|
|
|
|
Changelog for xen-ocaml-devel-4.5.5-5.fc23.i686.rpm :
* Fri Dec 09 2016 Michael Young - 4.5.5-5- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747)- qemu: Divide by zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921, CVE-2016-9922]- Qemu: 9pfs: memory leakage via proxy/handle callbacks (#1402278)- qemu ioport array overflow [XSA-199, CVE-2016-9637] * Tue Nov 22 2016 Michael Young - 4.5.5-4- xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] x86 segment base write emulation lacking canonical address checks [XSA-193, CVE-2016-9385] x86 64-bit bit test instruction emulation broken [XSA-195, CVE-2016-9383] x86 software interrupt injection mis-handled [XSA-196, CVE-2016-9377, CVE-2016-9378] qemu incautious about shared ring processing [XSA-197, CVE-2016-9381] delimiter injection vulnerabilities in pygrub [XSA-198, CVE-2016-9379, CVE-2016-9380] * Sun Oct 30 2016 Michael Young - 4.5.5-3- Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch [CVE-2016-8576] (#1382323)- Qemu: 9pfs: host memory leakage in v9fs_read [CVE-2016-8577] (#1383287)- Qemu: 9pfs: allocate space for guest originated empty strings [CVE-2016-8578] (#1383293)- Qemu: char: divide by zero error in serial_update_parameters [CVE-2016-8669] (#1384910)- Qemu: net: rtl8139: infinite loop while transmit in C+ mode [CVE-2016-8910] (#1388048)- qemu-kvm: Infinite loop vulnerability in a9_gtimer_update() (#1388301)- Qemu: 9pfs: information leakage via xattr [CVE-2016-9103] (#1389644)- Qemu: 9pfs: memory leakage when creating extended attribute [CVE-2016-9102] (#1389552)- Qemu: 9pfs: memory leakage in v9fs_link [CVE-2016-9105] (#1389705)- Qemu: 9pfs: memory leakage in v9fs_write [CVE-2016-9106] (#1389714)- Qemu: 9pfs: integer overflow leading to OOB access [CVE-2016-9104] (#1389689) * Tue Oct 04 2016 Michael Young - 4.5.5-2- qemu-kvm: Directory traversal flaw in 9p virtio backend [CVE-2016-7116] (#1371400)- qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [CVE-2016-7161] (#1379299)- CR0.TS and CR0.EM not always honored for x86 HVM guest [XSA-190, CVE-2016-7777] (#1381576) * Wed Sep 21 2016 Michael Young - 4.5.5-1- update to 4.5.5 adjust xen.use.fedora.ipxe.patch and xen.fedora.crypt.patch remove patches for issues now fixed upstream add a gcc6 build patch for convenience renumber patches * Thu Sep 08 2016 Michael Young - 4.5.3-10- x86: Disallow L3 recursive pagetable for 32-bit PV guests [XSA-185, CVE-2016-7092] (#1374470)- x86: Mishandling of instruction pointer truncation during emulation [XSA-186, CVE-2016-7093] (#1374471)- x86 HVM: Overflow of sh_ctxt->seg_reg[] [XSA-187, CVE-2016-7094] (#1374473) * Thu Jul 28 2016 Michael Young - 4.5.3-9- x86: Privilege escalation in PV guests [XSA-182, CVE-2016-6258] (#1360358)- x86: Missing SMAP whitelisting in 32-bit exception / event delivery [XSA-183, CVE-2016-6259] (#1360359)- virtio: unbounded memory allocation issue [XSA-184, CVE-2016-5403] (#1360831)- Qemu: scsi: esp: OOB write access in esp_do_dma [CVE-2016-6351] (#1360599) * Tue Jun 14 2016 Michael Young - 4.5.3-8- Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO [CVE-2016-5338] (#1343323)- Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info [CVE-2016-5337] (#1343909) * Sat Jun 04 2016 Michael Young - 4.5.3-7- fix for CVE-2016-2858 doesn\'t build with qemu-xen enabled- Unsanitised guest input in libxl device handling code [XSA-175, CVE-2016-4962] (#1342132)- Unsanitised driver domain input in libxl device handling [XSA-178, CVE-2016-4963] (#1342131)- arm: Host crash caused by VMID exhaust [XSA-181] (#1342530)- Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine [CVE-2016-4454] (#1340741)- Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine [CVE-2016-4453] (#1340746)- Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd [CVE-2016-5238] (#1341931) * Sat May 28 2016 Michael Young - 4.5.3-6- cleaner way to set kernel module load list- Unrestricted qemu logging [XSA-180, CVE-2014-3672] (#1339125)- Qemu: scsi: esp: OOB write while writing to \'s->cmdbuf\' in esp_reg_write [CVE-2016-4439] (#1337502)- Qemu: scsi: esp: OOB write while writing to \'s->cmdbuf\' in get_cmd [CVE-2016-4441] (#1337505)- Qemu: scsi: megasas: out-of-bounds write while setting controller properties [CVE-2016-5106] (#1339578)- Qemu: scsi: megasas: stack information leakage while reading configuration [CVE-2016-5105] (#1339583) * Tue May 17 2016 Michael Young - 4.5.3-5- in systemd only try to load kernel modules that are in Fedora (#1291089)- x86 software guest page walk PS bit handling flaw [XSA-176, CVE-2016-4480] (#1332657) * Tue May 10 2016 Michael Young - 4.5.3-4- create link to /usr/bin/qemu-system-i386 from /usr/lib/xen/bin for back compatibility and for virt-manager (#1334554) (#1299745)- cleaner fix for XSA-179 on qemu-xen-traditional * Mon May 09 2016 Michael Young - 4.5.3-3- qemu-kvm: Integer overflow in SDL when creating too wide screen (#1330513)- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks [XSA-179, CVE-2016-3710, CVE-2016-3712] (#1334346) (#1334343) * Mon Apr 18 2016 Michael Young - 4.5.3-2- x86 shadow pagetables: address width overflow [XSA-173, CVE-2016-3960] (#1328118)- Qemu: net: buffer overflow in stellaris_enet emulator [CVE-2016-4001] (#1325886)- Qemu: net: buffer overflow in MIPSnet emulator [CVE-2016-4002] (#1326084)- qemu: Infinite loop vulnerability in usb_ehci using siTD process [CVE-2016-4037] (#1328081) (supercedes CVE-2015-8558 patch) * Wed Mar 30 2016 Michael Young - 4.5.3-1- update to 4.5.3 adjust xen.use.fedora.ipxe.patch remove patches for issues now fixed upstream renumber patches * Tue Mar 29 2016 Michael Young - 4.5.2-10- broken AMD FPU FIP/FDP/FOP leak workaround [XSA-172, CVE-2016-3158, CVE-2016-3159] (#1321944) * Mon Mar 07 2016 Michael Young - 4.5.2-9- Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 (#1296080)- Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922 (#1292767)- qemu: Stack-based buffer overflow in megasas_ctrl_get_info CVE-2015-8613 (#1293305)- qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() CVE-2016-1981 (#1299996)- Qemu: usb ehci out-of-bounds read in ehci_process_itd (#1300235)- Qemu: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198 (#1303135)- Qemu: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841 (#1304048)- Qemu: usb: integer overflow in remote NDIS control message handling CVE-2016-2538 (#1305816)- Qemu: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392 (#1307116)- Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391 (#1308882)- Qemu: net: out of bounds read in net_checksum_calculate() CVE-2016-2857 (#1309565)- Qemu: OOB access in address_space_rw leads to segmentation fault CVE-2015-8817 CVE-2015-8818 (#1313273)- Qemu: rng-random: arbitrary stack based allocation leading to corruption CVE-2016-2858 (#1314678) * Wed Feb 17 2016 Michael Young - 4.5.2-8- x86: inconsistent cachability flags on guest mappings [XSA-154, CVE-2016-2270] (#1309324)- VMX: guest user mode may crash guest with non-canonical RIP [XSA-170, CVE-2016-2271] (#1309323) * Wed Jan 20 2016 Michael Young - 4.5.2-7- PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] (#1300345)- VMX: intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571] (#1300342)- Qemu: pci: null pointer dereference issue CVE-2015-7549 (#1291139)- qemu: DoS by infinite loop in ehci_advance_state CVE-2015-8558 (#1291310)- qemu: Heap-based buffer overrun during VM migration CVE-2015-8666 (#1294028)- Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744 (#1295441)- qemu: Support reading IMR registers on bar0 CVE-2015-8745 (#1295443)- Qemu: net: vmxnet3: host memory leakage CVE-2015-8567 CVE-2015-8568 (#1289817)- Qemu: net: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743 (#1294788) * Thu Dec 17 2015 Michael Young - 4.5.2-6- four security updates (#1292439) paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legacy x86 FPU/XMM initialization [XSA-165, CVE-2015-8555] ioreq handling possibly susceptible to multiple read issue [XSA-166] * Thu Dec 10 2015 Michael Young - 4.5.2-5- eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215)- pcnet: fix rx buffer overflow [CVE-2015-7512] (#1286563)- ui: vnc: avoid floating point exception [CVE-2015-8504] (#1289544)- additional patch for [XSA-158, CVE-2015-8338] * Tue Dec 08 2015 Michael Young - 4.5.2-4- three security updates (#1289568) long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341] * Sun Dec 06 2015 Michael Young - 4.5.2-3- heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504] (#1286544)- virtual PMU is unsupported [XSA-163] (#1285351) * Tue Nov 10 2015 Michael Young - 4.5.2-2- x86: CPU lockup during exception delivery [XSA-156, CVE-2015-5307, CVE-2015-8104] (#1279689, #1279690)- silence 2 macro in comment warnings * Wed Nov 04 2015 Michael Young - 4.5.2-1- update to 4.5.2 adjust xen.use.fedora.ipxe.patch remove patches for issues now fixed upstream renumber patches * Fri Oct 30 2015 Michael Young - 4.5.1-14- nine security updates (#1276344) arm: Host crash when preempting a multicall [XSA-145, CVE-2015-7812] arm: various unimplemented hypercalls log without rate limiting [XSA-146, CVE-2015-7813] arm: Race between domain destruction and memory allocation decrease [XSA-147, CVE-2015-7814] x86: Uncontrolled creation of large page mappings by PV guests [XSA-148, CVE-2015-7835] leak of main per-domain vcpu pointer array [XSA-149, CVE-2015-7969] x86: Long latency populate-on-demand operation is not preemptible [XSA-150, CVE-2015-7970] x86: leak of per-domain profiling-related vcpu pointer array [XSA-151, CVE-2015-7969] x86: some pmu and profiling hypercalls log without rate limiting [XSA-152, CVE-2015-7971] x86: populate-on-demand balloon size inaccuracy can crash guests [XSA-153, CVE-2015-7972] * Sat Oct 10 2015 Michael Young - 4.5.1-13- patch CVE-2015-7295 for qemu-xen-traditional as well * Thu Oct 08 2015 Michael Young - 4.5.1-12- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392) * Tue Oct 06 2015 Michael Young - 4.5.1-11- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843) * Sun Sep 27 2015 Michael Young - 4.5.1-10- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) * Sat Sep 26 2015 Michael Young - 4.5.1-9- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504)- e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224)- net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278)- net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281)- qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354) * Tue Sep 15 2015 Michael Young - 4.5.1-8- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version) * Tue Sep 01 2015 Michael Young - 4.5.1-7- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654] * Mon Aug 03 2015 Michael Young - 4.5.1-6- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757)- QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756) * Sun Aug 02 2015 Michael Young - 4.5.1-5- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142)- try again to fix xen-qemu-dom0-disk-backend.service (#1242246) * Thu Jul 30 2015 Richard W.M. Jones - 4.5.1-4- OCaml 4.02.3 rebuild. * Thu Jul 23 2015 Michael Young - 4.5.1-3- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246)- rebuild efi grub.cfg if it is present (#1239309)- re-enable remus by building with libnl3- modify gnutls use in line with Fedora\'s crypto policies (#1179352) * Tue Jul 07 2015 Michael Young - 4.5.1-2- xl command line config handling stack overflow [XSA-137, CVE-2015-3259] * Mon Jun 22 2015 Michael Young - 4.5.1-1- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patches * Fri Jun 19 2015 Richard W.M. Jones - 4.5.0-13- Rebuild for ocaml-4.02.2. * Fri Jun 19 2015 Fedora Release Engineering - 4.5.0-12- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue Jun 16 2015 Michael Young - gcc 5 bug is fixed so remove workaround * Wed Jun 10 2015 Michael Young - 4.5.0-11- stubs-32.h is back, so revert to previous behaviour- Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537)- GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]- vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] * Wed Jun 03 2015 Michael Young - 4.5.0-10.1- stubs-32.h has gone from rawhide, put it back manually * Tue Jun 02 2015 Michael Young - 4.5.0-10- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches- work around a gcc 5 bug- Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627)- PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628)- Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629)- Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) * Wed May 13 2015 Michael Young - 4.5.0-9- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) * Mon Apr 20 2015 Michael Young - 4.5.0-8- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037) * Tue Mar 31 2015 Michael Young - 4.5.0-7- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741)- Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738)- Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) * Fri Mar 13 2015 Michael Young - 4.5.0-6- Additional patch for XSA-98 on arm64 * Thu Mar 12 2015 Michael Young - 4.5.0-5- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365) * Tue Mar 10 2015 Michael Young - 4.5.0-4- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) * Thu Mar 05 2015 Michael Young - 4.5.0-3- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044]- Information leak through version information hypercall [XSA-122, CVE-2015-2045]- fix a typo in xen.fedora.systemd.patch * Sat Feb 14 2015 Michael Young - 4.5.0-2- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268]- allow certain warnings with gcc5 that would otherwise be treated as errors * Thu Jan 29 2015 Michael Young - 4.5.0-1- update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn\'t built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches- enable building pngs from fig files which is working again- fix oxenstored.service preset preuninstall script- arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153) * Tue Jan 06 2015 Michael Young - 4.4.1-12- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221) * Tue Dec 16 2014 Michael Young - 4.4.1-11- fix xendomains issue introduced by xl migrate --debug patch * Mon Dec 08 2014 Michael Young - 4.4.1-10- p2m lock starvation [XSA-114, CVE-2014-9065]- fix build with --without xsm * Thu Nov 27 2014 Michael Young - 4.4.1-9- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866]- Insufficient bounding of \"REP MOVS\" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867]- fix segfaults and failures in xl migrate --debug (#1166461) * Thu Nov 20 2014 Michael Young - 4.4.1-8- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914) * Tue Nov 18 2014 Michael Young - 4.4.1-7- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205)- Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204)- Add fix for CVE-2014-0150 to qemu-dm, though it probably isn\'t exploitable from xen (#1086776) * Wed Oct 01 2014 Michael Young - 4.4.1-6- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465) * Tue Sep 30 2014 Michael Young - 4.4.1-5- xen support is in 256k seabios binary when it exists (#1146260) * Tue Sep 23 2014 Michael Young - 4.4.1-4- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736)- Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737)- Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738) * Sun Sep 14 2014 Michael Young - 4.4.1-3- disable building pngs from fig files which is currently broken in rawhide * Tue Sep 09 2014 Michael Young - 4.4.1-2- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287)- delete a patch file that was dropped in the last update * Tue Sep 02 2014 Michael Young - 4.4.1-1- update to xen-4.4.1 remove patches for fixes that are now included- replace uint32 with uint32_t in ocaml file for ocaml-4.02.0 * Sun Aug 31 2014 Richard W.M. Jones - 4.4.0-14- Bump release and rebuild. * Sun Aug 31 2014 Richard W.M. Jones - 4.4.0-13- ocaml-4.02.0 final rebuild. * Sun Aug 24 2014 Richard W.M. Jones - 4.4.0-12- ocaml-4.02.0+rc1 rebuild. * Mon Aug 18 2014 Fedora Release Engineering - 4.4.0-11- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 12 2014 Michael Young - 4.4.0-10- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146] * Thu Aug 07 2014 Richard W.M. Jones - 4.4.0-9- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild. * Mon Jul 14 2014 Michael Young - 4.4.0-8- rebuild for ocaml update * Tue Jun 17 2014 Michael Young - 4.4.0-7- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression * Sun Jun 15 2014 Michael Young - 4.4.0-6- Fix two %if line typos in the spec file- Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583) * Sun Jun 08 2014 Fedora Release Engineering - 4.4.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 12 2014 Michael Young - 4.4.0-4- add systemd preset support (#1094938) * Wed Apr 30 2014 Michael Young - 4.4.0-3- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315)- change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0- fix a couple of -Wmaybe-uninitialized cases * Wed Mar 26 2014 Michael Young - 4.4.0-2- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) * Sun Mar 23 2014 Michael Young - 4.4.0-1- update to xen-4.4.0- adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved- don\'t build xend unless --with xend is specified- use --with-system-seabios option instead of xen.use.fedora.seabios.patch- update xen.use.fedora.ipxe.patch patch- replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora\'s qemu-system-i386- adjust xen.xsm.enable.patch and remove bits that are are no longer needed- blktapctrl is no longer built, remove related files- adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages- add another xenstore-write to xenstored.service and oxenstored.service- Add xen.console.fix.patch to fix issues running pygrub * Tue Feb 18 2014 Michael Young - 4.3.2-1- update to xen-4.3.2 includes fix for \"Excessive time to disable caching with HVM guests with PCI passthrough\" [XSA-60, CVE-2013-2212] (#987914)- remove patches that are now included * Wed Feb 12 2014 Michael Young - 4.3.1-10- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491) * Thu Feb 06 2014 Michael Young - 4.3.1-9- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335) * Fri Jan 24 2014 Michael Young - 4.3.1-8- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) * Thu Jan 23 2014 Michael Young - 4.3.1-7- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142) * Wed Dec 11 2013 Michael Young - 4.3.1-6- Disaggregated domain management security status update [XSA-77]- IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024) * Mon Dec 02 2013 Michael Young - 4.3.1-5- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] * Tue Nov 26 2013 Michael Young - 4.3.1-4- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925)- Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923) * Thu Nov 21 2013 Michael Young - 4.3.1-3- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) * Sat Nov 09 2013 Michael Young - 4.3.1-2- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055) * Fri Nov 01 2013 Michael Young - 4.3.1-1- update to xen-4.3.1- Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248) * Tue Oct 29 2013 Michael Young - 4.3.0-10- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) * Thu Oct 24 2013 Michael Young - 4.3.0-9- systemd changes to allow oxenstored to be used instead of xenstored (#1022640) * Thu Oct 10 2013 Michael Young - 4.3.0-8- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn\'t build this qemu) [XSA-71, CVE-2013-4375] * Wed Oct 02 2013 Michael Young - 4.3.0-7- Set \"Domain-0\" label in xenstored.service systemd file to match xencommons init.d script.- security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361] * Wed Sep 25 2013 Michael Young - 4.3.0-6- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056) * Sat Sep 14 2013 Richard W.M. Jones - 4.3.0-5- Rebuild for OCaml 4.01.0. * Sun Aug 04 2013 Fedora Release Engineering - 4.3.0-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Jul 20 2013 Michael Young - 4.3.0-2 4.3.0-3- build a 64-bit hypervisor on ix86 * Tue Jul 16 2013 Michael Young - 4.3.0-1- update to xen-4.3.0- rebase xen.use.fedora.ipxe.patch- remove patches that are now included or no longer needed- add polarssl source needed for stubdom build- remove references to ia64 in spec file (dropped upstream)- don\'t build hypervisor on ix86 (dropped upstream)- tools want wget (or ftp) to build- build XSM FLASK support into hypervisor with policy file- add xencov_split and xencov to files packaged, remove pdf docs- tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora- re-number patches * Wed Jun 26 2013 Michael Young - 4.2.2-10- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383)- let pygrub handle set default=\"${next_entry}\" line in F19 (#978036)- libxl: Set vfb and vkb devid if not done so by the caller (#977987) * Mon Jun 24 2013 Michael Young - 4.2.2-9- add upstream patch for PCI passthrough problems after XSA-46 (#977310) * Fri Jun 21 2013 Michael Young - 4.2.2-8- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779) * Fri Jun 14 2013 Michael Young - 4.2.2-7- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640) * Tue Jun 04 2013 Michael Young - 4.2.2-6- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206)- Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204)- Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202)- Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640) * Fri May 17 2013 Michael Young - 4.2.2-5- xend toolstack doesn\'t check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241) * Tue May 14 2013 Michael Young - 4.2.2-4- xen-devel should require libuuid-devel (#962833)- pygrub menu items can include too much text (#958524) * Thu May 02 2013 Michael Young - 4.2.2-3- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918)- malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919) * Fri Apr 26 2013 Michael Young - 4.2.2-2- fix further man page issues to allow building on F19 and F20 * Thu Apr 25 2013 Michael Young - 4.2.2-1- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn\'t use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569)- remove patches that are included in 4.2.2- look for libxl-save-helper in the right place- fix xl list -l output when built with yajl2- allow xendomains to work with xl saved images * Thu Apr 04 2013 Michael Young - 4.2.1-10- make xendomains systemd script executable and update it from init.d version (#919705)- Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920] * Thu Feb 21 2013 Michael Young - 4.2.1-9- patch for [XSA-36, CVE-2013-0153] can cause boot time crash * Fri Feb 15 2013 Michael Young - 4.2.1-8- patch for [XSA-38, CVE-2013-0215] was flawed * Fri Feb 08 2013 Michael Young - 4.2.1-7- BuildRequires for texlive-kpathsea-bin wasn\'t needed- correct gcc 4.8 fixes and follow suggestions upstream * Tue Feb 05 2013 Michael Young - 4.2.1-6- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888)- guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914)- add some fixes for code which gcc 4.8 complains about- additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmt * Wed Jan 23 2013 Michael Young - correct disabling of xendomains.service on uninstall * Tue Jan 22 2013 Michael Young - 4.2.1-5- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792)- restore status option to xend which is used by libvirt (#893699) * Thu Jan 17 2013 Michael Young - 4.2.1-4- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845) * Thu Jan 10 2013 Michael Young - 4.2.1-3- fix some format errors in xl.cfg.pod.5 to allow build on F19 * Wed Jan 09 2013 Michael Young - 4.2.1-2- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568)- pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] * Tue Dec 18 2012 Michael Young - 4.2.1-1- update to xen-4.2.1- remove patches that are included in 4.2.1- rebase xen.fedora.efi.build.patch * Thu Dec 13 2012 Richard W.M. Jones - 4.2.0-7- Rebuild for OCaml fix (RHBZ#877128). * Mon Dec 03 2012 Michael Young - 4.2.0-6- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094) * Sat Nov 17 2012 Michael Young - 4.2.0-5- two build fixes for Fedora 19- add texlive-ntgclass package to fix build * Tue Nov 13 2012 Michael Young - 4.2.0-4- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207)- texlive-2012 is now in Fedora 18 * Sun Oct 28 2012 Michael Young - 4.2.0-3- texlive-2012 isn\'t in Fedora 18 yet * Fri Oct 26 2012 Michael Young - 4.2.0-2- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414) * Thu Oct 25 2012 Michael Young - 4.2.0-1- update to xen-4.2.0- rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch- remove patches that are now upstream or with alternatives upstream- use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages- xen tools now need ./configure to be run (x86_64 needs libdir set)- don\'t build upstream qemu version- amend list of files in package - relocate xenpaging add /etc/xen/xlexample * oxenstored.conf /usr/include/xenstore-compat/ * xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz- use a tmpfiles.d file to create /run/xen on boot- add BuildRequires for yajl-devel and graphviz- build an efi boot image where it is supported- adjust texlive changes so spec file still works on Fedora 17 * Thu Oct 18 2012 Michael Young - 4.1.3-6- add font packages to build requires due to 2012 version of texlive in F19- use build requires of texlive-latex instead of tetex-latex which it obsoletes * Wed Oct 17 2012 Michael Young - 4.1.3-5- rebuild for ocaml update * Thu Sep 06 2012 Michael Young - 4.1.3-4- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141) * Wed Sep 05 2012 Michael Young - 4.1.3-3- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) * Fri Aug 10 2012 Michael Young - 4.1.3-1 4.1.3-2- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582)- remove patches that are now upstream- remove some unnecessary compile fixes- adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58- replace pygrub.size.limits.patch with upstreamed version- fix for (#845444) broke xend under systemd * Tue Aug 07 2012 Michael Young - 4.1.2-25- remove some unnecessary cache flushing that slow things down- change python options on xend to reduce selinux problems (#845444) * Thu Jul 26 2012 Michael Young - 4.1.2-24- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766) * Tue Jul 24 2012 Michael Young - 4.1.2-23- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843) * Sun Jul 22 2012 Michael Young - 4.1.2-22- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn\'t find anything to start * Sun Jul 22 2012 Fedora Release Engineering - 4.1.2-21- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jun 12 2012 Michael Young - 4.1.2-20- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934] * Sat Jun 09 2012 Michael Young - 4.1.2-19- adjust xend.service systemd file to avoid selinux problems * Fri Jun 08 2012 Michael Young - 4.1.2-18- Enable xenconsoled by default under systemd (#829732) * Thu May 17 2012 Michael Young - 4.1.2-16 4.1.2-17- make pygrub cope better with big files from guest (#818412 CVE-2012-2625)- add patch from 4.1.3-rc2-pre to build on F17/8 * Sun Apr 15 2012 Michael Young - 4.1.2-15- Make the udev tap rule more specific as it breaks openvpn (#812421)- don\'t try setuid in xend if we don\'t need to so selinux is happier * Sat Mar 31 2012 Michael Young - 4.1.2-14- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora- load xen-acpi-processor module (kernel 3.4 onwards) if present * Thu Mar 08 2012 Michael Young - 4.1.2-13- fix a packaging error * Thu Mar 08 2012 Michael Young - 4.1.2-12- fix an error in an rpm script from the sysv configuration removal- migrate xendomains script to systemd * Wed Feb 29 2012 Michael Young - 4.1.2-11- put the systemd files back in the right place * Wed Feb 29 2012 Michael Young - 4.1.2-10- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+ * Sat Feb 18 2012 Michael Young - 4.1.2-9- move xen-watchdog to systemd * Wed Feb 08 2012 Michael Young - 4.1.2-8- relocate systemd files for fc17+ * Tue Feb 07 2012 Michael Young - 4.1.2-7- move xend and xenconsoled to systemd * Thu Feb 02 2012 Michael Young - 4.1.2-6- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] * Sat Jan 28 2012 Michael Young - 4.1.2-5- Start building xen\'s ocaml libraries if appropriate unless --without ocaml was specified- add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes * Sun Jan 15 2012 Michael Young - 4.1.2-4- actually apply the xend-pci-loop.patch- compile fixes for gcc-4.7 * Wed Jan 11 2012 Michael Young - 4.1.2-3- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742)- avoid a backtrace if xend can\'t log to the standard file or a temporary directory (part of #741042) * Mon Nov 21 2011 Michael Young - 4.1.2-2- Fix lost interrupts on emulated devices- stop xend crashing if its state files are empty at start up- avoid a python backtrace if xend is run on bare metal- update grub2 configuration after the old hypervisor has gone- move blktapctrl to systemd- Drop obsolete dom0-kernel.repo file * Fri Oct 21 2011 Michael Young - 4.1.2-1- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112 * Fri Oct 14 2011 Michael Young - 4.1.1-8- more pygrub improvements for grub2 on guest * Thu Oct 13 2011 Michael Young - 4.1.1-7- make pygrub work better with GPT partitions and grub2 on guest * Thu Sep 29 2011 Michael Young - 4.1.1-5 4.1.1-6- improve systemd functionality * Wed Sep 28 2011 Michael Young - 4.1.1-4- lsb header fixes - xenconsoled shutdown needs xenstored to be running- partial migration to systemd to fix shutdown delays- update grub2 configuration after hypervisor updates * Sun Aug 14 2011 Michael Young - 4.1.1-3- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131] * Wed Jul 20 2011 Michael Young - 4.1.1-2- clean up patch to solve a problem with hvmloader compiled with gcc 4.6 * Wed Jun 15 2011 Michael Young - 4.1.1-1- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain- remove upstream cve-2011-1583-4.1.patch * Mon May 09 2011 Michael Young - 4.1.0-2- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583]- Don\'t require /usr/bin/qemu-nbd as it isn\'t used at present. * Fri Mar 25 2011 Michael Young - 4.1.0-1- update to 4.1.0 final * Tue Mar 22 2011 Michael Young - 4.1.0-0.1.rc8- update to 4.1.0-rc8 release candidate- create xen-4.1.0-rc8.tar.xz file from git/hg repositories- rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored- remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch- add patch to allow pygrub to work with single partitions with boot sectors- create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time- no need to move udev rules or init scripts as now created in the right place- amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd * Mon Feb 07 2011 Fedora Release Engineering - 4.0.1-10- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 31 2011 Michael Young - 4.0.1-9- Make libraries executable so that rpm gets dependencies right * Sat Jan 29 2011 Michael Young - 4.0.1-8- Temporarily turn off some compile options so it will build on rawhide * Fri Jan 28 2011 Michael Young - 4.0.1-7- ghost directories in /var/run (#656724)- minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) * Tue Oct 12 2010 Michael Young - 4.0.1-6- add upstream xen patch xen.8259afix.patch to fix boot panic \"IO-APIC + timer doesn\'t work!\" (#642108) * Thu Oct 07 2010 Michael Young - 4.0.1-5- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14) * Wed Sep 29 2010 jkeating - 4.0.1-4- Rebuilt for gcc bug 634757 * Fri Sep 24 2010 Michael Young - 4.0.1-3- create symlink for qemu-dm on x86_64 for compatibility with 3.4- apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVM * Sun Aug 29 2010 Michael Young - 4.0.1-2- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1 * Wed Aug 25 2010 Michael Young - 4.0.1-1- update to 4.0.1 release - many bug fixes- xen-dev-create-cleanup.patch no longer needed- remove part of localgcc45fix.patch no longer needed- package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx- add patch to get xm and xend working with python 2.7 * Mon Aug 02 2010 Michael Young - 4.0.0-5- add newer module names and xen-gntdev to xen.modules- Update dom0-kernel.repo file to use repos.fedorapeople.org location * Mon Jul 26 2010 Michael Young - create a xen-licenses package to satisfy revised the Fedora Licensing Guidelines * Sun Jul 25 2010 Michael Young - 4.0.0-4- fix gcc 4.5 compile problems * Thu Jul 22 2010 David Malcolm - 4.0.0-3- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Sun Jun 20 2010 Michael Young - 4.0.0-2- add patch to remove some old device creation code that doesn\'t work with the latest pvops kernels * Mon Jun 07 2010 Michael Young - 4.0.0-1- update to 4.0.0 release- rebase xen-initscript.patch and xen-dumpdir.patch patches- adjust spec file for files added to or removed from the packages- add new build dependencies libuuid-devel and iasl * Tue Jun 01 2010 Michael Young - 3.4.3-1- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307)- replace Prereq: with Requires: in spec file- drop static libraries (#556101) * Thu Dec 10 2009 Gerd Hoffmann - 3.4.2-2- adapt module load script to evtchn.ko -> xen-evtchn.ko rename. * Thu Dec 10 2009 Gerd Hoffmann - 3.4.2-1- update to 3.4.2 release.- drop backport patches. * Thu Oct 08 2009 Justin M. Forbes - 3.4.1-5- add PyXML to dependencies. (#496135)- Take ownership of {_libdir}/fs (#521806) * Mon Sep 14 2009 Gerd Hoffmann - 3.4.1-4- add e2fsprogs-devel to build dependencies. * Wed Sep 02 2009 Gerd Hoffmann - 3.4.1-3- swap bzip2+xz linux kernel compression support patches.- backport one more bugfix (videoram option). * Tue Sep 01 2009 Gerd Hoffmann - 3.4.1-2- backport bzip2+xz linux kernel compression support.- backport a few bugfixes. * Fri Aug 07 2009 Gerd Hoffmann - 3.4.1-1- update to 3.4.1 release. * Wed Aug 05 2009 Gerd Hoffmann - 3.4.0-4- Kill info files. No xen docs, just standard gnu stuff.- kill -Werror in tools/libxc to fix build. * Mon Jul 27 2009 Fedora Release Engineering - 3.4.0-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu May 28 2009 Gerd Hoffmann - 3.4.0-2- rename info files to fix conflict with binutils.- add install-info calls for the doc subpackage.- un-parallelize doc build. * Wed May 27 2009 Gerd Hoffmann - 3.4.0-1- update to version 3.4.0.- cleanup specfile, add doc subpackage. * Tue Mar 10 2009 Gerd Hoffmann - 3.3.1-11- fix python 2.6 warnings. * Fri Mar 06 2009 Gerd Hoffmann - 3.3.1-9- fix xen.modules init script for pv_ops kernel.- stick rpm release tag into XEN_VENDORVERSION.- use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch.- keep blktapctrl turned off by default. * Mon Mar 02 2009 Gerd Hoffmann - 3.3.1-7- fix xenstored init script for pv_ops kernel. * Fri Feb 27 2009 Gerd Hoffmann - 3.3.1-6- fix xenstored crash.- backport qemu-unplug patch. * Tue Feb 24 2009 Gerd Hoffmann - 3.3.1-5- fix gcc44 build (broken constrain in inline asm).- fix ExclusiveArch * Tue Feb 03 2009 Gerd Hoffmann - 3.3.1-3- backport bzImage support for dom0 builder. * Sun Jan 18 2009 Tomas Mraz - 3.3.1-2- rebuild with new openssl * Thu Jan 08 2009 Gerd Hoffmann - 3.3.1-1- update to xen 3.3.1 release. * Wed Dec 17 2008 Gerd Hoffmann - 3.3.0-2- build and package stub domains (pvgrub, ioemu).- backport unstable fixes for pv_ops dom0. * Sat Nov 29 2008 Ignacio Vazquez-Abrams - 3.3.0-1.1- Rebuild for Python 2.6 * Fri Aug 29 2008 Daniel P. Berrange - 3.3.0-1.fc10- Update to xen 3.3.0 release * Wed Jul 23 2008 Mark McLoughlin - 3.2.0-17.fc10- Enable xen-hypervisor build- Backport support for booting DomU from bzImage- Re-diff all patches for zero fuzz * Wed Jul 09 2008 Daniel P. Berrange - 3.2.0-16.fc10- Remove bogus ia64 hypercall arg (rhbz #433921) * Fri Jun 27 2008 Markus Armbruster - 3.2.0-15.fc10- Re-enable QEMU image format auto-detection, without the security loopholes * Wed Jun 25 2008 Daniel P. Berrange - 3.2.0-14.fc10- Rebuild for GNU TLS ABI change * Fri Jun 13 2008 Markus Armbruster - 3.2.0-13.fc10- Correctly limit PVFB size (CVE-2008-1952) * Tue Jun 03 2008 Daniel P. Berrange - 3.2.0-12.fc10- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052) * Wed May 14 2008 Markus Armbruster - 3.2.0-11.fc10- Disable QEMU image format auto-detection (CVE-2008-2004)- Fix PVFB to validate frame buffer description (CVE-2008-1943) * Wed Feb 27 2008 Daniel P. Berrange - 3.2.0-10.fc9- Fix block device checks for extendable disk formats * Wed Feb 27 2008 Daniel P. Berrange - 3.2.0-9.fc9- Let XenD setup QEMU logfile (rhbz #435164)- Fix PVFB use of event channel filehandle * Sat Feb 23 2008 Daniel P. Berrange - 3.2.0-8.fc9- Fix block device extents check (rhbz #433560) * Mon Feb 18 2008 Mark McLoughlin - 3.2.0-7.fc9- Restore some network-bridge patches lost during 3.2.0 rebase * Wed Feb 06 2008 Daniel P. Berrange - 3.2.0-6.fc9- Fixed xenstore-ls to automatically use xenstored socket as needed * Sun Feb 03 2008 Daniel P. Berrange - 3.2.0-5.fc9- Fix timer mode parameter handling for HVM- Temporarily disable all Latex docs due to texlive problems (rhbz #431327) * Fri Feb 01 2008 Daniel P. Berrange - 3.2.0-4.fc9- Add a xen-runtime subpackage to allow use of Xen without XenD- Split init script out to one script per daemon- Remove unused / broken / obsolete tools * Mon Jan 21 2008 Daniel P. Berrange - 3.2.0-3.fc9- Remove legacy dependancy on python-virtinst * Mon Jan 21 2008 Daniel P. Berrange - 3.2.0-2.fc9- Added XSM header files to -devel RPM * Fri Jan 18 2008 Daniel P. Berrange - 3.2.0-1.fc9- Updated to 3.2.0 final release * Thu Jan 10 2008 Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1- Rebase to Xen 3.2 rc5 changeset 16701 * Thu Dec 13 2007 Daniel P. Berrange - 3.1.2-3.fc9- Re-factor to make it easier to test dev trees in RPMs- Include hypervisor build if doing a dev RPM * Fri Dec 07 2007 Release Engineering - 3.1.2-2.fc9- Rebuild for deps * Sat Dec 01 2007 Daniel P. Berrange - 3.1.2-1.fc9- Upgrade to 3.1.2 bugfix release * Sat Nov 03 2007 Daniel P. Berrange - 3.1.0-14.fc9- Disable network-bridge script since it conflicts with NetworkManager which is now on by default * Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc9- Fixed xenbaked tmpfile flaw (CVE-2007-3919) * Wed Oct 10 2007 Daniel P. Berrange - 3.1.0-12.fc8- Pull in QEMU BIOS boot menu patch from KVM package- Fix QEMU patch for locating x509 certificates based on command line args- Add XenD config options for TLS x509 certificate setup * Wed Sep 26 2007 Daniel P. Berrange - 3.1.0-11.fc8- Fixed rtl8139 checksum calculation for Vista (rhbz #308201) * Wed Sep 26 2007 Chris Lalancette - 3.1.0-10.fc8- QEmu NE2000 overflow check - CVE-2007-1321- Pygrub guest escape - CVE-2007-4993 * Mon Sep 24 2007 Daniel P. Berrange - 3.1.0-9.fc8- Fix generation of manual pages (rhbz #250791)- Really fix FC-6 32-on-64 guests * Mon Sep 24 2007 Daniel P. Berrange - 3.1.0-8.fc8- Make 32-bit FC-6 guest PVFB work on x86_64 host * Mon Sep 24 2007 Daniel P. Berrange - 3.1.0-7.fc8- Re-add support for back-compat FC6 PVFB support- Fix handling of explicit port numbers (rhbz #279581) * Wed Sep 19 2007 Daniel P. Berrange - 3.1.0-6.fc8- Don\'t clobber the VIF type attribute in FV guests (rhbz #296061) * Tue Aug 28 2007 Daniel P. Berrange - 3.1.0-5.fc8- Added dep on openssl for blktap-qcow * Tue Aug 28 2007 Daniel P. Berrange - 3.1.0-4.fc8- Switch PVFB over to use QEMU- Backport QEMU VNC security patches for TLS/x509 * Wed Aug 01 2007 Markus Armbruster - 3.1.0-3.fc8- Put guest\'s native protocol ABI into xenstore, to provide for older kernels running 32-on-64.- VNC keymap fixes- Fix race conditions in LibVNCServer on client disconnect * Tue Jun 12 2007 Daniel P. Berrange - 3.1.0-2.fc8- Remove patch which kills VNC monitor- Fix HVM save/restore file path to be /var/lib/xen instead of /tmp- Don\'t spawn a bogus xen-vncfb daemon for HVM guests- Add persistent logging of hypervisor & guest consoles- Add /etc/sysconfig/xen to allow admin choice of logging options- Re-write Xen startup to use standard init script functions- Add logrotate configuration for all xen related logs * Fri May 25 2007 Daniel P. Berrange - 3.1.0-1.fc8- Updated to official 3.1.0 tar.gz- Fixed data corruption from VNC client disconnect (bz 241303) * Thu May 17 2007 Daniel P. Berrange - 3.1.0-0.rc7.2.fc7- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406)- Tear down guest if device hotplug fails * Thu May 03 2007 Daniel P. Berrange - 3.1.0-0.rc7.1.fc7- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5) * Tue May 01 2007 Daniel P. Berrange - 3.0.5-0.rc4.4.fc7- Fix op_save RPC API * Mon Apr 30 2007 Daniel P. Berrange - 3.0.5-0.rc4.3.fc7- Added BR on gettext * Mon Apr 30 2007 Daniel P. Berrange - 3.0.5-0.rc4.2.fc7- Redo failed build. | |