| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: xen-tools | Distribution: openSUSE Tumbleweed |
| Version: 4.20.0_02 | Vendor: openSUSE |
| Release: 1.2 | Build date: Mon Jan 6 14:01:11 2025 |
| Group: System/Kernel | Build host: reproducible |
| Size: 3063015 | Source RPM: xen-4.20.0_02-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ | |
| Summary: Xen Virtualization: Control tools for domain 0 | |
Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
This package contains the control tools that allow you to start, stop,
migrate, and manage virtual machines.
In addition to this package you need to install xen and xen-libs
to use Xen.
Authors:
--------
Ian Pratt <ian.pratt@cl.cam.ac.uk>
GPL-2.0-only
* Mon Jan 06 2025 carnold@suse.com
- Update to Xen 4.20.0 pre-release (jsc#PED-8907)
xen-4.20.0-testing-src.tar.bz2
- New Features
* On Arm:
- Experimental support for Armv8-R.
- Support for NXP S32G3 Processors Family and NXP LINFlexD UART driver.
- Basic handling for SCMI requests over SMC using Shared Memory, by allowing
forwarding the calls to EL3 FW if coming from hwdom.
- Support for LLC (Last Level Cache) coloring.
* On x86:
- xl suspend/resume subcommands.
- Support for SRSO_U/S_NO and SRSO_MSR_FIX
- Changed Features
* Fixed blkif protocol specification for sector sizes different than 512b.
* The dombuilder in libxenguest no longer un-gzips secondary modules, instead
leaving this to the guest kernel to do in guest context.
* On x86:
- Prefer ACPI reboot over UEFI ResetSystem() run time service call.
- Switched the xAPIC flat driver to use physical destination mode for external
interrupts instead of logical destination mode.
- Removed Features
* On x86:
- Support for running on Xeon Phi processors.
- Removed the `ucode=allow-same` command line option.
- Removed x2APIC Cluster Mode for external interrupts. x2APIC Physical and
Mixed Modes are still available.
- Dropped patches
xsa466.patch
* Wed Dec 11 2024 ohering@suse.de
- Move /etc/bash_completion.d/xl back to %_datadir/bash-completion/completions
* Mon Dec 09 2024 carnold@suse.com
- bsc#1234282 - VUL-0: xen: XSA-466: Xen hypercall page unsafe
against speculative attacks
xsa466.patch
* Wed Dec 04 2024 carnold@suse.com
- Update to Xen 4.19.1 bug fix release (jsc#PED-8907)
xen-4.19.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches
66a8b8ac-bunzip2-rare-failure.patch
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa464.patch
gcc14-fixes.patch
* Wed Oct 30 2024 carnold@suse.com
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop stdvga-cache.patch
* Tue Oct 29 2024 ohering@suse.de
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
* Thu Sep 26 2024 jbeulich@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
* Tue Sep 10 2024 carnold@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
* Fri Aug 30 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
* Wed Aug 14 2024 carnold@suse.com
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
* Tue Aug 06 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
66a8b8ac-bunzip2-rare-failure.patch
* Tue Jul 30 2024 carnold@suse.com
- Update to Xen 4.19.0 FCS release (jsc#PED-8907)
xen-4.19.0-testing-src.tar.bz2
- New Features
* On x86:
- Introduce a new x2APIC driver that uses Cluster Logical addressing mode
for IPIs and Physical addressing mode for external interrupts.
* On Arm:
- FF-A notification support.
- Introduction of dynamic node programming using overlay dtbo.
* Add a new 9pfs backend running as a daemon in dom0. First user is
Xenstore-stubdom now being able to support full Xenstore trace capability.
* libxl support for backendtype=tap with tapback.
- Changed Features
* Changed flexible array definitions in public I/O interface headers to not
use "1" as the number of array elements.
* The minimum supported OCaml toolchain version is now 4.05
* On x86:
- HVM PIRQs are disabled by default.
- Reduce IOMMU setup time for hardware domain.
- Allow HVM/PVH domains to map foreign pages.
- Declare PVH dom0 supported with caveats.
* xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
* Increase the maximum number of CPUs Xen can be built for from 4095 to
16383.
* When building with Systemd support (./configure --enable-systemd), remove
libsystemd as a build dependency. Systemd Notify support is retained, now
using a standalone library implementation.
* xenalyze no longer requires `--svm-mode` when analyzing traces
generated on AMD CPUs
* Code symbol annotations and MISRA compliance improvements.
- Removed Features
* caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has
been superseded by the MirageOS/SOLO5 projects.
* /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for
compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub"
should be updated to just bootloader="pygrub".
* The Xen gdbstub on x86.
* xentrace_format has been removed; use xenalyze instead.
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- Dropped patches no longer necessary
bin-python3-conversion.patch
migration-python3-conversion.patch
* Tue Jul 23 2024 Franz Sirl <franz.sirl-obs@lauterbach.com>
- Enable support for ZSTD and LZO compression formats
* Wed Jul 03 2024 carnold@suse.com
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
* Mon Jun 24 2024 jbeulich@suse.com
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
* Wed Jun 12 2024 Daniel Garcia <daniel.garcia@suse.com>
- Fix python3 shebang in tools package (bsc#1212476)
- Depend directly on %primary_python instead of python3 so this
package will continue working without rebuilding even if python3
changes in the system.
- Remove not needed patches, these patches adds the python3 shebang to
some scripts, but that's done during the build phase so it's not
needed:
- bin-python3-conversion.patch
- migration-python3-conversion.patch
* Tue Jun 04 2024 carnold@suse.com
- bsc#1225953 - Package xen does not build with gcc14 because of
new errors
gcc14-fixes.patch
* Wed May 15 2024 jbeulich@suse.com
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
* Tue Apr 09 2024 carnold@suse.com
- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
xen-4.18.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patch contained in new tarball
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Mon Mar 25 2024 jbeulich@suse.com
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Fri Mar 15 2024 carnold@suse.com
- Update to Xen 4.18.1 bug fix release (bsc#1027519)
xen-4.18.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
- Dropped patches included in new tarball
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
* Tue Feb 13 2024 carnold@suse.com
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
* Wed Jan 31 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
xsa449.patch
xsa450.patch
* Tue Jan 23 2024 carnold@suse.com
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
* Tue Jan 16 2024 carnold@suse.com
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
* Tue Nov 21 2023 carnold@suse.com
- Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to
provide better hypervisor security
xen.spec
* Tue Nov 21 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
* Mon Nov 20 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)
* Thu Nov 16 2023 carnold@suse.com
- Update to Xen 4.18.0 FCS release (jsc#PED-4984)
xen-4.18.0-testing-src.tar.bz2
* Repurpose command line gnttab_max_{maptrack_,}frames options so they don't
cap toolstack provided values.
* Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only
known user doesn't use it properly, leading to in-guest breakage.
* The "dom0" option is now supported on Arm and "sve=" sub-option can be used
to enable dom0 guest to use SVE/SVE2 instructions.
* Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU
Hotplug" for clarity
* On x86, support for features new in Intel Sapphire Rapids CPUs:
- PKS (Protection Key Supervisor) available to HVM/PVH guests.
- VM-Notify used by Xen to mitigate certain micro-architectural pipeline
livelocks, instead of crashing the entire server.
- Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system
wide impact of a guest misusing atomic instructions.
* xl/libxl can customize SMBIOS strings for HVM guests.
* Add support for AVX512-FP16 on x86.
* On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview)
* On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator
(Tech Preview)
* Add Intel Hardware P-States (HWP) cpufreq driver.
* On Arm, experimental support for dynamic addition/removal of Xen device tree
nodes using a device tree overlay binary (.dtbo).
* Introduce two new hypercalls to map the vCPU runstate and time areas by
physical rather than linear/virtual addresses.
* On x86, support for enforcing system-wide operation in Data Operand
Independent Timing Mode.
* The project has now officially adopted 6 directives and 65 rules of MISRA-C.
* On x86, the "pku" command line option has been removed. It has never
behaved precisely as described, and was redundant with the unsupported
"cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file.
* xenpvnetboot removed as unable to convert to Python 3.
* xencons is no longer supported or present. See 5d22d69b30
- Droppped patches contained in new tarballs
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
64d33a57-libxenstat-Linux-nul-terminate-string.patch
aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
xen.stubdom.newlib.patch
xsa446.patch
xsa445.patch
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa443-10.patch
xsa443-11.patch
xsa440.patch
- Dropped xen-utils-0.1.tar.bz2
The xen-list and xen-destroy commands are removed. Originally
created as a better replacement for 'xm'. The 'xl' equivalent
commands should be used instead.
- Dropped libxl.pvscsi.patch
Support for PVSCSI devices in the guest is no longer supported.
* Thu Nov 02 2023 carnold@suse.com
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
fully effective (XSA-446)
xsa446.patch
* Fri Oct 27 2023 carnold@suse.com
- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
IOMMU quarantine page table levels (XSA-445)
xsa445.patch
* Wed Oct 18 2023 jfehlig@suse.com
- Supportconfig: Adapt plugin to modern supportconfig
The supportconfig 'scplugin.rc' file is deprecated in favor of
supportconfig.rc'. Adapt the xen plugin to the new scheme.
xen-supportconfig
* Tue Oct 17 2023 jbeulich@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
65087004-x86-entry-restore_all_xen-stack_end.patch
65087005-x86-entry-track-IST-ness-of-entry.patch
65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
65087007-x86-AMD-Zen-1-2-predicates.patch
65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
65263471-libfsimage-xfs-remove-dead-code.patch
65263472-libfsimage-xfs-amend-mask32lo.patch
65263473-libfsimage-xfs-sanity-check-superblock.patch
65263474-libfsimage-xfs-compile-time-check.patch
65263475-pygrub-remove-unnecessary-hypercall.patch
65263476-pygrub-small-refactors.patch
65263477-pygrub-open-output-files-earlier.patch
65263478-libfsimage-function-to-preload-plugins.patch
65263479-pygrub-deprivilege.patch
6526347a-libxl-allow-bootloader-restricted-mode.patch
6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
64f71f50-Arm-handle-cache-flush-at-top.patch
65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa442.patch
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
xsa444-1.patch
xsa444-2.patch
* Wed Sep 27 2023 carnold@suse.com
- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
transaction conflict can crash C Xenstored (XSA-440)
xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
xsa444-1.patch
xsa444-2.patch
* Mon Sep 18 2023 carnold@suse.com
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
* Fri Sep 08 2023 carnold@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
xsa438.patch
* Sun Aug 13 2023 ohering@suse.de
- Handle potential unaligned access to bitmap in
libxc-sr-restore-hvm-legacy-superpage.patch
If setting BITS_PER_LONG at once, the initial bit must be aligned
* Thu Aug 10 2023 jbeulich@suse.com
- bsc#1212684 - xentop fails with long interface name
64d33a57-libxenstat-Linux-nul-terminate-string.patch
* Tue Aug 08 2023 carnold@suse.com
- Update to Xen 4.17.2 bug fix release (bsc#1027519)
xen-4.17.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
Sampling (XSA-435)
- Dropped patches contained in new tarball
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
645dec48-AMD-IOMMU-assert-boolean-enum.patch
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
64bea1b2-x86-AMD-Zenbleed.patch
* Tue Aug 01 2023 ohering@suse.de
- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
A bit is an index in bitmap, while bits is the allocated size
of the bitmap.
* Fri Jul 28 2023 ohering@suse.de
- Add more debug to libxc-sr-track-migration-time.patch
This is supposed to help with doing the math in case xl restore
fails with ERANGE as reported in bug#1209311
* Tue Jul 25 2023 carnold@suse.com
- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
(XSA-433)
64bea1b2-x86-AMD-Zenbleed.patch
* Thu Jul 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
* Mon May 22 2023 carnold@suse.com
- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest
SSBD selection on AMD hardware (XSA-431)
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
* Thu May 04 2023 carnold@suse.com
- bsc#1210570 - gcc-13 realloc use-after-free analysis error
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
* Fri Apr 28 2023 carnold@suse.com
- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
* Thu Apr 27 2023 carnold@suse.com
- Update to Xen 4.17.1 bug fix release (bsc#1027519)
xen-4.17.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
640f3035-x86-altp2m-help-gcc13.patch
641041e8-VT-d-constrain-IGD-check.patch
64104238-bunzip-gcc13.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
xsa430.patch
* Tue Apr 11 2023 carnold@suse.com
- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging
arbitrary pointer dereference (XSA-430)
xsa430.patch
* Fri Mar 31 2023 carnold@suse.com
- Not building the shim is correctly handled by --disable-pvshim
Drop disable-building-pv-shim.patch
* Thu Mar 23 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
640f3035-x86-altp2m-help-gcc13.patch
64104238-bunzip-gcc13.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
bunzip-gcc13.patch
altp2m-gcc13.patch
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch
* Thu Mar 16 2023 ohering@suse.de
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch
* Tue Mar 07 2023 carnold@suse.com
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
* Thu Mar 02 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
bunzip-gcc13.patch
altp2m-gcc13.patch
- Drop gcc13-fixes.patch
* Tue Feb 28 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
gcc13-fixes.patch
* Wed Feb 15 2023 carnold@suse.com
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
Address Predictions (XSA-426)
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
* Thu Feb 09 2023 carnold@suse.com
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
SLES15 SP4 xen kernel.
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
* Mon Feb 06 2023 jbeulich@suse.com
- bsc#1026236 - tidy/modernize patch
xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Feb 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch ->
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
* Wed Jan 25 2023 carnold@suse.com
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch
* Tue Jan 03 2023 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
* Tue Dec 20 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03e28-x86-high-freq-TSC-overflow.patch
* Thu Dec 08 2022 carnold@suse.com
- Update to Xen 4.17.0 FCS release (jsc#PED-1858)
xen-4.17.0-testing-src.tar.bz2
* On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
* The "gnttab" option now has a new command line sub-option for disabling the
GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C,
added MISRA-C checker build integration, and defined how to document
deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
when they don't share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own
protection. Both Shadow Stacks (ROP protection) and Indirect Branch
Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically
booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at
domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line
option on Arm.
* Grant-table support on Arm was improved and hardened by implementing
"simplified M2P-like approach for the xenheap pages"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
- Drop patches contained in new tarball or invalid
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
* Wed Sep 28 2022 carnold@suse.com
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
* Wed Aug 31 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Mon Aug 29 2022 carnold@suse.com
- bsc#1201994 - Xen DomU unable to emulate audio device
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
* Tue Aug 23 2022 carnold@suse.com
- Things are compiling fine now with gcc12.
Drop gcc12-fixes.patch
* Thu Aug 18 2022 carnold@suse.com
- Update to Xen 4.16.2 bug fix release (bsc#1027519)
xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
62a99614-IOMMU-x86-gcc12.patch
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
xsa408.patch
* Thu Jul 28 2022 ohering@suse.de
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
* Wed Jul 13 2022 carnold@suse.com
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
* Wed Jul 13 2022 jbeulich@suse.com
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue Jul 12 2022 carnold@suse.com
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
* Tue Jun 28 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 jbeulich@suse.com
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch
* Tue May 31 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue May 10 2022 Dirk Müller <dmueller@suse.com>
- fix python3 >= 3.10 version detection
* Wed Apr 13 2022 carnold@suse.com
- Update to Xen 4.16.1 bug fix release (bsc#1027519)
xen-4.16.1-testing-src.tar.bz2
- Drop patches contained in new tarball
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
* Fri Apr 08 2022 jbeulich@suse.com
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
* Mon Apr 04 2022 carnold@suse.com
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
* Mon Mar 14 2022 jbeulich@suse.com
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
* Thu Mar 03 2022 carnold@suse.com
- bsc#1196545 - GCC 12: xen package fails
gcc12-fixes.patch
* Mon Feb 14 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Drop patches replaced by the above:
xsa393.patch
xsa394.patch
xsa395.patch
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Thu Jan 13 2022 carnold@suse.com
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
* Wed Jan 12 2022 carnold@suse.com
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Tue Jan 11 2022 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Drop libxl-PCI-defer-backend-wait.patch
* Thu Jan 06 2022 jbeulich@suse.com
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
* Tue Jan 04 2022 James Fehlig <jfehlig@suse.com>
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
/etc/xen /etc/xen/auto /etc/xen/cpupool /etc/xen/examples /etc/xen/examples/xlexample.hvm /etc/xen/examples/xlexample.pvhlinux /etc/xen/examples/xlexample.pvlinux /etc/xen/scripts /etc/xen/scripts/block /etc/xen/scripts/block-common.sh /etc/xen/scripts/block-dmmd /etc/xen/scripts/block-drbd-probe /etc/xen/scripts/block-dummy /etc/xen/scripts/block-iscsi /etc/xen/scripts/block-npiv /etc/xen/scripts/block-npiv-common.sh /etc/xen/scripts/block-npiv-vport /etc/xen/scripts/block-tap /etc/xen/scripts/colo-proxy-setup /etc/xen/scripts/external-device-migrate /etc/xen/scripts/hotplugpath.sh /etc/xen/scripts/launch-xenstore /etc/xen/scripts/locking.sh /etc/xen/scripts/logging.sh /etc/xen/scripts/remus-netbuf-setup /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-common.sh /etc/xen/scripts/vif-nat /etc/xen/scripts/vif-openvswitch /etc/xen/scripts/vif-route /etc/xen/scripts/vif-setup /etc/xen/scripts/vscsi /etc/xen/scripts/xen-hotplug-common.sh /etc/xen/scripts/xen-network-common.sh /etc/xen/scripts/xen-script-common.sh /etc/xen/vm /etc/xen/xenapiusers /etc/xen/xl.conf /usr/bin/pygrub /usr/bin/vchan-socket-proxy /usr/bin/xen-cpuid /usr/bin/xenalyze /usr/bin/xencov_split /usr/bin/xenstore /usr/bin/xenstore-chmod /usr/bin/xenstore-control /usr/bin/xenstore-exists /usr/bin/xenstore-list /usr/bin/xenstore-ls /usr/bin/xenstore-read /usr/bin/xenstore-rm /usr/bin/xenstore-watch /usr/bin/xenstore-write /usr/etc/logrotate.d/xen /usr/lib/modules-load.d /usr/lib/pam.d/xen-api /usr/lib/supportconfig /usr/lib/supportconfig/plugins /usr/lib/supportconfig/plugins/xen /usr/lib/systemd/system /usr/lib/systemd/system/proc-xen.mount /usr/lib/systemd/system/xen-dom0-modules.service /usr/lib/systemd/system/xen-init-dom0.service /usr/lib/systemd/system/xen-qemu-dom0-disk-backend.service /usr/lib/systemd/system/xen-watchdog.service /usr/lib/systemd/system/xencommons.service /usr/lib/systemd/system/xenconsoled.service /usr/lib/systemd/system/xendomains.service /usr/lib/systemd/system/xenstored.service /usr/lib/xen /usr/lib/xen/bin /usr/lib/xen/bin/convert-legacy-stream /usr/lib/xen/bin/depriv-fd-checker /usr/lib/xen/bin/init-xenstore-domain /usr/lib/xen/bin/libxl-save-helper /usr/lib/xen/bin/lsevtchn /usr/lib/xen/bin/pygrub /usr/lib/xen/bin/qemu-system-i386 /usr/lib/xen/bin/readnotes /usr/lib/xen/bin/test-cpu-policy /usr/lib/xen/bin/test-paging-mempool /usr/lib/xen/bin/test-resource /usr/lib/xen/bin/test-tsx /usr/lib/xen/bin/test-xenstore /usr/lib/xen/bin/verify-stream-v2 /usr/lib/xen/bin/xen-9pfsd /usr/lib/xen/bin/xen-init-dom0 /usr/lib/xen/bin/xenconsole /usr/lib/xen/bin/xenctx /usr/lib/xen/bin/xendomains /usr/lib/xen/bin/xenpaging /usr/lib/xen/boot /usr/lib/xen/boot/hvmloader /usr/lib/xen/boot/xenstore-stubdom.gz /usr/lib/xen/boot/xenstorepvh-stubdom.gz /usr/lib64/python3.11/site-packages/grub /usr/lib64/python3.11/site-packages/grub/ExtLinuxConf.py /usr/lib64/python3.11/site-packages/grub/GrubConf.py /usr/lib64/python3.11/site-packages/grub/LiloConf.py /usr/lib64/python3.11/site-packages/xen /usr/lib64/python3.11/site-packages/xen/lowlevel /usr/lib64/python3.11/site-packages/xen/lowlevel/xc.cpython-311-x86_64-linux-gnu.so /usr/lib64/python3.11/site-packages/xen/lowlevel/xs.cpython-311-x86_64-linux-gnu.so /usr/lib64/python3.11/site-packages/xen/migration /usr/lib64/python3.11/site-packages/xen/migration/legacy.py /usr/lib64/python3.11/site-packages/xen/migration/libxc.py /usr/lib64/python3.11/site-packages/xen/migration/libxl.py /usr/lib64/python3.11/site-packages/xen/migration/public.py /usr/lib64/python3.11/site-packages/xen/migration/tests.py /usr/lib64/python3.11/site-packages/xen/migration/verify.py /usr/lib64/python3.11/site-packages/xen/migration/xl.py /usr/lib64/python3.11/site-packages/xen/util.py /usr/lib64/python3.11/site-packages/xenfsimage.cpython-311-x86_64-linux-gnu.so /usr/sbin/flask-get-bool /usr/sbin/flask-getenforce /usr/sbin/flask-label-pci /usr/sbin/flask-loadpolicy /usr/sbin/flask-set-bool /usr/sbin/flask-setenforce /usr/sbin/gdbsx /usr/sbin/xen-access /usr/sbin/xen-diag /usr/sbin/xen-hptool /usr/sbin/xen-hvmcrash /usr/sbin/xen-hvmctx /usr/sbin/xen-kdd /usr/sbin/xen-livepatch /usr/sbin/xen-lowmemd /usr/sbin/xen-mceinj /usr/sbin/xen-memshare /usr/sbin/xen-ucode /usr/sbin/xen-vmtrace /usr/sbin/xen2libvirt /usr/sbin/xen_maskcalc /usr/sbin/xenbaked /usr/sbin/xenconsoled /usr/sbin/xencov /usr/sbin/xenhypfs /usr/sbin/xenlockprof /usr/sbin/xenmon /usr/sbin/xenperf /usr/sbin/xenpm /usr/sbin/xenpmd /usr/sbin/xenstored /usr/sbin/xentop /usr/sbin/xentrace /usr/sbin/xentrace_setmask /usr/sbin/xentrace_setsize /usr/sbin/xenwatchdogd /usr/sbin/xl /usr/share/bash-completion/completions/xl /usr/share/doc/packages/xen /usr/share/doc/packages/xen/COPYING /usr/share/doc/packages/xen/README.SUSE /usr/share/doc/packages/xen/boot.local.xenU /usr/share/doc/packages/xen/boot.xen /usr/share/fillup-templates/sysconfig.pciback /usr/share/fillup-templates/sysconfig.xencommons /usr/share/fillup-templates/sysconfig.xendomains /usr/share/man/man1/xenhypfs.1.gz /usr/share/man/man1/xenstore-chmod.1.gz /usr/share/man/man1/xenstore-ls.1.gz /usr/share/man/man1/xenstore-read.1.gz /usr/share/man/man1/xenstore-write.1.gz /usr/share/man/man1/xenstore.1.gz /usr/share/man/man1/xentop.1.gz /usr/share/man/man1/xl.1.gz /usr/share/man/man5/xl-disk-configuration.5.gz /usr/share/man/man5/xl-network-configuration.5.gz /usr/share/man/man5/xl-pci-configuration.5.gz /usr/share/man/man5/xl.cfg.5.gz /usr/share/man/man5/xl.conf.5.gz /usr/share/man/man5/xlcpupool.cfg.5.gz /usr/share/man/man7/xen-pci-device-reservations.7.gz /usr/share/man/man7/xen-pv-channel.7.gz /usr/share/man/man7/xen-tscmode.7.gz /usr/share/man/man7/xen-vtpm.7.gz /usr/share/man/man7/xen-vtpmmgr.7.gz /usr/share/man/man7/xl-numa-placement.7.gz /usr/share/man/man8/xentrace.8.gz /usr/share/man/man8/xenwatchdogd.8.gz /var/lib/xen /var/lib/xen/dump /var/lib/xen/images /var/lib/xen/save /var/lib/xen/xenpaging /var/lib/xenstored /var/log/xen /var/log/xen/console
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 01:37:12 2025