| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: xen-doc-html | Distribution: openSUSE Tumbleweed |
| Version: 4.20.0_02 | Vendor: openSUSE |
| Release: 1.2 | Build date: Mon Jan 6 14:01:11 2025 |
| Group: Documentation/HTML | Build host: reproducible |
| Size: 713826 | Source RPM: xen-4.20.0_02-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ | |
| Summary: Xen Virtualization: HTML documentation | |
Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
xen-doc-html contains the online documentation in HTML format. Point
your browser at file:/usr/share/doc/packages/xen/html/
Authors:
--------
Ian Pratt <ian.pratt@cl.cam.ac.uk>
GPL-2.0-only
* Mon Jan 06 2025 carnold@suse.com
- Update to Xen 4.20.0 pre-release (jsc#PED-8907)
xen-4.20.0-testing-src.tar.bz2
- New Features
* On Arm:
- Experimental support for Armv8-R.
- Support for NXP S32G3 Processors Family and NXP LINFlexD UART driver.
- Basic handling for SCMI requests over SMC using Shared Memory, by allowing
forwarding the calls to EL3 FW if coming from hwdom.
- Support for LLC (Last Level Cache) coloring.
* On x86:
- xl suspend/resume subcommands.
- Support for SRSO_U/S_NO and SRSO_MSR_FIX
- Changed Features
* Fixed blkif protocol specification for sector sizes different than 512b.
* The dombuilder in libxenguest no longer un-gzips secondary modules, instead
leaving this to the guest kernel to do in guest context.
* On x86:
- Prefer ACPI reboot over UEFI ResetSystem() run time service call.
- Switched the xAPIC flat driver to use physical destination mode for external
interrupts instead of logical destination mode.
- Removed Features
* On x86:
- Support for running on Xeon Phi processors.
- Removed the `ucode=allow-same` command line option.
- Removed x2APIC Cluster Mode for external interrupts. x2APIC Physical and
Mixed Modes are still available.
- Dropped patches
xsa466.patch
* Wed Dec 11 2024 ohering@suse.de
- Move /etc/bash_completion.d/xl back to %_datadir/bash-completion/completions
* Mon Dec 09 2024 carnold@suse.com
- bsc#1234282 - VUL-0: xen: XSA-466: Xen hypercall page unsafe
against speculative attacks
xsa466.patch
* Wed Dec 04 2024 carnold@suse.com
- Update to Xen 4.19.1 bug fix release (jsc#PED-8907)
xen-4.19.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches
66a8b8ac-bunzip2-rare-failure.patch
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa464.patch
gcc14-fixes.patch
* Wed Oct 30 2024 carnold@suse.com
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop stdvga-cache.patch
* Tue Oct 29 2024 ohering@suse.de
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
* Thu Sep 26 2024 jbeulich@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
* Tue Sep 10 2024 carnold@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
* Fri Aug 30 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
* Wed Aug 14 2024 carnold@suse.com
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
* Tue Aug 06 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
66a8b8ac-bunzip2-rare-failure.patch
* Tue Jul 30 2024 carnold@suse.com
- Update to Xen 4.19.0 FCS release (jsc#PED-8907)
xen-4.19.0-testing-src.tar.bz2
- New Features
* On x86:
- Introduce a new x2APIC driver that uses Cluster Logical addressing mode
for IPIs and Physical addressing mode for external interrupts.
* On Arm:
- FF-A notification support.
- Introduction of dynamic node programming using overlay dtbo.
* Add a new 9pfs backend running as a daemon in dom0. First user is
Xenstore-stubdom now being able to support full Xenstore trace capability.
* libxl support for backendtype=tap with tapback.
- Changed Features
* Changed flexible array definitions in public I/O interface headers to not
use "1" as the number of array elements.
* The minimum supported OCaml toolchain version is now 4.05
* On x86:
- HVM PIRQs are disabled by default.
- Reduce IOMMU setup time for hardware domain.
- Allow HVM/PVH domains to map foreign pages.
- Declare PVH dom0 supported with caveats.
* xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
* Increase the maximum number of CPUs Xen can be built for from 4095 to
16383.
* When building with Systemd support (./configure --enable-systemd), remove
libsystemd as a build dependency. Systemd Notify support is retained, now
using a standalone library implementation.
* xenalyze no longer requires `--svm-mode` when analyzing traces
generated on AMD CPUs
* Code symbol annotations and MISRA compliance improvements.
- Removed Features
* caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has
been superseded by the MirageOS/SOLO5 projects.
* /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for
compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub"
should be updated to just bootloader="pygrub".
* The Xen gdbstub on x86.
* xentrace_format has been removed; use xenalyze instead.
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- Dropped patches no longer necessary
bin-python3-conversion.patch
migration-python3-conversion.patch
* Tue Jul 23 2024 Franz Sirl <franz.sirl-obs@lauterbach.com>
- Enable support for ZSTD and LZO compression formats
* Wed Jul 03 2024 carnold@suse.com
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
* Mon Jun 24 2024 jbeulich@suse.com
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
* Wed Jun 12 2024 Daniel Garcia <daniel.garcia@suse.com>
- Fix python3 shebang in tools package (bsc#1212476)
- Depend directly on %primary_python instead of python3 so this
package will continue working without rebuilding even if python3
changes in the system.
- Remove not needed patches, these patches adds the python3 shebang to
some scripts, but that's done during the build phase so it's not
needed:
- bin-python3-conversion.patch
- migration-python3-conversion.patch
* Tue Jun 04 2024 carnold@suse.com
- bsc#1225953 - Package xen does not build with gcc14 because of
new errors
gcc14-fixes.patch
* Wed May 15 2024 jbeulich@suse.com
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
* Tue Apr 09 2024 carnold@suse.com
- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
xen-4.18.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patch contained in new tarball
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Mon Mar 25 2024 jbeulich@suse.com
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Fri Mar 15 2024 carnold@suse.com
- Update to Xen 4.18.1 bug fix release (bsc#1027519)
xen-4.18.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
- Dropped patches included in new tarball
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
* Tue Feb 13 2024 carnold@suse.com
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
* Wed Jan 31 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
xsa449.patch
xsa450.patch
* Tue Jan 23 2024 carnold@suse.com
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
* Tue Jan 16 2024 carnold@suse.com
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
* Tue Nov 21 2023 carnold@suse.com
- Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to
provide better hypervisor security
xen.spec
* Tue Nov 21 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
* Mon Nov 20 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)
* Thu Nov 16 2023 carnold@suse.com
- Update to Xen 4.18.0 FCS release (jsc#PED-4984)
xen-4.18.0-testing-src.tar.bz2
* Repurpose command line gnttab_max_{maptrack_,}frames options so they don't
cap toolstack provided values.
* Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only
known user doesn't use it properly, leading to in-guest breakage.
* The "dom0" option is now supported on Arm and "sve=" sub-option can be used
to enable dom0 guest to use SVE/SVE2 instructions.
* Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU
Hotplug" for clarity
* On x86, support for features new in Intel Sapphire Rapids CPUs:
- PKS (Protection Key Supervisor) available to HVM/PVH guests.
- VM-Notify used by Xen to mitigate certain micro-architectural pipeline
livelocks, instead of crashing the entire server.
- Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system
wide impact of a guest misusing atomic instructions.
* xl/libxl can customize SMBIOS strings for HVM guests.
* Add support for AVX512-FP16 on x86.
* On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview)
* On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator
(Tech Preview)
* Add Intel Hardware P-States (HWP) cpufreq driver.
* On Arm, experimental support for dynamic addition/removal of Xen device tree
nodes using a device tree overlay binary (.dtbo).
* Introduce two new hypercalls to map the vCPU runstate and time areas by
physical rather than linear/virtual addresses.
* On x86, support for enforcing system-wide operation in Data Operand
Independent Timing Mode.
* The project has now officially adopted 6 directives and 65 rules of MISRA-C.
* On x86, the "pku" command line option has been removed. It has never
behaved precisely as described, and was redundant with the unsupported
"cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file.
* xenpvnetboot removed as unable to convert to Python 3.
* xencons is no longer supported or present. See 5d22d69b30
- Droppped patches contained in new tarballs
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
64d33a57-libxenstat-Linux-nul-terminate-string.patch
aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
xen.stubdom.newlib.patch
xsa446.patch
xsa445.patch
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa443-10.patch
xsa443-11.patch
xsa440.patch
- Dropped xen-utils-0.1.tar.bz2
The xen-list and xen-destroy commands are removed. Originally
created as a better replacement for 'xm'. The 'xl' equivalent
commands should be used instead.
- Dropped libxl.pvscsi.patch
Support for PVSCSI devices in the guest is no longer supported.
* Thu Nov 02 2023 carnold@suse.com
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
fully effective (XSA-446)
xsa446.patch
* Fri Oct 27 2023 carnold@suse.com
- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
IOMMU quarantine page table levels (XSA-445)
xsa445.patch
* Wed Oct 18 2023 jfehlig@suse.com
- Supportconfig: Adapt plugin to modern supportconfig
The supportconfig 'scplugin.rc' file is deprecated in favor of
supportconfig.rc'. Adapt the xen plugin to the new scheme.
xen-supportconfig
* Tue Oct 17 2023 jbeulich@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
65087004-x86-entry-restore_all_xen-stack_end.patch
65087005-x86-entry-track-IST-ness-of-entry.patch
65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
65087007-x86-AMD-Zen-1-2-predicates.patch
65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
65263471-libfsimage-xfs-remove-dead-code.patch
65263472-libfsimage-xfs-amend-mask32lo.patch
65263473-libfsimage-xfs-sanity-check-superblock.patch
65263474-libfsimage-xfs-compile-time-check.patch
65263475-pygrub-remove-unnecessary-hypercall.patch
65263476-pygrub-small-refactors.patch
65263477-pygrub-open-output-files-earlier.patch
65263478-libfsimage-function-to-preload-plugins.patch
65263479-pygrub-deprivilege.patch
6526347a-libxl-allow-bootloader-restricted-mode.patch
6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
64f71f50-Arm-handle-cache-flush-at-top.patch
65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa442.patch
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
xsa444-1.patch
xsa444-2.patch
* Wed Sep 27 2023 carnold@suse.com
- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
transaction conflict can crash C Xenstored (XSA-440)
xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
xsa444-1.patch
xsa444-2.patch
* Mon Sep 18 2023 carnold@suse.com
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
* Fri Sep 08 2023 carnold@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
xsa438.patch
* Sun Aug 13 2023 ohering@suse.de
- Handle potential unaligned access to bitmap in
libxc-sr-restore-hvm-legacy-superpage.patch
If setting BITS_PER_LONG at once, the initial bit must be aligned
* Thu Aug 10 2023 jbeulich@suse.com
- bsc#1212684 - xentop fails with long interface name
64d33a57-libxenstat-Linux-nul-terminate-string.patch
* Tue Aug 08 2023 carnold@suse.com
- Update to Xen 4.17.2 bug fix release (bsc#1027519)
xen-4.17.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
Sampling (XSA-435)
- Dropped patches contained in new tarball
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
645dec48-AMD-IOMMU-assert-boolean-enum.patch
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
64bea1b2-x86-AMD-Zenbleed.patch
* Tue Aug 01 2023 ohering@suse.de
- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
A bit is an index in bitmap, while bits is the allocated size
of the bitmap.
* Fri Jul 28 2023 ohering@suse.de
- Add more debug to libxc-sr-track-migration-time.patch
This is supposed to help with doing the math in case xl restore
fails with ERANGE as reported in bug#1209311
* Tue Jul 25 2023 carnold@suse.com
- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
(XSA-433)
64bea1b2-x86-AMD-Zenbleed.patch
* Thu Jul 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
* Mon May 22 2023 carnold@suse.com
- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest
SSBD selection on AMD hardware (XSA-431)
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
* Thu May 04 2023 carnold@suse.com
- bsc#1210570 - gcc-13 realloc use-after-free analysis error
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
* Fri Apr 28 2023 carnold@suse.com
- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
* Thu Apr 27 2023 carnold@suse.com
- Update to Xen 4.17.1 bug fix release (bsc#1027519)
xen-4.17.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
640f3035-x86-altp2m-help-gcc13.patch
641041e8-VT-d-constrain-IGD-check.patch
64104238-bunzip-gcc13.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
xsa430.patch
* Tue Apr 11 2023 carnold@suse.com
- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging
arbitrary pointer dereference (XSA-430)
xsa430.patch
* Fri Mar 31 2023 carnold@suse.com
- Not building the shim is correctly handled by --disable-pvshim
Drop disable-building-pv-shim.patch
* Thu Mar 23 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
640f3035-x86-altp2m-help-gcc13.patch
64104238-bunzip-gcc13.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
bunzip-gcc13.patch
altp2m-gcc13.patch
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch
* Thu Mar 16 2023 ohering@suse.de
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch
* Tue Mar 07 2023 carnold@suse.com
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
* Thu Mar 02 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
bunzip-gcc13.patch
altp2m-gcc13.patch
- Drop gcc13-fixes.patch
* Tue Feb 28 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
gcc13-fixes.patch
* Wed Feb 15 2023 carnold@suse.com
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
Address Predictions (XSA-426)
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
* Thu Feb 09 2023 carnold@suse.com
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
SLES15 SP4 xen kernel.
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
* Mon Feb 06 2023 jbeulich@suse.com
- bsc#1026236 - tidy/modernize patch
xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Feb 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch ->
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
* Wed Jan 25 2023 carnold@suse.com
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch
* Tue Jan 03 2023 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
* Tue Dec 20 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03e28-x86-high-freq-TSC-overflow.patch
* Thu Dec 08 2022 carnold@suse.com
- Update to Xen 4.17.0 FCS release (jsc#PED-1858)
xen-4.17.0-testing-src.tar.bz2
* On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
* The "gnttab" option now has a new command line sub-option for disabling the
GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C,
added MISRA-C checker build integration, and defined how to document
deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
when they don't share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own
protection. Both Shadow Stacks (ROP protection) and Indirect Branch
Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically
booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at
domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line
option on Arm.
* Grant-table support on Arm was improved and hardened by implementing
"simplified M2P-like approach for the xenheap pages"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
- Drop patches contained in new tarball or invalid
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
* Wed Sep 28 2022 carnold@suse.com
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
* Wed Aug 31 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Mon Aug 29 2022 carnold@suse.com
- bsc#1201994 - Xen DomU unable to emulate audio device
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
* Tue Aug 23 2022 carnold@suse.com
- Things are compiling fine now with gcc12.
Drop gcc12-fixes.patch
* Thu Aug 18 2022 carnold@suse.com
- Update to Xen 4.16.2 bug fix release (bsc#1027519)
xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
62a99614-IOMMU-x86-gcc12.patch
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
xsa408.patch
* Thu Jul 28 2022 ohering@suse.de
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
* Wed Jul 13 2022 carnold@suse.com
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
* Wed Jul 13 2022 jbeulich@suse.com
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue Jul 12 2022 carnold@suse.com
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
* Tue Jun 28 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 jbeulich@suse.com
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch
* Tue May 31 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue May 10 2022 Dirk Müller <dmueller@suse.com>
- fix python3 >= 3.10 version detection
* Wed Apr 13 2022 carnold@suse.com
- Update to Xen 4.16.1 bug fix release (bsc#1027519)
xen-4.16.1-testing-src.tar.bz2
- Drop patches contained in new tarball
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
* Fri Apr 08 2022 jbeulich@suse.com
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
* Mon Apr 04 2022 carnold@suse.com
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
* Mon Mar 14 2022 jbeulich@suse.com
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
* Thu Mar 03 2022 carnold@suse.com
- bsc#1196545 - GCC 12: xen package fails
gcc12-fixes.patch
* Mon Feb 14 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Drop patches replaced by the above:
xsa393.patch
xsa394.patch
xsa395.patch
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Thu Jan 13 2022 carnold@suse.com
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
* Wed Jan 12 2022 carnold@suse.com
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Tue Jan 11 2022 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Drop libxl-PCI-defer-backend-wait.patch
* Thu Jan 06 2022 jbeulich@suse.com
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
* Tue Jan 04 2022 James Fehlig <jfehlig@suse.com>
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
/usr/share/doc/packages/xen /usr/share/doc/packages/xen/html /usr/share/doc/packages/xen/html/hypercall /usr/share/doc/packages/xen/html/hypercall/arm /usr/share/doc/packages/xen/html/hypercall/arm/index.html /usr/share/doc/packages/xen/html/hypercall/index.html /usr/share/doc/packages/xen/html/hypercall/x86_32 /usr/share/doc/packages/xen/html/hypercall/x86_32/index.html /usr/share/doc/packages/xen/html/hypercall/x86_64 /usr/share/doc/packages/xen/html/hypercall/x86_64/index.html /usr/share/doc/packages/xen/html/index.html /usr/share/doc/packages/xen/html/man /usr/share/doc/packages/xen/html/man/index.html /usr/share/doc/packages/xen/html/man/xen-pci-device-reservations.7.html /usr/share/doc/packages/xen/html/man/xen-pv-channel.7.html /usr/share/doc/packages/xen/html/man/xen-tscmode.7.html /usr/share/doc/packages/xen/html/man/xen-vtpm.7.html /usr/share/doc/packages/xen/html/man/xen-vtpmmgr.7.html /usr/share/doc/packages/xen/html/man/xenhypfs.1.html /usr/share/doc/packages/xen/html/man/xenstore-chmod.1.html /usr/share/doc/packages/xen/html/man/xenstore-ls.1.html /usr/share/doc/packages/xen/html/man/xenstore-read.1.html /usr/share/doc/packages/xen/html/man/xenstore-write.1.html /usr/share/doc/packages/xen/html/man/xenstore.1.html /usr/share/doc/packages/xen/html/man/xentop.1.html /usr/share/doc/packages/xen/html/man/xentrace.8.html /usr/share/doc/packages/xen/html/man/xenwatchdogd.8.html /usr/share/doc/packages/xen/html/man/xl-disk-configuration.5.html /usr/share/doc/packages/xen/html/man/xl-network-configuration.5.html /usr/share/doc/packages/xen/html/man/xl-numa-placement.7.html /usr/share/doc/packages/xen/html/man/xl-pci-configuration.5.html /usr/share/doc/packages/xen/html/man/xl.1.html /usr/share/doc/packages/xen/html/man/xl.cfg.5.html /usr/share/doc/packages/xen/html/man/xl.conf.5.html /usr/share/doc/packages/xen/html/man/xlcpupool.cfg.5.html /usr/share/doc/packages/xen/html/misc /usr/share/doc/packages/xen/html/misc/amd-ucode-container.txt /usr/share/doc/packages/xen/html/misc/arm /usr/share/doc/packages/xen/html/misc/arm/big.LITTLE.txt /usr/share/doc/packages/xen/html/misc/arm/booting.txt /usr/share/doc/packages/xen/html/misc/arm/device-tree /usr/share/doc/packages/xen/html/misc/arm/device-tree/acpi.txt /usr/share/doc/packages/xen/html/misc/arm/device-tree/booting.txt /usr/share/doc/packages/xen/html/misc/arm/device-tree/cpupools.txt /usr/share/doc/packages/xen/html/misc/arm/device-tree/guest.txt /usr/share/doc/packages/xen/html/misc/arm/device-tree/index.html /usr/share/doc/packages/xen/html/misc/arm/device-tree/passthrough.txt /usr/share/doc/packages/xen/html/misc/arm/early-printk.txt /usr/share/doc/packages/xen/html/misc/arm/index.html /usr/share/doc/packages/xen/html/misc/arm/overlay.txt /usr/share/doc/packages/xen/html/misc/arm/passthrough-noiommu.txt /usr/share/doc/packages/xen/html/misc/arm/passthrough.txt /usr/share/doc/packages/xen/html/misc/arm/silicon-errata.txt /usr/share/doc/packages/xen/html/misc/block-scripts.txt /usr/share/doc/packages/xen/html/misc/console.txt /usr/share/doc/packages/xen/html/misc/crashdb.txt /usr/share/doc/packages/xen/html/misc/distro_mapping.txt /usr/share/doc/packages/xen/html/misc/dump-core-format.txt /usr/share/doc/packages/xen/html/misc/grant-tables.txt /usr/share/doc/packages/xen/html/misc/index.html /usr/share/doc/packages/xen/html/misc/kexec_and_kdump.txt /usr/share/doc/packages/xen/html/misc/libxl_memory.txt /usr/share/doc/packages/xen/html/misc/printk-formats.txt /usr/share/doc/packages/xen/html/misc/qemu-backends.txt /usr/share/doc/packages/xen/html/misc/riscv /usr/share/doc/packages/xen/html/misc/riscv/booting.txt /usr/share/doc/packages/xen/html/misc/riscv/index.html /usr/share/doc/packages/xen/html/misc/stubdom.txt /usr/share/doc/packages/xen/html/misc/vtd-pi.txt /usr/share/doc/packages/xen/html/misc/vtd.txt /usr/share/doc/packages/xen/html/misc/vtpm-platforms.txt /usr/share/doc/packages/xen/html/misc/xen-error-handling.txt /usr/share/doc/packages/xen/html/misc/xenmon.txt /usr/share/doc/packages/xen/html/misc/xenpaging.txt /usr/share/doc/packages/xen/html/misc/xenstore-ring.txt /usr/share/doc/packages/xen/html/misc/xenstore.txt /usr/share/doc/packages/xen/html/misc/xsm-flask.txt /usr/share/doc/packages/xen/misc /usr/share/doc/packages/xen/misc/crashdb.txt /usr/share/doc/packages/xen/misc/vtpm-platforms.txt /usr/share/doc/packages/xen/misc/xen-command-line.pandoc /usr/share/doc/packages/xen/misc/xenpaging.txt /usr/share/doc/packages/xen/misc/xenstore-paths.pandoc
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 01:37:12 2025