ROME platform
5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch
- Upstream bug fixes (bsc#1027519)
5d67ceaf-x86-properly-gate-PKU-clearing.patch
5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch
5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch
5d80ea13-vpci-honor-read-only-devices.patch
5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch
* Fri Sep 27 2019 ohering@suse.de
- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM
Fix crash in an error path of libxl_domain_suspend with
libxl.helper_done-crash.patch
* Wed Aug 28 2019 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch
* Wed Aug 28 2019 ohering@suse.de
- Preserve modified files which used to be marked as %config,
rename file.rpmsave to file
* Fri Aug 09 2019 carnold@suse.com
- Update to Xen 4.12.1 bug fix release (bsc#1027519)
xen-4.12.1-testing-src.tar.bz2
- Drop patches contained in new tarball
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8f752c-x86-e820-build-with-gcc9.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Refreshed patches
libxl.pvscsi.patch
* Thu Aug 01 2019 carnold@suse.com
- bsc#1143563 - Speculative mitigation facilities report wrong status
5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch
* Wed Jul 17 2019 ohering@suse.de
- Update xen-dom0-modules.service (bsc#1137251)
Map backend module names from pvops and xenlinux kernels to a
module alias. This avoids errors from modprobe about unknown
modules. Ignore a few xenlinux modules that lack aliases.
* Mon Jul 15 2019 carnold@suse.com
- Gcc9 warnings seem to be cleared up with upstream fixes.
Drop gcc9-ignore-warnings.patch
* Tue Jun 25 2019 carnold@suse.com
- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3
fix-xenpvnetboot.patch
* Mon Jun 24 2019 ohering@suse.de
- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf
* Mon Jun 24 2019 ohering@suse.de
- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api
* Fri Jun 21 2019 ohering@suse.de
- Remove all upstream provided files in /etc/xen
They are not required at runtime. The host admin is now
responsible if he really needs anything in this subdirectory.
* Fri Jun 21 2019 ohering@suse.de
- In our effort to make /etc fully admin controlled, move /etc/xen/scripts
to libexec/xen/scripts with xen-tools.etc_pollution.patch
* Wed Jun 19 2019 ohering@suse.de
- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions
* Mon Jun 17 2019 carnold@suse.com
- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm
Atomics Operations
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Upstream bug fixes (bsc#1027519)
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch)
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch)
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch)
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch)
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch)
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch)
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch)
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch
* Fri Jun 14 2019 carnold@suse.com
- Fix some outdated information in the readme
README.SUSE
* Tue Jun 11 2019 jfehlig@suse.com
- spec: xen-tools: require matching version of xen package
bsc#1137471
* Fri May 17 2019 ohering@suse.de
- Remove two stale patches
xen.build-compare.man.patch
xenpaging.doc.patch
* Tue May 14 2019 mliska@suse.cz
- Disable LTO (boo#1133296).
* Mon May 13 2019 ohering@suse.de
- Remove arm32 from ExclusiveArch to fix build
* Mon Apr 29 2019 carnold@suse.com
- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4".
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
xsa297-0a.patch
xsa297-0b.patch
xsa297-0c.patch
xsa297-0d.patch
xsa297-1.patch
xsa297-2.patch
xsa297-3.patch
- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and
drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
* Wed Apr 17 2019 carnold@suse.com
- bsc#1131811 - [XEN] internal error: libxenlight failed to create
new domain. This patch is a workaround for a systemd issue. See
patch header for additional comments.
xenstore-launch.patch
* Thu Apr 11 2019 carnold@suse.com
- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest
after upgrading host from sle11sp4 to sle15sp1
pygrub-python3-conversion.patch
- Fix "TypeError: virDomainDefineXML() argument 2 must be str or
None, not bytes" when converting VMs from using the xm/xend
toolstack to the libxl/libvirt toolstack. (bsc#1123378)
xen2libvirt.py
* Mon Apr 08 2019 carnold@suse.com
- bsc#1124560 - Fully virtualized guests crash on boot
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
- bsc#1121391 - GCC 9: xen build fails
5c8f752c-x86-e820-build-with-gcc9.patch
- Upstream bug fixes (bsc#1027519)
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
* Thu Apr 04 2019 ohering@suse.de
- Install pkgconfig files into libdir instead of datadir
* Tue Apr 02 2019 carnold@suse.com
- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates
the HVM/PVH and PV code paths in Xen and provides KCONFIG
options to build a PV only or HVM/PVH only hypervisor.
* QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has
been vastly improved.
* Argo - Hypervisor-Mediated data eXchange: Argo is a new inter-
domain communication mechanism.
* Improvements to Virtual Machine Introspection: The VMI subsystem
which allows detection of 0-day vulnerabilities has seen many
functional and performance improvements.
* Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project
default scheduler.
* PVH Support: Grub2 boot support has been added to Xen and Grub2.
* PVH Dom0: PVH Dom0 support has now been upgraded from experimental
to tech preview.
* The Xen 4.12 upgrade also includes improved IOMMU mapping code,
which is designed to significantly improve the startup times of
AMD EPYC based systems.
* The upgrade also features Automatic Dom0 Sizing which allows the
setting of Dom0 memory size as a percentage of host memory (e.g.
10%) or with an offset (e.g. 1G+10%).
* Tue Mar 26 2019 carnold@suse.com
- bsc#1130485 - Please drop Requires on multipath-tools in
xen-tools. Now using Recommends multipath-tools.
xen.spec
* Mon Mar 25 2019 carnold@suse.com
- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* Wed Mar 20 2019 carnold@suse.com
- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* Fri Mar 15 2019 ohering@suse.de
- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to
avoid TSC emulation for HVM domUs if their expected frequency
does not match exactly the frequency of the receiving host
xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Mar 11 2019 carnold@suse.com
- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* Mon Mar 11 2019 carnold@suse.com
- jsc#SLE-3059 - Disable Xen auto-ballooning
- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory.
xen.spec
- Disable autoballooning in xl.con
xl-conf-disable-autoballoon.patch
* Thu Mar 07 2019 ohering@suse.de
- Update gcc9-ignore-warnings.patch to fix build in SLE12
* Thu Mar 07 2019 ohering@suse.de
- bsc#1126325 - fix crash in libxl in error path
Setup of grant_tables and other variables may fail
libxl.prepare-environment-for-domcreate_stream_done.patch
* Wed Mar 06 2019 carnold@suse.com
- bsc#1127620 - Documentation for the xl configuration file allows
for firmware=pvgrub64 but we don't ship pvgrub64.
Create a link from grub.xen to pvgrub64
xen.spec
* Mon Mar 04 2019 carnold@suse.com
- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Tarball also contains additional post RC4 security fixes for
Xen Security Advisories 287, 288, and 290 through 294.
* Tue Feb 19 2019 carnold@suse.com
- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* Mon Feb 04 2019 carnold@suse.com
- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* Fri Jan 25 2019 carnold@suse.com
- bsc#1121391 - GCC 9: xen build fails
gcc9-ignore-warnings.patch
* Thu Jan 24 2019 carnold@suse.com
- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing
/proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi.
Keep xen.efi in /usr/lib64/efi for booting older distros.
xen.spec
* Fri Jan 18 2019 carnold@suse.com
- fate#326960: Package grub2 as noarch.
As part of the effort to have a unified bootloader across
architectures, modify the xen.spec file to move the Xen efi files
to /usr/share/efi/$(uname -m) from /usr/lib64/efi.
* Wed Jan 16 2019 carnold@suse.com
- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Drop
5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
gcc8-fix-array-warning-on-i586.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-inlining-failed.patch
xen.bug1079730.patch
* Tue Jan 15 2019 carnold@suse.com
- bsc#1121960 - xen: sync with Factory
xen.spec
xen.changes
* Sat Jan 12 2019 jengelh@inai.de
- Replace old $RPM_* shell vars.
- Run fdupes for all architectures, and not crossing
subvolume boundaries.
* Thu Jan 10 2019 guillaume.gardet@opensuse.org
- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition
rpmlint error
* Tue Jan 08 2019 guillaume.gardet@opensuse.org
- Require qemu-seabios only on x86* as it is not available on non-x86
systems
* Thu Dec 27 2018 bwiedemann@suse.com
- Avoid creating dangling symlinks (bsc#1116524)
This reverts the revert of tmp_build.patch
* Tue Dec 04 2018 carnold@suse.com
- Update to Xen 4.11.1 bug fix release (bsc#1027519)
xen-4.11.1-testing-src.tar.bz2
- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch
- Drop the following patches contained in the new tarball
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbe-ARM-disable-grant-table-v2.patch
5b72fbbe-oxenstored-eval-order.patch
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
xsa275-1.patch
xsa275-2.patch
xsa276-1.patch
xsa276-2.patch
xsa277.patch
xsa279.patch
xsa280-1.patch
xsa280-2.patch
* Wed Nov 21 2018 carnold@suse.com
- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken:
Missing /bin/domu-xenstore. This was broken because "make
package build reproducible" change. (boo#1047218, boo#1062303)
This fix reverses the change to this patch.
tmp_build.patch
* Mon Nov 12 2018 carnold@suse.com
- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen:
insufficient TLB flushing / improper large page mappings with AMD
IOMMUs (XSA-275)
xsa275-1.patch
xsa275-2.patch
- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting
issues in x86 IOREQ server handling (XSA-276)
xsa276-1.patch
xsa276-2.patch
- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error
handling for guest p2m page removals (XSA-277)
xsa277.patch
- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting
to use INVPCID with a non-canonical addresses (XSA-279)
xsa279.patch
- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240
conflicts with shadow paging (XSA-280)
xsa280-1.patch
xsa280-2.patch
- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE
constructs may lock up host (XSA-282)
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
- Upstream bug fixes (bsc#1027519)
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch
* Tue Nov 06 2018 carnold@suse.com
- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch
* Wed Oct 24 2018 ohering@suse.de
- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries
* Wed Oct 24 2018 bwiedemann@suse.com
- make package build reproducible (boo#1047218, boo#1062303)
* Set SMBIOS_REL_DATE
* Update tmp_build.patch to use SHA instead of random build-id
* Add reproducible.patch to use --no-insert-timestamp
* Sun Oct 14 2018 ohering@suse.de
- Building with ncurses 6.1 will fail without
xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- Building libxl acpi support on aarch64 with gcc 8.2 will fail without
xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch
* Tue Sep 11 2018 carnold@suse.com
- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is
apparently broken
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch
* Tue Sep 11 2018 carnold@suse.com
- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by
d_materialise_unique()
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen:
oxenstored does not apply quota-maxentity (XSA-272)
5b72fbbe-oxenstored-eval-order.patch
- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of
v2 grant tables may cause crash on ARM (XSA-268)
5b72fbbe-ARM-disable-grant-table-v2.patch
- Upstream patches from Jan (bsc#1027519)
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch
* Tue Aug 28 2018 carnold@suse.com
- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed
xen.spec
* Fri Aug 17 2018 carnold@suse.com
- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM
(XSA-273)
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect
MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
- Upstream prereq patches for XSA-273 and other upstream fixes
(bsc#1027519)
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch
* Tue Jul 24 2018 carnold@suse.com
- Upstream patches from Jan (bsc#1027519)
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-fix-array-warning-on-i586.patch
- Drop xen.fuzz-_FORTIFY_SOURCE.patch
gcc8-fix-warning-on-i586.patch
* Mon Jul 09 2018 carnold@suse.com
- Update to Xen 4.11.0 FCS (fate#325202, fate#325123)
xen-4.11.0-testing-src.tar.bz2
disable-building-pv-shim.patch
- Dropped patches
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a9985bd-x86-invpcid-support.patch
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch
5af1daa9-3-x86-traps-use-IST-for-DB.patch
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch
5af97999-viridian-cpuid-leaf-40000003.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch
5b348874-x86-refine-checks-in-DB-handler.patch
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen_fix_build_with_acpica_20180427_and_new_packages.patch
* Wed Jul 04 2018 trenn@suse.de
- Submit upstream patch libacpi: fixes for iasl >= 20180427
git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005
xen_fix_build_with_acpica_20180427_and_new_packages.patch
This is needed for acpica package to get updated in our build service
* Fri Jun 29 2018 carnold@suse.com
- Upstream patches from Jan (bsc#1027519)
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch)
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch)
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch)
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch)
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch)
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch)
5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch)
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch)
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch)
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch
* Mon Jun 25 2018 ohering@suse.de
- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch
* Mon Jun 25 2018 ohering@suse.de
- bsc#1098403 - fix regression introduced by changes for bsc#1079730
a PV domU without qcow2 and/or vfb has no qemu attached.
Ignore QMP errors for PV domUs to handle PV domUs with and without
an attached qemu-xen.
xen.bug1079730.patch
* Mon Jun 18 2018 carnold@suse.com
- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks
bypassed in x86 PV MM handling (XSA-264)
xsa264.patch
- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception
safety check can be triggered by a guest (XSA-265)
xsa265.patch
- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour
readonly flag on HVM emulated SCSI disks (XSA-266)
xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch
xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch
* Wed Jun 13 2018 carnold@suse.com
- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore
(XSA-267)
xsa267-1.patch
xsa267-2.patch
* Fri Jun 01 2018 carnold@suse.com
- bsc#1092543 - GCC 8: xen build fails
gcc8-fix-warning-on-i586.patch
* Fri May 18 2018 carnold@suse.com
- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store
Bypass aka "Memory Disambiguation" (XSA-263)
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
Spectre-v4-1.patch
Spectre-v4-2.patch
Spectre-v4-3.patch
* Thu May 17 2018 ohering@suse.de
- Always call qemus xen-save-devices-state in suspend/resume to
fix migration with qcow2 images (bsc#1079730)
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen.bug1079730.patch
* Wed May 16 2018 carnold@suse.com
- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
- Upstream patches from Jan (bsc#1027519)
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch)
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch)
5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch)
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch)
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch)
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch)
5af97999-viridian-cpuid-leaf-40000003.patch
* Fri May 11 2018 carnold@suse.com
- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a9985bd-x86-invpcid-support.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch
* Wed May 09 2018 carnold@suse.com
- bsc#1092543 - GCC 8: xen build fails
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
gcc8-inlining-failed.patch
* Tue May 08 2018 carnold@suse.com
- Update to Xen 4.10.1 bug fix release (bsc#1027519)
xen-4.10.1-testing-src.tar.bz2
disable-building-pv-shim.patch
- Drop the following patches contained in the new tarball
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch
xsa258.patch
xsa259.patch
* Wed Apr 25 2018 carnold@suse.com
- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of
debug exceptions (XSA-260)
xsa260-1.patch
xsa260-2.patch
xsa260-3.patch
xsa260-4.patch
- bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt
injection errors (XSA-261)
xsa261.patch
- bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into
unbounded loop (XSA-262)
xsa262.patch
* Mon Apr 16 2018 carnold@suse.com
- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via
crafted user-supplied CDROM (XSA-258)
xsa258.patch
- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash
Xen with XPTI (XSA-259)
xsa259.patch
* Wed Mar 28 2018 ohering@suse.de
- Preserve xen-syms from xen-dbg.gz to allow processing vmcores
with crash(1) (bsc#1087251)
* Mon Mar 26 2018 carnold@suse.com
- Upstream patches from Jan (bsc#1027519) and fixes related to
Page Table Isolation (XPTI). See also bsc#1074562 XSA-254
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch
* Thu Mar 01 2018 carnold@suse.com
- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from
0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30)
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
- Upstream patches from Jan (bsc#1027519)
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch)
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch)
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch)
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch)
- Drop
xsa252.patch
xsa255-1.patch
xsa255-2.patch
xsa256.patch
* Mon Feb 12 2018 carnold@suse.com
- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable
L3/L4 pagetable freeing (XSA-252)
xsa252.patch
- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1
transition may crash Xen (XSA-255)
xsa255-1.patch
xsa255-2.patch
- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without
LAPIC may DoS the host (XSA-256)
xsa256.patch
* Fri Feb 09 2018 ohering@suse.de
- Remove stale systemd presets code for 13.2 and older
* Fri Feb 09 2018 ohering@suse.de
- fate#324965 - add script, udev rule and systemd service to watch
for vcpu online/offline events in a HVM domU
They are triggered via xl vcpu-set domU N
* Fri Feb 09 2018 ohering@suse.de
- Replace hardcoded xen with Name tag when refering to subpkgs
* Fri Feb 09 2018 ohering@suse.de
- Make sure tools and tools-domU require libs from the very same build
* Wed Feb 07 2018 jfehlig@suse.com
- tools-domU: Add support for qemu guest agent. New files
80-xen-channel-setup.rules and xen-channel-setup.sh configure a
xen-pv-channel for use by the guest agent
FATE#324963
* Wed Feb 07 2018 ohering@suse.de
- Remove outdated /etc/xen/README*
* Mon Jan 29 2018 carnold@suse.com
- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with
MSR emulation (XSA-253)
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754
xen: Information leak via side effects of speculative execution
(XSA-254). Includes Spectre v2 mitigation.
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch
* Fri Jan 26 2018 carnold@suse.com
- Fix python3 deprecated atoi call (bsc#1067224)
pygrub-python3-conversion.patch
- Drop xenmon-python3-conversion.patch
* Wed Jan 10 2018 ohering@suse.de
- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu,
depending on the libxl disk settings
libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
* Mon Jan 08 2018 ohering@suse.de
- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch
* Fri Jan 05 2018 carnold@suse.com
- bsc#1067224 - xen-tools have hard dependency on Python 2
build-python3-conversion.patch
bin-python3-conversion.patch
* Wed Dec 20 2017 carnold@suse.com
- bsc#1070165 - xen crashes after aborted localhost migration
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb:
libxl__devices_destroy failed
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
- Upstream patches from Jan (bsc#1027519)
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch
* Wed Dec 13 2017 carnold@suse.com
- Update to Xen 4.10.0 FCS (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
* Mon Dec 11 2017 ohering@suse.de
- Rebuild initrd if xen-tools-domU is updated
* Tue Dec 05 2017 carnold@suse.com
- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
* Tue Nov 28 2017 ohering@suse.de
- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds
If many domUs shutdown in parallel the backends can not keep up
Add some debug output to track how long backend shutdown takes (bsc#1035442)
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.LIBXL_DESTROY_TIMEOUT.debug.patch
* Tue Nov 28 2017 ohering@suse.de
- Adjust xenstore-run-in-studomain.patch to change the defaults
in the code instead of changing the sysconfig template, to also
cover the upgrade case
* Fri Nov 24 2017 carnold@suse.com
- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
* Fri Nov 24 2017 ohering@suse.de
- Since xen switched to Kconfig, building a debug hypervisor
was done by default. Adjust make logic to build a non-debug
hypervisor by default, and continue to provide one as xen-dbg.gz
* Fri Nov 24 2017 ohering@suse.de
- fate#316614: set migration constraints from cmdline
fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10
* Thu Nov 23 2017 ohering@suse.de
- Document the suse-diskcache-disable-flush option in
xl-disk-configuration(5) (bsc#879425,bsc#1067317)
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
* Thu Nov 16 2017 carnold@suse.com
- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- fate#323663 - Run Xenstore in stubdomain
xenstore-run-in-studomain.patch
* Thu Nov 09 2017 carnold@suse.com
- bsc#1067224 - xen-tools have hard dependency on Python 2
pygrub-python3-conversion.patch
xenmon-python3-conversion.patch
migration-python3-conversion.patch
xnloader.py
xen2libvirt.py
* Wed Nov 08 2017 ohering@suse.de
- Remove xendriverdomain.service (bsc#1065185)
Driver domains must be configured manually with custom .service file
* Thu Nov 02 2017 carnold@suse.com
- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch
* Thu Nov 02 2017 ohering@suse.de
- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)
* Fri Oct 27 2017 carnold@suse.com
- fate#324052 Support migration of Xen HVM domains larger than 1TB
59f31268-libxc-remove-stale-error-check-for-domain-size.patch
* Wed Oct 25 2017 carnold@suse.com
- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
* Mon Oct 16 2017 carnold@suse.com
- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop patches included in new tarball
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch
59958ebf-gnttab-fix-transitive-grant-handling.patch
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
gcc7-arm.patch
gcc7-mini-os.patch
* Tue Oct 03 2017 carnold@suse.com
- bsc#1061084 - VUL-0: xen: page type reference leak on x86
(XSA-242)
xsa242.patch
- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear
shadow mappings with translated guests (XSA-243)
xsa243.patch
- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings
during CPU hotplug (XSA-244)
xsa244.patch
* Mon Oct 02 2017 carnold@suse.com
- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks
(XSA-238)
xsa238.patch
- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O
intercept code (XSA-239)
xsa239.patch
- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable
de-typing (XSA-240)
xsa240-1.patch
xsa240-2.patch
- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type
release race (XSA-241)
xsa241.patch
* Fri Sep 29 2017 carnold@suse.com
- bsc#1061075 - VUL-0: xen: pin count / page reference race in
grant table code (XSA-236)
xsa236.patch
- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86
(XSA-237)
xsa237-1.patch
xsa237-2.patch
xsa237-3.patch
xsa237-4.patch
xsa237-5.patch
* Tue Sep 26 2017 carnold@suse.com
- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter
verification (XSA-231)
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232)
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup
(XSA-233)
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for
x86 PV guests (XSA-234)
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to
release lock on ARM (XSA-235)
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
- Upstream patches from Jan (bsc#1027519)
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
- Dropped gcc7-xen.patch
* Thu Sep 07 2017 carnold@suse.com
- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when
Secure Boot is Enabled
xen.spec
* Tue Sep 05 2017 ohering@suse.de
- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
update from v6 to v9 to cover more cases for ballooned domUs
libxc.sr.superpage.patch
* Mon Aug 28 2017 ohering@suse.de
- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen
drop the patch because it is not upstream acceptable
remove xen.suse_vtsc_tolerance.patch
* Sat Aug 26 2017 ohering@suse.de
- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
after the save using xl stack
libxc.sr.superpage.patch
* Tue Aug 22 2017 ohering@suse.de
- Unignore gcc-PIE
the toolstack disables PIE for firmware builds as needed
* Mon Aug 21 2017 carnold@suse.com
- Upstream patches from Jan (bsc#1027519)
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch)
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch)
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch)
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch)
59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch)
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch
* Wed Aug 16 2017 carnold@suse.com
- bsc#1044974 - xen-tools require python-pam
xen.spec
* Fri Aug 11 2017 carnold@suse.com
- Clean up spec file errors and a few warnings. (bsc#1027519)
- Removed conditional 'with_systemd' and some old deprecated
'sles_version' checks.
xen.spec
* Thu Aug 10 2017 jfehlig@suse.com
- Remove use of brctl utiltiy from supportconfig plugin
FATE#323639
* Thu Aug 10 2017 ohering@suse.de
- Use upstream variant of mini-os __udivmoddi4 change
gcc7-mini-os.patch
* Wed Aug 09 2017 carnold@suse.com
- fate#323639 Move bridge-utils to legacy
replace-obsolete-network-configuration-commands-in-s.patch
* Tue Aug 08 2017 carnold@suse.com
- bsc#1052686 - VUL-0: xen: grant_table: possibly premature
clearing of GTF_writing / GTF_reading (XSA-230)
xsa230.patch
* Mon Aug 07 2017 ohering@suse.de
- bsc#1035231 - migration of HVM domU does not use superpages
on destination dom0
libxc.sr.superpage.patch
* Thu Aug 03 2017 carnold@suse.com
- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded
recursion in grant table code (XSA-226)
xsa226-1.patch
xsa226-2.patch
- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege
escalation via map_grant_ref (XSA-227)
xsa227.patch
- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race
conditions with maptrack free list handling (XSA-228)
xsa228.patch
* Tue Aug 01 2017 jfehlig@suse.com
- Add a supportconfig plugin
xen-supportconfig
FATE#323661
* Tue Jul 25 2017 ohering@suse.de
- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen
To avoid emulation of TSC access from a domU after live migration
add a global tolerance for the measured host kHz
xen.suse_vtsc_tolerance.patch
* Thu Jul 20 2017 carnold@suse.com
- fate#323662 Drop qemu-dm from xen-tools package
The following tarball and patches have been removed
qemu-xen-traditional-dir-remote.tar.bz2
VNC-Support-for-ExtendedKeyEvent-client-message.patch
0001-net-move-the-tap-buffer-into-TAPState.patch
0002-net-increase-tap-buffer-size.patch
0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch
0004-e1000-secrc-support.patch
0005-e1000-multi-buffer-packet-support.patch
0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
0007-e1000-verify-we-have-buffers-upfront.patch
0008-e1000-check-buffer-availability.patch
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
blktap.patch
cdrom-removable.patch
xen-qemu-iscsi-fix.patch
qemu-security-etch1.patch
xen-disable-qemu-monitor.patch
xen-hvm-default-bridge.patch
qemu-ifup-set-mtu.patch
ioemu-vnc-resize.patch
capslock_enable.patch
altgr_2.patch
log-guest-console.patch
bdrv_open2_fix_flags.patch
bdrv_open2_flags_2.patch
ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch
qemu-dm-segfault.patch
bdrv_default_rwflag.patch
kernel-boot-hvm.patch
ioemu-watchdog-support.patch
ioemu-watchdog-linkage.patch
ioemu-watchdog-ib700-timer.patch
ioemu-hvm-pv-support.patch
pvdrv_emulation_control.patch
ioemu-disable-scsi.patch
ioemu-disable-emulated-ide-if-pv.patch
xenpaging.qemu.flush-cache.patch
ioemu-devicemodel-include.patch
- Cleanup spec file and remove unused KMP patches
kmp_filelist
supported_module.patch
xen_pvonhvm.xen_emul_unplug.patch
* Mon Jul 17 2017 carnold@suse.com
- bsc#1002573 - Optimize LVM functions in block-dmmd
block-dmmd
* Fri Jul 14 2017 ohering@suse.de
- Record initial Xen dmesg in /var/log/xen/xen-boot.log for
supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log
* Fri Jul 14 2017 ohering@suse.de
- Remove storytelling from description in xen.rpm
* Wed Jun 28 2017 carnold@suse.com
- Update to Xen 4.9.0 FCS (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Wed Jun 21 2017 carnold@suse.com
- Update block-dmmd script (bsc#1002573)
block-dmmd
* Tue Jun 20 2017 carnold@suse.com
- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
gcc7-arm.patch
- Drop gcc7-error-xenpmd.patch
* Mon Jun 05 2017 carnold@suse.com
- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Thu Jun 01 2017 carnold@suse.com
- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop
due to incorrect return value
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
* Tue May 30 2017 carnold@suse.com
- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory
leakage via capture buffer
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
* Fri May 26 2017 carnold@suse.com
- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Mon May 22 2017 carnold@suse.com
- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Thu May 18 2017 carnold@suse.com
- bsc#1031343 - xen fails to build with GCC 7
gcc7-mini-os.patch
gcc7-xen.patch
* Wed May 17 2017 carnold@suse.com
- bsc#1031343 - xen fails to build with GCC 7
gcc7-error-xenpmd.patch
* Tue May 16 2017 carnold@suse.com
- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
- Drop xen-tools-pkgconfig-xenlight.patch
* Wed May 10 2017 carnold@suse.com
- bsc#1037779 - xen breaks kexec-tools build
xen-tools-pkgconfig-xenlight.patch
* Tue May 09 2017 carnold@suse.com
- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Tue May 02 2017 carnold@suse.com
- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path
xen.spec
* Fri Apr 28 2017 carnold@suse.com
- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
aarch64-maybe-uninitialized.patch
* Fri Apr 21 2017 carnold@suse.com
- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
* Wed Apr 19 2017 carnold@suse.com
- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
ioemu-devicemodel-include.patch
- Dropped patches contained in new tarball
xen-4.8.0-testing-src.tar.bz2
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch
glibc-2.25-compatibility-fix.patch
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch
* Wed Apr 05 2017 carnold@suse.com
- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch
* Wed Mar 29 2017 jfehlig@suse.com
- bsc#1015348 - L3: libvirtd does not start during boot
suse-xendomains-service.patch
* Wed Mar 22 2017 carnold@suse.com
- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2
with Xen hypervisor.
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
- bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration
- latter one much faster
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
- Upstream patch from Jan
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch
* Mon Mar 20 2017 carnold@suse.com
- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block
add"
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
- bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated
update (XSA-206)
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch
- bsc#1029827 - Forward port xenstored
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch
* Mon Mar 13 2017 ohering@suse.de
- bsc#1029128 - fix make xen to really produce xen.efi with gcc48
* Wed Mar 08 2017 carnold@suse.com
- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite
loop issue in ohci_service_ed_list
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
- Upstream patches from Jan (bsc#1027519)
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch
* Thu Mar 02 2017 carnold@suse.com
- bsc#1027654 - XEN fails to build against glibc 2.25
glibc-2.25-compatibility-fix.patch
libxl.pvscsi.patch
* Thu Feb 16 2017 ohering@suse.de
- fate#316613: Refresh and enable libxl.pvscsi.patch
* Fri Feb 10 2017 carnold@suse.com
- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo
does not check if memory region is safe (XSA-209)
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch
* Wed Feb 08 2017 carnold@suse.com
- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault
happened when adding usbctrl devices via xl
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
* Thu Feb 02 2017 carnold@suse.com
- Upstream patches from Jan (bsc#1027519)
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch
* Wed Feb 01 2017 carnold@suse.com
- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob
access while doing bitblt copy backward mode
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch
* Thu Jan 26 2017 carnold@suse.com
- fate#322313 and fate#322150 require the acpica package ported to
aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64
until these fates are complete.
xen.spec
* Wed Jan 25 2017 carnold@suse.com
- bsc#1021952 - Virutalization/xen: Bug xen-tools missing
/usr/bin/domu-xenstore; guests fail to launch
tmp_build.patch
xen.spec
* Wed Jan 18 2017 ohering@suse.de
- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)
* Thu Jan 12 2017 carnold@suse.com
- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/
xen.spec
* Mon Jan 09 2017 carnold@suse.com
- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
Replaces xsa202.patch (bsc#1014298)
- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
Replaces xsa203.patch (bsc#1014300)
- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
Replaces xsa204.patch (bsc#1016340)
- Upstream patches from Jan
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch
* Wed Jan 04 2017 carnold@suse.com
- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu:
display: cirrus_vga: a divide by zero in cirrus_do_copy
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch
* Mon Dec 19 2016 carnold@suse.com
- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of
SYSCALL singlestep during emulation (XSA-204)
xsa204.patch
* Thu Dec 15 2016 carnold@suse.com
- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation
fails to ignore operand size override (XSA-200)
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
* Wed Dec 14 2016 carnold@suse.com
- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be
able to mask interrupts (XSA-202)
xsa202.patch
- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL
pointer check in VMFUNC emulation (XSA-203)
xsa203.patch
- Upstream patches from Jan
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch
* Mon Dec 05 2016 carnold@suse.com
- Update to Xen 4.8 FCS
xen-4.8.0-testing-src.tar.bz2
- Dropped
xen-4.7.1-testing-src.tar.bz2
0001-libxc-Rework-extra-module-initialisation.patch
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch
0004-firmware-makefile-install-BIOS-blob.patch
0005-libxl-Load-guest-BIOS-from-file.patch
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch
0008-hvmloader-Locate-the-BIOS-blob.patch
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch
0011-hvmloader-Load-OVMF-from-modules.patch
0012-hvmloader-Specific-bios_load-function-required.patch
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
57a30261-x86-support-newer-Intel-CPU-models.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
CVE-2016-9381-xsa197-qemut.patch
CVE-2016-9637-xsa199-qemut.patch
* Tue Nov 22 2016 carnold@suse.com
- bsc#1011652 - VUL-0: xen: qemu ioport array overflow
CVE-2016-9637-xsa199-qemut.patch
* Fri Nov 18 2016 carnold@suse.com
- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null
segments not always treated as unusable
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
- bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch
to VM86 mode mis-handled
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
- bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base
write emulation lacking canonical address checks
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
- bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit
ELF symbol table load leaking host data
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
- bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit
test instruction emulation broken
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
- bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen:
x86 software interrupt injection mis-handled
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
- bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious
about shared ring processing
CVE-2016-9381-xsa197-qemut.patch
- bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen:
delimiter injection vulnerabilities in pygrub
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
- Upstream patches from Jan
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch
* Tue Nov 15 2016 carnold@suse.com
- Update to Xen Version 4.7.1
xen-4.7.1-testing-src.tar.bz2
- Dropped patches contained in new tarball
xen-4.7.0-testing-src.tar.bz2
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c93e52-fix-error-in-libxl_device_usbdev_list.patch
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch
* Mon Nov 07 2016 carnold@suse.com
- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI
systems
xen.spec
* Thu Nov 03 2016 carnold@suse.com
- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not
always honored for x86 HVM guests (XSA-190)
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
- bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic
on broadwell-ep
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch
- Upstream patches from Jan
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch
* Wed Nov 02 2016 carnold@suse.com
- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the
system has 384
xen-arch-kconfig-nr_cpus.patch
* Tue Nov 01 2016 carnold@suse.com
- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite
loop while transmit in C+ mode
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch
* Mon Oct 17 2016 carnold@suse.com
- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero
error in set_next_tick
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
- bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero
error in serial_update_parameters
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch
* Wed Oct 05 2016 carnold@suse.com
- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in
mcf_fec_do_tx
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
- bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite
loop in pcnet_rdra_addr
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch
* Mon Sep 12 2016 carnold@suse.com
- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3
recursive pagetable for 32-bit PV guests (XSA-185)
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of
instruction pointer truncation during emulation (XSA-186)
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of
sh_ctxt->seg_reg[] (XSA-187)
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
- Upstream patches from Jan
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch
* Mon Sep 12 2016 ohering@suse.de
- bsc#979002 - add 60-persistent-xvd.rules and helper script
also to initrd, add the relevant dracut helper
* Mon Sep 05 2016 ohering@suse.de
- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for
upstream unplug protocol
* Fri Sep 02 2016 carnold@suse.com
- bsc#989679 - [pvusb feature] USB device not found when
'virsh detach-device guest usb.xml'
57c93e52-fix-error-in-libxl_device_usbdev_list.patch
* Tue Aug 23 2016 carnold@suse.com
- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to
get contiguous memory for DMA from Xen
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
- bsc#978755 - xen uefi systems fail to boot
- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
- Upstream patch from Jan
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch
* Mon Aug 08 2016 jfehlig@suse.com
- spec: to stay compatible with the in-tree qemu-xen binary, use
/usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64
bsc#986164
* Thu Aug 04 2016 carnold@suse.com
- bsc#970135 - new virtualization project clock test randomly fails
on Xen
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation
in PV guests (XSA-182)
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP
whitelisting in 32-bit exception / event delivery (XSA-183)
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
- Upstream patches from Jan
57a30261-x86-support-newer-Intel-CPU-models.patch
* Mon Aug 01 2016 carnold@suse.com
- bsc#985503 - vif-route broken
vif-route.patch
* Thu Jul 28 2016 carnold@suse.com
- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3
failed on sles11sp4 xen host.
pygrub-handle-one-line-menu-entries.patch
* Wed Jul 27 2016 carnold@suse.com
- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB
write access in esp_do_dma
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
* Thu Jun 23 2016 carnold@suse.com
- bsc#900418 - Dump cannot be performed on SLES12 XEN
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
- Upstream patches from Jan
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
* Tue Jun 21 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 FCS
xen-4.7.0-testing-src.tar.bz2
- Drop CVE-2014-3672-qemut-xsa180.patch
* Thu Jun 16 2016 carnold@suse.com
- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (Additional fixes)
block-dmmd
* Fri Jun 10 2016 ohering@suse.de
- Convert with_stubdom into build_conditional to allow adjusting
via prjconf
- Convert with_debug into build_conditional to allow adjusting
via prjconf
* Fri Jun 10 2016 ohering@suse.de
- bsc#979002 - add 60-persistent-xvd.rules and helper script to
xen-tools-domU to simplify transition to pvops based kernels
* Fri Jun 10 2016 ohering@suse.de
- Convert with_oxenstored into build_conditional to allow
adjusting via prjconf (fate#320836)
* Thu Jun 09 2016 carnold@suse.com
- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w
access while processing ESP_FIFO
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
- bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB
write when using non-DMA mode in get_cmd
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
* Tue Jun 07 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 RC5
xen-4.7.0-testing-src.tar.bz2
* Wed May 25 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 RC4
xen-4.7.0-testing-src.tar.bz2
- Dropped
xen.pkgconfig-4.7.patch
xsa164.patch
* Mon May 23 2016 carnold@suse.com
- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging
(XSA-180)
CVE-2014-3672-qemut-xsa180.patch
* Thu May 19 2016 carnold@suse.com
- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write
while writing to 's->cmdbuf' in get_cmd
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
- bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write
while writing to 's->cmdbuf' in esp_reg_write
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
* Tue May 17 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 RC3
xen-4.7.0-testing-src.tar.bz2
- Dropped
libxl-remove-cdrom-cachemode.patch
x86-PoD-only-reclaim-if-needed.patch
gcc6-warnings-as-errors.patch
* Wed May 11 2016 carnold@suse.com
- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (another modification)
block-dmmd
* Tue May 10 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 RC2
xen-4.7.0-testing-src.tar.bz2
* Tue May 10 2016 carnold@suse.com
- bsc#961600 - L3: poor performance when Xen HVM domU configured
with max memory > current memory
x86-PoD-only-reclaim-if-needed.patch
* Fri May 06 2016 ohering@suse.de
- Mark SONAMEs and pkgconfig as xen 4.7
xen.pkgconfig-4.7.patch
* Tue May 03 2016 jfehlig@suse.com
- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom
libxl-remove-cdrom-cachemode.patch
* Tue May 03 2016 carnold@suse.com
- fate#319989 - Update to Xen 4.7 RC1
xen-4.7.0-testing-src.tar.bz2
* Tue May 03 2016 ohering@suse.de
- fate#316614: set migration constraints from cmdline
restore libxl.set-migration-constraints-from-cmdline.patch
* Tue May 03 2016 ohering@suse.de
- Remove obsolete patch for xen-kmp
magic_ioport_compat.patch
* Tue May 03 2016 ohering@suse.de
- fate#316613: update to v12
libxl.pvscsi.patch
* Fri Apr 29 2016 carnold@suse.com
- Update to the latest Xen 4.7 pre-release c2994f86
Drop libxl.migrate-legacy-stream-read.patch
* Fri Apr 15 2016 ohering@suse.de
- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host
to SLES12SP2 Alpha 1 host using xl migrate
libxl.migrate-legacy-stream-read.patch
* Fri Apr 01 2016 jfehlig@suse.com
- Add patches from proposed upstream series to load BIOS's from
the toolstack instead of embedding in hvmloader
http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html
0001-libxc-Rework-extra-module-initialisation.patch,
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch,
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch,
0004-firmware-makefile-install-BIOS-blob.patch,
0005-libxl-Load-guest-BIOS-from-file.patch,
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch,
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch,
0008-hvmloader-Locate-the-BIOS-blob.patch,
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch,
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch,
0011-hvmloader-Load-OVMF-from-modules.patch,
0012-hvmloader-Specific-bios_load-function-required.patch,
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch,
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
- Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin
firmware from qemu-ovmf-x86_64. The firmware is preloaded with
Microsoft keys to more closely resemble firmware on real hardware
FATE#320490
* Fri Mar 25 2016 carnold@suse.com
- fate#319989: Update to Xen 4.7 (pre-release)
xen-4.7.0-testing-src.tar.bz2
- Dropped:
xen-4.6.1-testing-src.tar.bz2
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
hotplug-Linux-block-performance-fix.patch
set-mtu-from-bridge-for-tap-interface.patch
xendomains-libvirtd-conflict.patch
xsa154.patch
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa170.patch
* Tue Mar 22 2016 jfehlig@suse.com
- Use system SeaBIOS instead of building/installing another one
FATE#320638
Dropped files:
seabios-dir-remote.tar.bz2
xen-c99-fix.patch
xen.build-compare.seabios.patch
* Wed Mar 16 2016 jfehlig@suse.com
- spec: drop BuildRequires that were only needed for qemu-xen
* Fri Mar 04 2016 carnold@suse.com
- bsc#969377 - xen does not build with GCC 6
ipxe-use-rpm-opt-flags.patch
gcc6-warnings-as-errors.patch
* Thu Mar 03 2016 carnold@suse.com
- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite
loop in ne2000_receive
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
- Drop xsa154-fix.patch
* Wed Mar 02 2016 jfehlig@suse.com
- Use system qemu instead of building/installing yet another qemu
FATE#320638
- Dropped files
qemu-xen-dir-remote.tar.bz2
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
qemu-xen-enable-spice-support.patch
qemu-xen-upstream-qdisk-cache-unsafe.patch
tigervnc-long-press.patch
xsa162-qemuu.patch
* Mon Feb 29 2016 carnold@suse.com
- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer
dereference in vapic_write()
CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch
* Wed Feb 24 2016 carnold@suse.com
- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in
remote NDIS control message handling
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
* Thu Feb 18 2016 carnold@suse.com
- bsc#954872 - L3: script block-dmmd not working as expected -
libxl: error: libxl_dm.c
block-dmmd
- Update libxl to recognize dmmd and npiv prefix in disk spec
xen.libxl.dmmd.patch
* Wed Feb 17 2016 carnold@suse.com
- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers
in ohci module leads to null pointer dereference
CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer
dereference in remote NDIS control message handling
CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch
* Thu Feb 11 2016 carnold@suse.com
- Update to Xen Version 4.6.1
xen-4.6.1-testing-src.tar.bz2
- Dropped patches now contained in tarball or unnecessary
xen-4.6.0-testing-src.tar.bz2
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
56549f24-x86-vPMU-document-as-unsupported.patch
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemut-xenfb.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa159.patch
xsa160.patch
xsa162-qemut.patch
xsa165.patch
xsa166.patch
xsa167.patch
xsa168.patch
* Fri Feb 05 2016 carnold@suse.com
- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent
cachability flags on guest mappings (XSA-154)
xsa154.patch
- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may
crash guest with non-canonical RIP (XSA-170)
xsa170.patch
* Fri Feb 05 2016 carnold@suse.com
- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in
hmp_sendkey routine
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
* Thu Feb 04 2016 carnold@suse.com
- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue
CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref
in sosendto()
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
* Wed Feb 03 2016 carnold@suse.com
- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in
ne2000_receive() function
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
* Tue Feb 02 2016 carnold@suse.com
- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on
incoming migration
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
* Mon Feb 01 2016 carnold@suse.com
- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer
dereference in ehci_caps_write
CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun
on incoming migration
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
* Wed Jan 27 2016 carnold@suse.com
- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop
in start_xmit and e1000_receive_iov routines
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
* Wed Jan 20 2016 carnold@suse.com
- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun
on invalid state load
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
* Tue Jan 19 2016 carnold@suse.com
- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient
resource limiting in VNC websockets decoder
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on
invalid state load
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient
bits_per_pixel from the client sanitization
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
* Mon Jan 18 2016 carnold@suse.com
- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer
overun on invalid state
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer
overflow in non-loopback mode
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
* Wed Jan 13 2016 carnold@suse.com
- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in
processing firmware configurations
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
* Mon Jan 11 2016 carnold@suse.com
- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based
buffer overflow in megasas_ctrl_get_info
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci
use-after-free vulnerability in aio port commands
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
* Thu Jan 07 2016 carnold@suse.com
- bsc#959695 - missing docs for xen
xen.spec
* Wed Jan 06 2016 carnold@suse.com
- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with
INVLPG on non-canonical address (XSA-168)
xsa168.patch
- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage
functionality missing sanity checks (XSA-167)
xsa167.patch
- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect
l2 header validation leads to a crash via assert(2) call
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
* Tue Jan 05 2016 carnold@suse.com
- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers
leads to a crash via assert(2) call
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access
in ioport r/w functions
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
* Mon Jan 04 2016 carnold@suse.com
- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional
logging upon guest changing callback method (XSA-169)
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch
* Mon Dec 21 2015 ohering@suse.de
- Adjust xen-dom0-modules.service to run Before xenstored.service
instead of proc-xen.mount to workaround a bug in systemd "design"
(bnc#959845)
* Wed Dec 16 2015 carnold@suse.com
- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net:
vmxnet3: host memory leakage
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
* Mon Dec 14 2015 carnold@suse.com
- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers
incautious about shared memory contents (XSA-155)
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa155-qemut-xenfb.patch
- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop
in ehci_advance_state results in DoS
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer
dereference issue
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid
floating point exception
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in
MSI-X handling (XSA-164)
xsa164.patch
- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in
legacy x86 FPU/XMM initialization (XSA-165)
xsa165.patch
- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to
multiple read issue (XSA-166)
xsa166.patch
* Fri Nov 27 2015 carnold@suse.com
- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
- Upstream patches from Jan
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
56544a57-VMX-fix-adjust-trap-injection.patch
56546ab2-sched-fix-insert_vcpu-locking.patch
* Wed Nov 25 2015 carnold@suse.com
- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163)
56549f24-x86-vPMU-document-as-unsupported.patch
- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen:
XENMEM_exchange error handling issues (XSA-159)
xsa159.patch
- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel
and initrd on error (XSA-160)
xsa160.patch
- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow
vulnerability in pcnet emulator (XSA-162)
xsa162-qemuu.patch
xsa162-qemut.patch
- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
* Tue Nov 24 2015 carnold@suse.com
- fate#315712: XEN: Use the PVOPS kernel
Turn off building the KMPs now that we are using the pvops kernel
xen.spec
* Thu Nov 19 2015 carnold@suse.com
- Upstream patches from Jan
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch
* Thu Nov 19 2015 ohering@suse.de
- Use upstream variants of block-iscsi and block-nbd
* Thu Nov 19 2015 ohering@suse.de
- Remove xenalyze.hg, its part of xen-4.6
* Tue Nov 10 2015 carnold@suse.com
- Update to Xen Version 4.6.0
xen-4.6.0-testing-src.tar.bz2
mini-os.tar.bz2
blktap2-no-uninit.patch
stubdom-have-iovec.patch
- Renamed
xsa149.patch to CVE-2015-7969-xsa149.patch
- Dropped patches now contained in tarball or unnecessary
xen-4.5.2-testing-src.tar.bz2
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch
54f4985f-libxl-fix-libvirtd-double-free.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
551ac326-xentop-add-support-for-qdisk.patch
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch
blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch
blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch
ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch
ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch
ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch
local_attach_support_for_phy.patch pci-attach-fix.patch
qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch
tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch
xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch
xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch
xl-coredump-file-location.patch
* Thu Nov 05 2015 carnold@suse.com
- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB exception
- bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)
CVE-2015-5307-xsa156.patch
* Wed Nov 04 2015 carnold@suse.com
- Update to Xen 4.5.2
xen-4.5.2-testing-src.tar.bz2
- Drop the following
xen-4.5.1-testing-src.tar.bz2
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch
CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch
xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch
xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch
xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch
xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch
xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch
xsa151.patch xsa152.patch xsa153-libxl.patch
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"
* Mon Nov 02 2015 carnold@suse.com
- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency
populate-on-demand operation is not preemptible (XSA-150)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
* Wed Oct 28 2015 carnold@suse.com
- Upstream patches from Jan
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
* Fri Oct 23 2015 carnold@suse.com
- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand
balloon size inaccuracy can crash guests (XSA-153)
xsa153-libxl.patch
* Fri Oct 16 2015 carnold@suse.com
- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain
vcpu pointer array (DoS) (XSA-149)
xsa149.patch
- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain
profiling-related vcpu pointer array (DoS) (XSA-151)
xsa151.patch
- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and
profiling hypercalls log without rate limiting (XSA-152)
xsa152.patch
- Dropped
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch
* Thu Oct 15 2015 carnold@suse.com
- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure
temporary file use in /net/slirp.c
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
* Wed Oct 14 2015 carnold@suse.com
- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled
creation of large page mappings by PV guests (XSA-148)
CVE-2015-7835-xsa148.patch
* Tue Oct 06 2015 jfehlig@suse.com
- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd
abort
54f4985f-libxl-fix-libvirtd-double-free.patch
* Tue Oct 06 2015 carnold@suse.com
- bsc#949046 - Increase %suse_version in SP1 to 1316
xen.spec
- Update README.SUSE detailing dom0 ballooning recommendations
* Mon Oct 05 2015 carnold@suse.com
- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’
secondly show errors
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
- Upstream patches from Jan
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
* Fri Oct 02 2015 mlatimer@suse.com
- bsc#941074 - VmError: Device 51728 (vbd) could not be connected.
Hotplug scripts not working.
hotplug-Linux-block-performance-fix.patch
* Wed Sep 23 2015 carnold@suse.com
- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
CVE-2015-7311-xsa142.patch
* Wed Sep 16 2015 cyliu@suse.com
- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1
pci-attach-fix.patch
* Tue Sep 15 2015 jfehlig@suse.com
- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
* Wed Sep 09 2015 carnold@suse.com
- Upstream patches from Jan
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch
* Tue Sep 08 2015 carnold@suse.com
- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in
vnc_client_read() and protocol_client_msg()
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch
- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite
loop issue
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
* Wed Aug 26 2015 carnold@suse.com
- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
* Tue Aug 18 2015 carnold@suse.com
- bsc#907514 - Bus fatal error & sles12 sudden reboot has been
observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after
shutdown of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden
reboot has been observed
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch
55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch
55b0a2db-x86-MSI-track-guest-masking.patch
- Upstream patches from Jan
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
- Dropped for upstream version
x86-MSI-mask.patch
x86-MSI-pv-unmask.patch
x86-MSI-X-enable.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch
* Tue Jul 28 2015 carnold@suse.com
- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap
memory in rtl8139 device model
xsa140-qemuu-1.patch
xsa140-qemuu-2.patch
xsa140-qemuu-3.patch
xsa140-qemuu-4.patch
xsa140-qemuu-5.patch
xsa140-qemuu-6.patch
xsa140-qemuu-7.patch
xsa140-qemut-1.patch
xsa140-qemut-2.patch
xsa140-qemut-3.patch
xsa140-qemut-4.patch
xsa140-qemut-5.patch
xsa140-qemut-6.patch
xsa140-qemut-7.patch
- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen
block unplug protocol
xsa139-qemuu.patch
* Tue Jul 21 2015 ohering@suse.de
- bsc#937371 - xen vm's running after reboot
xendomains-libvirtd-conflict.patch
* Thu Jul 16 2015 carnold@suse.com
- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code
execution via IDE subsystem CD-ROM
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch
* Wed Jul 15 2015 ohering@suse.de
- Remove xendomains.service from systemd preset file because it
conflicts with libvirt-guests.service (bnc#937371)
Its up to the admin to run systemctl enable xendomains.service
* Wed Jul 08 2015 carnold@suse.com
- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
CVE-2015-3259-xsa137.patch
- Upstream patches from Jan
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
- Upstream patches from Jan pending review
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
x86-MSI-pv-unmask.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-mask.patch
* Tue Jul 07 2015 ohering@suse.de
- Adjust more places to use br0 instead of xenbr0
* Tue Jun 30 2015 carnold@suse.com
- bnc#936516 - xen fails to build with kernel update(4.1.0 from
stable)
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
* Fri Jun 26 2015 carnold@suse.com
- Update to Xen Version 4.5.1 FCS (fate#315675)
xen-4.5.1-testing-src.tar.bz2
- Dropped patches now contained in tarball
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch
qemu-MSI-X-enable-maskall.patch
qemu-MSI-X-latch-writes.patch
x86-MSI-X-guest-mask.patch
* Thu Jun 25 2015 jfehlig@suse.com
- Replace 5124efbe-add-qxl-support.patch with the variant that
finally made it upstream, 554cc211-libxl-add-qxl.patch
* Wed Jun 10 2015 carnold@suse.com
- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
qemu-MSI-X-latch-writes.patch
- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown
of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot
has been observed
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-X-guest-mask.patch
x86-MSI-X-maskall.patch
qemu-MSI-X-enable-maskall.patch
- Upstream patches from Jan
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
- Dropped the following patches now contained in the tarball
xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch
CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch
CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch
* Wed Jun 03 2015 carnold@suse.com
- Update to Xen 4.5.1 RC2
- bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI
register access in qemu
CVE-2015-4106-xsa131-1.patch
CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch
CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch
CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch
CVE-2015-4106-xsa131-8.patch
CVE-2015-4106-xsa131-9.patch
- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
CVE-2015-4105-xsa130.patch
- bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask
bits inadvertently exposed to guests
CVE-2015-4104-xsa129.patch
- bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential
unintended writes to host MSI message data field via qemu
CVE-2015-4103-xsa128.patch
- Upstream patches from Jan
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch
* Wed May 20 2015 ohering@suse.de
- Add DefaultDependencies=no to xen-dom0-modules.service because
it has to run before proc-xen.mount
* Tue May 19 2015 carnold@suse.com
- Update to Xen 4.5.1 RC1
* Fri May 15 2015 ohering@suse.de
- Update blktap-no-uninit.patch to work with gcc-4.5
* Mon May 11 2015 carnold@suse.com
- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through
XEN_DOMCTL_gettscinfo (XSA-132)
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch
* Thu May 07 2015 carnold@suse.com
- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu
floppy driver host code execution
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch
* Mon Apr 27 2015 carnold@suse.com
- bsc#928783 - Reboot failure; Request backport of upstream Xen
patch to 4.5.0, or update pkgs to 4.5.1
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch
* Tue Apr 21 2015 ohering@suse.de
- bnc#927750 - Avoid errors reported by system-modules-load.service
* Wed Apr 08 2015 rguenther@suse.com
- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively
turn errors back to warnings to fix build with GCC 5.
- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to
avoid implicit-fortify-decl rpmlint error.
- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.
* Fri Apr 03 2015 carnold@suse.com
- xentop: Fix memory leak on read failure
551ac326-xentop-add-support-for-qdisk.patch
* Tue Mar 31 2015 carnold@suse.com
- Dropped xentop-add-support-for-qdisk.patch in favor of upstream
version
551ac326-xentop-add-support-for-qdisk.patch
* Mon Mar 16 2015 carnold@suse.com
- Enable spice support in qemu for x86_64
5124efbe-add-qxl-support.patch
qemu-xen-enable-spice-support.patch
* Thu Mar 12 2015 rguenther@suse.com
- Add xen-c99-fix.patch to remove pointless inline specifier on
function declarations which break build with a C99 compiler which
GCC 5 is by default. (bsc#921994)
- Add ipxe-no-error-logical-not-parentheses.patch to supply
- Wno-logical-not-parentheses to the ipxe build to fix
breakage with GCC 5. (bsc#921994)
* Wed Mar 11 2015 carnold@suse.com
- bnc#921842 - Xentop doesn't display disk statistics for VMs using
qdisks
xentop-add-support-for-qdisk.patch
* Tue Feb 24 2015 meissner@suse.com
- Disable the PIE enablement done for Factory, as the XEN code
is not buildable with PIE and it does not make much sense
to build the hypervisor code with it.
* Tue Feb 17 2015 carnold@suse.com
- bnc#918169 - XEN fixes required to work with Kernel 3.19.0
xen.spec
* Tue Feb 10 2015 ohering@suse.de
- Package xen.changes because its referenced in xen.spec
* Wed Jan 28 2015 carnold@suse.com
- Update seabios to rel-1.7.5 which is the correct version for
Xen 4.5
* Wed Jan 14 2015 carnold@suse.com
- Update to Xen 4.5.0 FCS
* Wed Jan 14 2015 ohering@suse.de
- Include systemd presets in 13.2 and older
* Mon Jan 12 2015 ohering@suse.de
- bnc#897352 - Enable xencommons/xendomains only during fresh install
- disable restart on upgrade because the toolstack is not restartable
* Tue Dec 16 2014 ohering@suse.de
- adjust seabios, vgabios, stubdom and hvmloader build to reduce
build-compare noise
xen.build-compare.mini-os.patch
xen.build-compare.smbiosdate.patch
xen.build-compare.ipxe.patch
xen.build-compare.vgabios.patch
xen.build-compare.seabios.patch
xen.build-compare.man.patch
* Mon Dec 15 2014 carnold@suse.com
- Update to Xen 4.5.0 RC4
* Wed Dec 10 2014 ohering@suse.de
- Remove xend specific if-up scripts
Recording bridge slaves is a generic task which should be handled
by generic network code
* Tue Dec 09 2014 ohering@suse.de
- Use systemd features from upstream
requires updated systemd-presets-branding package
* Thu Dec 04 2014 carnold@suse.com
- Update to Xen 4.5.0 RC3
* Thu Dec 04 2014 ohering@suse.de
- Set GIT, WGET and FTP to /bin/false
* Wed Dec 03 2014 ohering@suse.de
- Use new configure features instead of make variables
xen.stubdom.newlib.patch
* Wed Nov 19 2014 ohering@suse.de
- adjust docs and xen build to reduce build-compare noise
xen.build-compare.doc_html.patch
xen.build-compare.xen_compile_h.patch
* Mon Nov 17 2014 ohering@suse.de
- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise
* Tue Nov 11 2014 carnold@suse.com
- Update to Xen 4.5.0 RC2
* Thu Oct 23 2014 carnold@suse.com
- Update to Xen 4.5.0 RC1
xen-4.5.0-testing-src.tar.bz2
- Remove all patches now contained in the new tarball
xen-4.4.1-testing-src.tar.bz2
5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch
5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch
53299d8f-xenconsole-reset-tty-on-failure.patch
53299d8f-xenconsole-tolerate-tty-errors.patch
5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch
53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch
537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch
537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch
537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch
539ebe62-x86-EFI-improve-boot-time-diagnostics.patch
53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch
53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch
53d124e7-fix-list_domain_details-check-config-data-length-0.patch
53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch
53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch
53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch
53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch
53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch
53fcebab-xen-pass-kernel-initrd-to-qemu.patch
53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch
53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch
53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch
53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch
53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch
54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch
540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch
541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch
541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch
541ad3ca-x86-HVM-batch-vCPU-wakeups.patch
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch
CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch
qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch
libxc-pass-errno-to-callers-of-xc_domain_save.patch
libxl.honor-more-top-level-vfb-options.patch
libxl.add-option-for-discard-support-to-xl-disk-conf.patch
libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch
x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch
xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch
- Xend/xm is no longer supported and is not part of the upstream code. Remove
all xend/xm specific patches, configs, and scripts
xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh
init.xend xend-relocation.sh xend.service xend-relocation-server.fw
domUloader.py xmexample.domUloader xmexample.disks
bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch
network-nat-open-SuSEfirewall2-FORWARD.patch
xend-set-migration-constraints-from-cmdline.patch
xen.migrate.tools-xend_move_assert_to_exception_block.patch
xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch
xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch
xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch
xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch
xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch
xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch
xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch
xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch
xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch
xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch
xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch
xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch
xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch
tmp-initscript-modprobe.patch init.xendomains xendomains.service
xen-watchdog.service xen-updown.sh
* Thu Oct 16 2014 carnold@suse.com
- bnc#901317 - L3: increase limit domUloader to 32MB
domUloader.py
* Tue Oct 14 2014 carnold@suse.com
- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF
device (SR-IOV) to guest
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
- bnc#882089 - Windows 2012 R2 fails to boot up with greater than
60 vcpus
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d
Interrupt Remapping engines can be evaded by native NMI interrupts
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
- Upstream patches from Jan
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch)
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch)
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch)
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch)
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch)
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch)
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch
/usr/lib64/libxencall.so.1 /usr/lib64/libxencall.so.1.3 /usr/lib64/libxenctrl.so.4.17 /usr/lib64/libxenctrl.so.4.17.0 /usr/lib64/libxendevicemodel.so.1 /usr/lib64/libxendevicemodel.so.1.4 /usr/lib64/libxenevtchn.so.1 /usr/lib64/libxenevtchn.so.1.2 /usr/lib64/libxenforeignmemory.so.1 /usr/lib64/libxenforeignmemory.so.1.4 /usr/lib64/libxenfsimage.so.4.17 /usr/lib64/libxenfsimage.so.4.17.0 /usr/lib64/libxengnttab.so.1 /usr/lib64/libxengnttab.so.1.2 /usr/lib64/libxenguest.so.4.17 /usr/lib64/libxenguest.so.4.17.0 /usr/lib64/libxenhypfs.so.1 /usr/lib64/libxenhypfs.so.1.0 /usr/lib64/libxenlight.so.4.17 /usr/lib64/libxenlight.so.4.17.0 /usr/lib64/libxenstat.so.4.17 /usr/lib64/libxenstat.so.4.17.0 /usr/lib64/libxenstore.so.4 /usr/lib64/libxenstore.so.4.0 /usr/lib64/libxentoolcore.so.1 /usr/lib64/libxentoolcore.so.1.0 /usr/lib64/libxentoollog.so.1 /usr/lib64/libxentoollog.so.1.0 /usr/lib64/libxenvchan.so.4.17 /usr/lib64/libxenvchan.so.4.17.0 /usr/lib64/libxlutil.so.4.17 /usr/lib64/libxlutil.so.4.17.0 /usr/lib64/xenfsimage /usr/lib64/xenfsimage/ext2fs /usr/lib64/xenfsimage/ext2fs/fsimage.so /usr/lib64/xenfsimage/fat /usr/lib64/xenfsimage/fat/fsimage.so /usr/lib64/xenfsimage/iso9660 /usr/lib64/xenfsimage/iso9660/fsimage.so /usr/lib64/xenfsimage/reiserfs /usr/lib64/xenfsimage/reiserfs/fsimage.so /usr/lib64/xenfsimage/ufs /usr/lib64/xenfsimage/ufs/fsimage.so /usr/lib64/xenfsimage/xfs /usr/lib64/xenfsimage/xfs/fsimage.so /usr/lib64/xenfsimage/zfs /usr/lib64/xenfsimage/zfs/fsimage.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Aug 9 14:57:03 2025