| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: xen-libs | Distribution: openSUSE Tumbleweed |
| Version: 4.19.0_04 | Vendor: openSUSE |
| Release: 1.2 | Build date: Thu Sep 26 11:30:00 2024 |
| Group: System/Kernel | Build host: reproducible |
| Size: 1880639 | Source RPM: xen-4.19.0_04-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ | |
| Summary: Xen Virtualization: Libraries | |
Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
This package contains the libraries used to interact with the Xen
virtual machine monitor.
In addition to this package you need to install xen and xen-tools
to use Xen.
Authors:
--------
Ian Pratt <ian.pratt@cl.cam.ac.uk>
GPL-2.0-only
* Thu Sep 26 2024 jbeulich@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
* Tue Sep 10 2024 carnold@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
* Fri Aug 30 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
* Wed Aug 14 2024 carnold@suse.com
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
* Wed Aug 07 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
66a8b8ac-bunzip2-rare-failure.patch
* Tue Jul 30 2024 carnold@suse.com
- Update to Xen 4.19.0 FCS release (jsc#PED-8907)
xen-4.19.0-testing-src.tar.bz2
- New Features
* On x86:
- Introduce a new x2APIC driver that uses Cluster Logical addressing mode
for IPIs and Physical addressing mode for external interrupts.
* On Arm:
- FF-A notification support.
- Introduction of dynamic node programming using overlay dtbo.
* Add a new 9pfs backend running as a daemon in dom0. First user is
Xenstore-stubdom now being able to support full Xenstore trace capability.
* libxl support for backendtype=tap with tapback.
- Changed Features
* Changed flexible array definitions in public I/O interface headers to not
use "1" as the number of array elements.
* The minimum supported OCaml toolchain version is now 4.05
* On x86:
- HVM PIRQs are disabled by default.
- Reduce IOMMU setup time for hardware domain.
- Allow HVM/PVH domains to map foreign pages.
- Declare PVH dom0 supported with caveats.
* xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
* Increase the maximum number of CPUs Xen can be built for from 4095 to
16383.
* When building with Systemd support (./configure --enable-systemd), remove
libsystemd as a build dependency. Systemd Notify support is retained, now
using a standalone library implementation.
* xenalyze no longer requires `--svm-mode` when analyzing traces
generated on AMD CPUs
* Code symbol annotations and MISRA compliance improvements.
- Removed Features
* caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has
been superseded by the MirageOS/SOLO5 projects.
* /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for
compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub"
should be updated to just bootloader="pygrub".
* The Xen gdbstub on x86.
* xentrace_format has been removed; use xenalyze instead.
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- Dropped patches no longer necessary
bin-python3-conversion.patch
migration-python3-conversion.patch
* Tue Jul 23 2024 Franz Sirl <franz.sirl-obs@lauterbach.com>
- Enable support for ZSTD and LZO compression formats
* Wed Jul 03 2024 carnold@suse.com
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
* Mon Jun 24 2024 jbeulich@suse.com
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
* Wed Jun 12 2024 Daniel Garcia <daniel.garcia@suse.com>
- Fix python3 shebang in tools package (bsc#1212476)
- Depend directly on %primary_python instead of python3 so this
package will continue working without rebuilding even if python3
changes in the system.
- Remove not needed patches, these patches adds the python3 shebang to
some scripts, but that's done during the build phase so it's not
needed:
- bin-python3-conversion.patch
- migration-python3-conversion.patch
* Wed Jun 05 2024 carnold@suse.com
- bsc#1225953 - Package xen does not build with gcc14 because of
new errors
gcc14-fixes.patch
* Wed May 15 2024 jbeulich@suse.com
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
* Tue Apr 09 2024 carnold@suse.com
- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
xen-4.18.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patch contained in new tarball
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Mon Mar 25 2024 jbeulich@suse.com
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
65f83951-x86-mm-use-block_lock_speculation-in.patch
* Fri Mar 15 2024 carnold@suse.com
- Update to Xen 4.18.1 bug fix release (bsc#1027519)
xen-4.18.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
- Dropped patches included in new tarball
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
* Tue Feb 13 2024 carnold@suse.com
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
* Wed Jan 31 2024 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
xsa449.patch
xsa450.patch
* Tue Jan 23 2024 carnold@suse.com
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
* Tue Jan 16 2024 carnold@suse.com
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
* Tue Nov 21 2023 carnold@suse.com
- Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to
provide better hypervisor security
xen.spec
* Tue Nov 21 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
* Mon Nov 20 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)
* Thu Nov 16 2023 carnold@suse.com
- Update to Xen 4.18.0 FCS release (jsc#PED-4984)
xen-4.18.0-testing-src.tar.bz2
* Repurpose command line gnttab_max_{maptrack_,}frames options so they don't
cap toolstack provided values.
* Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only
known user doesn't use it properly, leading to in-guest breakage.
* The "dom0" option is now supported on Arm and "sve=" sub-option can be used
to enable dom0 guest to use SVE/SVE2 instructions.
* Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU
Hotplug" for clarity
* On x86, support for features new in Intel Sapphire Rapids CPUs:
- PKS (Protection Key Supervisor) available to HVM/PVH guests.
- VM-Notify used by Xen to mitigate certain micro-architectural pipeline
livelocks, instead of crashing the entire server.
- Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system
wide impact of a guest misusing atomic instructions.
* xl/libxl can customize SMBIOS strings for HVM guests.
* Add support for AVX512-FP16 on x86.
* On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview)
* On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator
(Tech Preview)
* Add Intel Hardware P-States (HWP) cpufreq driver.
* On Arm, experimental support for dynamic addition/removal of Xen device tree
nodes using a device tree overlay binary (.dtbo).
* Introduce two new hypercalls to map the vCPU runstate and time areas by
physical rather than linear/virtual addresses.
* On x86, support for enforcing system-wide operation in Data Operand
Independent Timing Mode.
* The project has now officially adopted 6 directives and 65 rules of MISRA-C.
* On x86, the "pku" command line option has been removed. It has never
behaved precisely as described, and was redundant with the unsupported
"cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file.
* xenpvnetboot removed as unable to convert to Python 3.
* xencons is no longer supported or present. See 5d22d69b30
- Droppped patches contained in new tarballs
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
64d33a57-libxenstat-Linux-nul-terminate-string.patch
aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch
xen.stubdom.newlib.patch
xsa446.patch
xsa445.patch
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa443-10.patch
xsa443-11.patch
xsa440.patch
- Dropped xen-utils-0.1.tar.bz2
The xen-list and xen-destroy commands are removed. Originally
created as a better replacement for 'xm'. The 'xl' equivalent
commands should be used instead.
- Dropped libxl.pvscsi.patch
Support for PVSCSI devices in the guest is no longer supported.
* Thu Nov 02 2023 carnold@suse.com
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
fully effective (XSA-446)
xsa446.patch
* Fri Oct 27 2023 carnold@suse.com
- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
IOMMU quarantine page table levels (XSA-445)
xsa445.patch
* Wed Oct 18 2023 jfehlig@suse.com
- Supportconfig: Adapt plugin to modern supportconfig
The supportconfig 'scplugin.rc' file is deprecated in favor of
supportconfig.rc'. Adapt the xen plugin to the new scheme.
xen-supportconfig
* Tue Oct 17 2023 jbeulich@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
65087004-x86-entry-restore_all_xen-stack_end.patch
65087005-x86-entry-track-IST-ness-of-entry.patch
65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
65087007-x86-AMD-Zen-1-2-predicates.patch
65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
65263471-libfsimage-xfs-remove-dead-code.patch
65263472-libfsimage-xfs-amend-mask32lo.patch
65263473-libfsimage-xfs-sanity-check-superblock.patch
65263474-libfsimage-xfs-compile-time-check.patch
65263475-pygrub-remove-unnecessary-hypercall.patch
65263476-pygrub-small-refactors.patch
65263477-pygrub-open-output-files-earlier.patch
65263478-libfsimage-function-to-preload-plugins.patch
65263479-pygrub-deprivilege.patch
6526347a-libxl-allow-bootloader-restricted-mode.patch
6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
64f71f50-Arm-handle-cache-flush-at-top.patch
65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
xsa438.patch
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
xsa442.patch
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
xsa444-1.patch
xsa444-2.patch
* Wed Sep 27 2023 carnold@suse.com
- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
transaction conflict can crash C Xenstored (XSA-440)
xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
xsa444-1.patch
xsa444-2.patch
* Mon Sep 18 2023 carnold@suse.com
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch
* Fri Sep 08 2023 carnold@suse.com
- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
xsa438.patch
* Sun Aug 13 2023 ohering@suse.de
- Handle potential unaligned access to bitmap in
libxc-sr-restore-hvm-legacy-superpage.patch
If setting BITS_PER_LONG at once, the initial bit must be aligned
* Thu Aug 10 2023 jbeulich@suse.com
- bsc#1212684 - xentop fails with long interface name
64d33a57-libxenstat-Linux-nul-terminate-string.patch
* Tue Aug 08 2023 carnold@suse.com
- Update to Xen 4.17.2 bug fix release (bsc#1027519)
xen-4.17.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
Sampling (XSA-435)
- Dropped patches contained in new tarball
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
645dec48-AMD-IOMMU-assert-boolean-enum.patch
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
64bea1b2-x86-AMD-Zenbleed.patch
* Tue Aug 01 2023 ohering@suse.de
- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
A bit is an index in bitmap, while bits is the allocated size
of the bitmap.
* Fri Jul 28 2023 ohering@suse.de
- Add more debug to libxc-sr-track-migration-time.patch
This is supposed to help with doing the math in case xl restore
fails with ERANGE as reported in bug#1209311
* Tue Jul 25 2023 carnold@suse.com
- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
(XSA-433)
64bea1b2-x86-AMD-Zenbleed.patch
* Thu Jul 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
* Mon May 22 2023 carnold@suse.com
- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest
SSBD selection on AMD hardware (XSA-431)
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
* Thu May 04 2023 carnold@suse.com
- bsc#1210570 - gcc-13 realloc use-after-free analysis error
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
* Fri Apr 28 2023 carnold@suse.com
- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
* Thu Apr 27 2023 carnold@suse.com
- Update to Xen 4.17.1 bug fix release (bsc#1027519)
xen-4.17.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
640f3035-x86-altp2m-help-gcc13.patch
641041e8-VT-d-constrain-IGD-check.patch
64104238-bunzip-gcc13.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
xsa430.patch
* Tue Apr 11 2023 carnold@suse.com
- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging
arbitrary pointer dereference (XSA-430)
xsa430.patch
* Fri Mar 31 2023 carnold@suse.com
- Not building the shim is correctly handled by --disable-pvshim
Drop disable-building-pv-shim.patch
* Thu Mar 23 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
640f3035-x86-altp2m-help-gcc13.patch
64104238-bunzip-gcc13.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
bunzip-gcc13.patch
altp2m-gcc13.patch
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch
* Thu Mar 16 2023 ohering@suse.de
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch
* Tue Mar 07 2023 carnold@suse.com
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
* Thu Mar 02 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
bunzip-gcc13.patch
altp2m-gcc13.patch
- Drop gcc13-fixes.patch
* Tue Feb 28 2023 carnold@suse.com
- bsc#1208736 - GCC 13: xen package fails
gcc13-fixes.patch
* Wed Feb 15 2023 carnold@suse.com
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
Address Predictions (XSA-426)
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
* Thu Feb 09 2023 carnold@suse.com
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
SLES15 SP4 xen kernel.
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
* Mon Feb 06 2023 jbeulich@suse.com
- bsc#1026236 - tidy/modernize patch
xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Feb 06 2023 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch ->
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
* Wed Jan 25 2023 carnold@suse.com
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch
* Tue Jan 03 2023 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
* Tue Dec 20 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
63a03e28-x86-high-freq-TSC-overflow.patch
* Thu Dec 08 2022 carnold@suse.com
- Update to Xen 4.17.0 FCS release (jsc#PED-1858)
xen-4.17.0-testing-src.tar.bz2
* On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
* The "gnttab" option now has a new command line sub-option for disabling the
GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C,
added MISRA-C checker build integration, and defined how to document
deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
when they don't share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own
protection. Both Shadow Stacks (ROP protection) and Indirect Branch
Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically
booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at
domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line
option on Arm.
* Grant-table support on Arm was improved and hardened by implementing
"simplified M2P-like approach for the xenheap pages"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
- Drop patches contained in new tarball or invalid
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
* Wed Sep 28 2022 carnold@suse.com
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Mon Aug 29 2022 carnold@suse.com
- bsc#1201994 - Xen DomU unable to emulate audio device
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
* Tue Aug 23 2022 carnold@suse.com
- Things are compiling fine now with gcc12.
Drop gcc12-fixes.patch
* Thu Aug 18 2022 carnold@suse.com
- Update to Xen 4.16.2 bug fix release (bsc#1027519)
xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
62a99614-IOMMU-x86-gcc12.patch
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
xsa408.patch
* Thu Jul 28 2022 ohering@suse.de
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
* Wed Jul 13 2022 carnold@suse.com
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
* Wed Jul 13 2022 jbeulich@suse.com
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue Jul 12 2022 carnold@suse.com
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
* Tue Jun 28 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 jbeulich@suse.com
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch
* Tue May 31 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
* Tue May 10 2022 Dirk Müller <dmueller@suse.com>
- fix python3 >= 3.10 version detection
* Wed Apr 13 2022 carnold@suse.com
- Update to Xen 4.16.1 bug fix release (bsc#1027519)
xen-4.16.1-testing-src.tar.bz2
- Drop patches contained in new tarball
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
* Fri Apr 08 2022 jbeulich@suse.com
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
* Mon Apr 04 2022 carnold@suse.com
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
* Mon Mar 14 2022 jbeulich@suse.com
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
* Thu Mar 03 2022 carnold@suse.com
- bsc#1196545 - GCC 12: xen package fails
gcc12-fixes.patch
* Mon Feb 14 2022 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Drop patches replaced by the above:
xsa393.patch
xsa394.patch
xsa395.patch
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Thu Jan 13 2022 carnold@suse.com
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
* Wed Jan 12 2022 carnold@suse.com
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Tue Jan 11 2022 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Drop libxl-PCI-defer-backend-wait.patch
* Thu Jan 06 2022 jbeulich@suse.com
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
* Tue Jan 04 2022 James Fehlig <jfehlig@suse.com>
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
* Thu Dec 09 2021 carnold@suse.com
- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-PCI-defer-backend-wait.patch
* Wed Dec 01 2021 carnold@suse.com
- Update to Xen 4.16.0 FCS release
xen-4.16.0-testing-src.tar.bz2
* Miscellaneous fixes to the TPM manager software in preparation
for TPM 2.0 support.
* Increased reliance on the PV shim as 32-bit PV guests will only
be supported in shim mode going forward. This change reduces
the attack surface in the hypervisor.
* Increased hardware support by allowing Xen to boot on Intel
devices that lack a Programmable Interval Timer.
* Cleanup of legacy components by no longer building QEMU
Traditional or PV-Grub by default. Note both projects have
upstream Xen support merged now, so it is no longer recommended
to use the Xen specific forks.
* Initial support for guest virtualized Performance Monitor
Counters on Arm.
* Improved support for dom0less mode by allowing the usage on
Arm 64bit hardware with EFI firmware.
* Improved support for Arm 64-bit heterogeneous systems by
leveling the CPU features across all to improve big.LITTLE
support.
* Wed Nov 17 2021 carnold@suse.com
- Update to Xen 4.16.0 RC3 release
xen-4.16.0-testing-src.tar.bz2
- Drop iPXE sources and patches. iPXE is only used by QEMU
traditional which has never shipped with SLE15.
ipxe.tar.bz2
ipxe-enable-nics.patch
ipxe-no-error-logical-not-parentheses.patch
ipxe-use-rpm-opt-flags.patch
- Drop building ocaml xenstored in the spec file. There are no
plans or need to support this version.
* Mon Nov 08 2021 carnold@suse.com
- Update to Xen 4.16.0 RC2 release
xen-4.16.0-testing-src.tar.bz2
- Modified files
ipxe-use-rpm-opt-flags.patch
ipxe.tar.bz2 (new version)
* Mon Nov 01 2021 carnold@suse.com
- Update to Xen 4.16.0 RC1 release
xen-4.16.0-testing-src.tar.bz2
- Drop patches contained in new tarball or invalid
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch
libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch
libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch
libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch
xenstore-launch.patch
* Wed Oct 06 2021 carnold@suse.com
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
not deassigned correctly (XSA-386)
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
* Mon Sep 13 2021 jbeulich@suse.com
- Revert "Simplify %autosetup".
* Fri Sep 10 2021 carnold@suse.com
- Update to Xen 4.15.1 bug fix release
xen-4.15.1-testing-src.tar.bz2
- Drop patches contained in new tarball
60631c38-VT-d-QI-restore-flush-hooks.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl-qemu6-vnc-password.patch
libxl-qemu6-scsi.patch
* Mon Aug 30 2021 ohering@suse.de
- bsc#1189882 - refresh libxc-sr-restore-hvm-legacy-superpage.patch
prevent superpage allocation in the LAPIC and ACPI_INFO range
* Wed Aug 04 2021 carnold@suse.com
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
* Mon Jul 26 2021 ohering@suse.de
- Simplify %autosetup
* Fri Jul 23 2021 ohering@suse.de
- refresh the migration patches to state v20210713
removed libxc-sr-add-xc_is_known_page_type.patch
removed libxc-sr-arrays.patch
removed libxc-sr-batch_pfns.patch
removed libxc-sr-page_type_has_stream_data.patch
removed libxc-sr-use-xc_is_known_page_type.patch
removed libxc.migrate_tracking.patch
removed libxc.sr.superpage.patch
removed libxl.set-migration-constraints-from-cmdline.patch
added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch
added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch
added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch
added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch
added libxc-sr-abort_if_busy.patch
added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch
added libxc-sr-max_iters.patch
added libxc-sr-min_remaining.patch
added libxc-sr-number-of-iterations.patch
added libxc-sr-precopy_policy.patch
added libxc-sr-restore-hvm-legacy-superpage.patch
added libxc-sr-track-migration-time.patch
added libxc-sr-xg_sr_bitmap-populated_pfns.patch
added libxc-sr-xg_sr_bitmap.patch
added libxc-sr-xl-migration-debug.patch
* Fri Jul 23 2021 James Fehlig <jfehlig@suse.com>
- spec: Change the '--with-system-ovmf' configure option to use
the new Xen-specific ovmf firmware. The traditional, unified
firmwares will no longer support multi-VMM. For more information
https://bugzilla.tianocore.org/show_bug.cgi?id=1689
https://bugzilla.tianocore.org/show_bug.cgi?id=2122
* Wed Jul 21 2021 ohering@suse.de
- bsc#1176189 - xl monitoring process exits during xl save -p|-c
keep the monitoring process running to cleanup the domU during shutdown
xl-save-pc.patch
* Tue Jul 13 2021 jbeulich@suse.com
- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- Dropped gcc11-fixes.patch
* Tue Jun 29 2021 ohering@suse.de
- bsc#1180350 - some long deprecated commands were finally removed
in qemu6. Adjust libxl to use supported commands.
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl-qemu6-vnc-password.patch
libxl-qemu6-scsi.patch
* Tue Jun 22 2021 ohering@suse.de
- Update logrotate.conf, move global options into per-file sections
to prevent globbering of global state (bsc#1187406)
* Mon Jun 07 2021 ohering@suse.de
- Fix shell macro expansion in xen.spec, so that ExecStart=
in xendomains-wait-disks.service is created correctly (bsc#1183877)
* Mon May 31 2021 jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
60631c38-VT-d-QI-restore-flush-hooks.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
- Embargoed security fixes
xsa372-1.patch
xsa372-2.patch
xsa373-1.patch
xsa373-2.patch
xsa373-3.patch
xsa373-4.patch
xsa373-5.patch
xsa375.patch
xsa377.patch
- Embargoed non-security fix
x86-TSX-cope-with-deprecation.patch
* Mon May 31 2021 jbeulich@suse.com
- x86-cpufreq-report.patch: Drop. We haven't had a kernel understanding
this custom extension for quite some time.
* Tue May 04 2021 ohering@suse.de
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
* Tue May 04 2021 ohering@suse.de
- Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf
The number of loop devices is unlimited since a while
* Tue Apr 27 2021 ohering@suse.de
- Refresh xenstore-launch.patch to cover also daemon case
* Thu Apr 22 2021 carnold@suse.com
- Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it,
drop reproducible.patch
* Tue Apr 20 2021 carnold@suse.com
- Update to Xen 4.15.0 FCS release
xen-4.15.0-testing-src.tar.bz2
* Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
* Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
* Xenstored and oxenstored both now support LiveUpdate (tech preview).
* Unified boot images
* Switched x86 MSR accesses to deny by default policy.
* Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
* Support for zstd-compressed dom0 (x86) and domU kernels.
* Reduce ACPI verbosity by default.
* Add ucode=allow-same option to test late microcode loading path.
* Library improvements from NetBSD ports upstreamed.
* x86: Allow domains to use AVX-VNNI instructions.
* Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
* xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
* On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
* Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Dropped patches contained in new tarball
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6011bbc7-x86-timer-fix-boot-without-PIT.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
libxc-bitmap-longs.patch
libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
libxl.fix-libacpi-dependency.patch
stubdom-have-iovec.patch
xenwatchdogd-options.patch
* Mon Apr 19 2021 carnold@suse.com
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
- Upstream bug fixes (bsc#1027519)
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
* Thu Mar 25 2021 ohering@suse.de
- bsc#1137251 - Restore changes for xen-dom0-modules.service which
were silently removed on 2019-10-17
* Fri Mar 12 2021 ohering@suse.de
- bsc#1177112 - Fix libxc.sr.superpage.patch
The receiving side did detect holes in a to-be-allocated superpage,
but allocated a superpage anyway. This resulted to over-allocation.
* Mon Mar 08 2021 ohering@suse.de
- bsc#1167608 - adjust limit for max_event_channels
A previous change allowed an unbound number of event channels
to make sure even large domUs can start of of the box.
This may have a bad side effect in the light of XSA-344.
Adjust the built-in limit based on the number of vcpus.
In case this is not enough, max_event_channels=/maxEventChannels=
has to be used to set the limit as needed for large domUs
adjust libxl.max_event_channels.patch
* Fri Mar 05 2021 carnold@suse.com
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
toolstack (XSA-368). Also resolves,
bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
bsc#1181989 - openQA job causes libvirtd to dump core when
running kdump inside domain
xsa368.patch
* Fri Feb 26 2021 jbeulich@suse.com
- bsc#1177204 - L3-Question: conring size for XEN HV's with huge
memory to small. Inital Xen logs cut
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
- Upstream bug fixes (bsc#1027519)
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch
* Tue Feb 23 2021 carnold@suse.com
- bsc#1182576 - L3: XEN domU crashed on resume when using the xl
unpause command
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
* Thu Feb 18 2021 carnold@suse.com
- Start using the %autosetup macro to simplify patch management
xen.spec
* Wed Feb 10 2021 carnold@suse.com
- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch
- Drop gcc10-fixes.patch
* Tue Feb 02 2021 carnold@suse.com
- Upstream bug fixes (bsc#1027519)
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
6011bbc7-x86-timer-fix-boot-without-PIT.patch
* Thu Jan 21 2021 carnold@suse.com
- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
xsa360.patch
* Wed Jan 13 2021 carnold@suse.com
- bsc#1180794 - bogus qemu binary path used when creating fv guest
under xen
xen.spec
* Wed Jan 13 2021 carnold@suse.com
- bsc#1180690 - L3-Question: xen: no needsreboot flag set
Add Provides: installhint(reboot-needed) in xen.spec for libzypp
* Mon Jan 04 2021 ohering@suse.de
- Update libxl.set-migration-constraints-from-cmdline.patch
Remove code which handled --max_factor. The total amount of
transferred data is no indicator to trigger the final stop+copy.
This should have been removed during upgrade to Xen 4.7.
Fix off-by-one in --max_iters, it caused one additional copy cycle.
Reduce default value of --max_iters from 5 to 2.
The workload within domU will continue to produce dirty pages.
It is unreasonable to expect any slowdown during migration.
Now there is one initial copy of all memory, one instead of four
iteration for dirty memory, and a final copy iteration prior move.
/usr/lib64/libxencall.so.1 /usr/lib64/libxencall.so.1.3 /usr/lib64/libxenctrl.so.4.19 /usr/lib64/libxenctrl.so.4.19.0 /usr/lib64/libxendevicemodel.so.1 /usr/lib64/libxendevicemodel.so.1.4 /usr/lib64/libxenevtchn.so.1 /usr/lib64/libxenevtchn.so.1.2 /usr/lib64/libxenforeignmemory.so.1 /usr/lib64/libxenforeignmemory.so.1.4 /usr/lib64/libxenfsimage.so.4.19 /usr/lib64/libxenfsimage.so.4.19.0 /usr/lib64/libxengnttab.so.1 /usr/lib64/libxengnttab.so.1.2 /usr/lib64/libxenguest.so.4.19 /usr/lib64/libxenguest.so.4.19.0 /usr/lib64/libxenhypfs.so.1 /usr/lib64/libxenhypfs.so.1.0 /usr/lib64/libxenlight.so.4.19 /usr/lib64/libxenlight.so.4.19.0 /usr/lib64/libxenstat.so.4.19 /usr/lib64/libxenstat.so.4.19.0 /usr/lib64/libxenstore.so.4 /usr/lib64/libxenstore.so.4.0 /usr/lib64/libxentoolcore.so.1 /usr/lib64/libxentoolcore.so.1.0 /usr/lib64/libxentoollog.so.1 /usr/lib64/libxentoollog.so.1.0 /usr/lib64/libxenvchan.so.4.19 /usr/lib64/libxenvchan.so.4.19.0 /usr/lib64/libxlutil.so.4.19 /usr/lib64/libxlutil.so.4.19.0 /usr/lib64/xenfsimage /usr/lib64/xenfsimage/ext2fs /usr/lib64/xenfsimage/ext2fs/fsimage.so /usr/lib64/xenfsimage/fat /usr/lib64/xenfsimage/fat/fsimage.so /usr/lib64/xenfsimage/iso9660 /usr/lib64/xenfsimage/iso9660/fsimage.so /usr/lib64/xenfsimage/reiserfs /usr/lib64/xenfsimage/reiserfs/fsimage.so /usr/lib64/xenfsimage/ufs /usr/lib64/xenfsimage/ufs/fsimage.so /usr/lib64/xenfsimage/xfs /usr/lib64/xenfsimage/xfs/fsimage.so /usr/lib64/xenfsimage/zfs /usr/lib64/xenfsimage/zfs/fsimage.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 5 00:43:30 2024