SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for xen-tools-4.18.2_06-1.1.x86_64.rpm :

* Mon Jun 24 2024 jbeulichAATTsuse.com- bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen 6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch- Upstream bug fixes (bsc#1027519) 66450626-sched-set-all-sched_resource-data-inside-locked.patch 66450627-x86-respect-mapcache_domain_init-failing.patch 6646031f-x86-ucode-further-identify-already-up-to-date.patch 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch 667187cc-x86-Intel-unlock-CPUID-earlier.patch 6672c846-x86-xstate-initialisation-of-XSS-cache.patch 6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
* Wed Jun 05 2024 carnoldAATTsuse.com- bsc#1225953 - Package xen does not build with gcc14 because of new errors gcc14-fixes.patch
* Wed May 15 2024 jbeulichAATTsuse.com- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch- Upstream bug fixes (bsc#1027519) 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
* Tue Apr 09 2024 carnoldAATTsuse.com- Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454)- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455)- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456)- Dropped patch contained in new tarball 65f83951-x86-mm-use-block_lock_speculation-in.patch
* Mon Mar 25 2024 jbeulichAATTsuse.com- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) 65f83951-x86-mm-use-block_lock_speculation-in.patch
* Fri Mar 15 2024 carnoldAATTsuse.com- Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452)- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453)- Dropped patches included in new tarball 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch 65b8f9ab-VT-d-else-vs-endif-misplacement.patch xsa451.patch
* Tue Feb 13 2024 carnoldAATTsuse.com- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) xsa451.patch
* Wed Jan 31 2024 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch- Patches dropped / replaced by newer upstream versions xsa449.patch xsa450.patch
* Tue Jan 23 2024 carnoldAATTsuse.com- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch
* Tue Jan 16 2024 carnoldAATTsuse.com- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch
* Tue Nov 21 2023 carnoldAATTsuse.com- Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to provide better hypervisor security xen.spec
* Tue Nov 21 2023 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch
* Mon Nov 20 2023 Bernhard Wiedemann - Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)
* Thu Nov 16 2023 carnoldAATTsuse.com- Update to Xen 4.18.0 FCS release (jsc#PED-4984) xen-4.18.0-testing-src.tar.bz2
* Repurpose command line gnttab_max_{maptrack_,}frames options so they don\'t cap toolstack provided values.
* Ignore VCPUOP_set_singleshot_timer\'s VCPU_SSHOTTMR_future flag. The only known user doesn\'t use it properly, leading to in-guest breakage.
* The \"dom0\" option is now supported on Arm and \"sve=\" sub-option can be used to enable dom0 guest to use SVE/SVE2 instructions.
* Physical CPU Hotplug downgraded to Experimental and renamed \"ACPI CPU Hotplug\" for clarity
* On x86, support for features new in Intel Sapphire Rapids CPUs: - PKS (Protection Key Supervisor) available to HVM/PVH guests. - VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server. - Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system wide impact of a guest misusing atomic instructions.
* xl/libxl can customize SMBIOS strings for HVM guests.
* Add support for AVX512-FP16 on x86.
* On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview)
* On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator (Tech Preview)
* Add Intel Hardware P-States (HWP) cpufreq driver.
* On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo).
* Introduce two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses.
* On x86, support for enforcing system-wide operation in Data Operand Independent Timing Mode.
* The project has now officially adopted 6 directives and 65 rules of MISRA-C.
* On x86, the \"pku\" command line option has been removed. It has never behaved precisely as described, and was redundant with the unsupported \"cpuid=no-pku\". Visibility of PKU to guests should be via its vm.cfg file.
* xenpvnetboot removed as unable to convert to Python 3.
* xencons is no longer supported or present. See 5d22d69b30- Droppped patches contained in new tarballs 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch 64d33a57-libxenstat-Linux-nul-terminate-string.patch aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch xen.stubdom.newlib.patch xsa446.patch xsa445.patch xsa438.patch xsa439-00.patch xsa439-01.patch xsa439-02.patch xsa439-03.patch xsa439-04.patch xsa439-05.patch xsa439-06.patch xsa439-07.patch xsa439-08.patch xsa439-09.patch xsa443-10.patch xsa443-11.patch xsa440.patch- Dropped xen-utils-0.1.tar.bz2 The xen-list and xen-destroy commands are removed. Originally created as a better replacement for \'xm\'. The \'xl\' equivalent commands should be used instead.- Dropped libxl.pvscsi.patch Support for PVSCSI devices in the guest is no longer supported.
* Thu Nov 02 2023 carnoldAATTsuse.com- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not fully effective (XSA-446) xsa446.patch
* Fri Oct 27 2023 carnoldAATTsuse.com- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) xsa445.patch
* Wed Oct 18 2023 jfehligAATTsuse.com- Supportconfig: Adapt plugin to modern supportconfig The supportconfig \'scplugin.rc\' file is deprecated in favor of supportconfig.rc\'. Adapt the xen plugin to the new scheme. xen-supportconfig
* Tue Oct 17 2023 jbeulichAATTsuse.com- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) 650abbfe-x86-shadow-defer-PV-top-level-release.patch- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional execution leak via division by zero (XSA-439) 64e5b4ac-x86-AMD-extend-Zenbleed-check.patch 65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch 65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch 65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch 65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch 65087004-x86-entry-restore_all_xen-stack_end.patch 65087005-x86-entry-track-IST-ness-of-entry.patch 65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch 65087007-x86-AMD-Zen-1-2-predicates.patch 65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU TLB flushing (XSA-442) 65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple vulnerabilities in libfsimage disk handling (XSA-443) 65263471-libfsimage-xfs-remove-dead-code.patch 65263472-libfsimage-xfs-amend-mask32lo.patch 65263473-libfsimage-xfs-sanity-check-superblock.patch 65263474-libfsimage-xfs-compile-time-check.patch 65263475-pygrub-remove-unnecessary-hypercall.patch 65263476-pygrub-small-refactors.patch 65263477-pygrub-open-output-files-earlier.patch 65263478-libfsimage-function-to-preload-plugins.patch 65263479-pygrub-deprivilege.patch 6526347a-libxl-allow-bootloader-restricted-mode.patch 6526347b-libxl-limit-bootloader-when-restricted.patch- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD: Debug Mask handling (XSA-444) 6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch 6526347d-x86-PV-auditing-of-guest-breakpoints.patch- Upstream bug fixes (bsc#1027519) 64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch 64eef7e9-x86-reporting-spurious-i8259-interrupts.patch 64f71f50-Arm-handle-cache-flush-at-top.patch 65084ba5-x86-AMD-dont-expose-TscFreqSel.patch- Patches dropped / replaced by newer upstream versions xsa438.patch xsa439-00.patch xsa439-01.patch xsa439-02.patch xsa439-03.patch xsa439-04.patch xsa439-05.patch xsa439-06.patch xsa439-07.patch xsa439-08.patch xsa439-09.patch xsa442.patch xsa443-01.patch xsa443-02.patch xsa443-03.patch xsa443-04.patch xsa443-05.patch xsa443-06.patch xsa443-07.patch xsa443-08.patch xsa443-09.patch xsa443-10.patch xsa443-11.patch xsa444-1.patch xsa444-2.patch
* Wed Sep 27 2023 carnoldAATTsuse.com- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A transaction conflict can crash C Xenstored (XSA-440) xsa440.patch- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU TLB flushing (XSA-442) xsa442.patch- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple vulnerabilities in libfsimage disk handling (XSA-443) xsa443-01.patch xsa443-02.patch xsa443-03.patch xsa443-04.patch xsa443-05.patch xsa443-06.patch xsa443-07.patch xsa443-08.patch xsa443-09.patch xsa443-10.patch xsa443-11.patch- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD: Debug Mask handling (XSA-444) xsa444-1.patch xsa444-2.patch
* Mon Sep 18 2023 carnoldAATTsuse.com- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional execution leak via division by zero (XSA-439) xsa439-00.patch xsa439-01.patch xsa439-02.patch xsa439-03.patch xsa439-04.patch xsa439-05.patch xsa439-06.patch xsa439-07.patch xsa439-08.patch xsa439-09.patch
* Fri Sep 08 2023 carnoldAATTsuse.com- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) xsa438.patch
* Sun Aug 13 2023 oheringAATTsuse.de- Handle potential unaligned access to bitmap in libxc-sr-restore-hvm-legacy-superpage.patch If setting BITS_PER_LONG at once, the initial bit must be aligned
* Thu Aug 10 2023 jbeulichAATTsuse.com- bsc#1212684 - xentop fails with long interface name 64d33a57-libxenstat-Linux-nul-terminate-string.patch
* Tue Aug 08 2023 carnoldAATTsuse.com- Update to Xen 4.17.2 bug fix release (bsc#1027519) xen-4.17.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative Return Stack Overflow (XSA-434)- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data Sampling (XSA-435)- Dropped patches contained in new tarball 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch 645dec48-AMD-IOMMU-assert-boolean-enum.patch 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch 646b782b-PCI-pci_get_pdev-respect-segment.patch 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch 648863fc-AMD-IOMMU-Invalidate-All-check.patch 64bea1b2-x86-AMD-Zenbleed.patch
* Tue Aug 01 2023 oheringAATTsuse.de- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch A bit is an index in bitmap, while bits is the allocated size of the bitmap.
* Fri Jul 28 2023 oheringAATTsuse.de- Add more debug to libxc-sr-track-migration-time.patch This is supposed to help with doing the math in case xl restore fails with ERANGE as reported in bug#1209311
* Tue Jul 25 2023 carnoldAATTsuse.com- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed (XSA-433) 64bea1b2-x86-AMD-Zenbleed.patch
* Thu Jul 06 2023 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 645dec48-AMD-IOMMU-assert-boolean-enum.patch 646b782b-PCI-pci_get_pdev-respect-segment.patch 647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch 648863fc-AMD-IOMMU-Invalidate-All-check.patch
* Mon May 22 2023 carnoldAATTsuse.com- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest SSBD selection on AMD hardware (XSA-431) 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
* Thu May 04 2023 carnoldAATTsuse.com- bsc#1210570 - gcc-13 realloc use-after-free analysis error 64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
* Fri Apr 28 2023 carnoldAATTsuse.com- bsc#1209237 - xen-syms doesn\'t contain debug-info 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
* Thu Apr 27 2023 carnoldAATTsuse.com- Update to Xen 4.17.1 bug fix release (bsc#1027519) xen-4.17.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage- Dropped patches contained in new tarball 63a03b73-VMX-VMExit-based-BusLock-detection.patch 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch 63a03bce-VMX-Notify-VMExit.patch 63a03e28-x86-high-freq-TSC-overflow.patch 63c05478-VMX-calculate-model-specific-LBRs-once.patch 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch 640f3035-x86-altp2m-help-gcc13.patch 641041e8-VT-d-constrain-IGD-check.patch 64104238-bunzip-gcc13.patch 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch 64199e0c-x86-shadow-account-for-log-dirty-mode.patch 64199e0d-x86-HVM-bound-number-of-pca-regions.patch 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch libxl.fix-guest-kexec-skip-cpuid-policy.patch xsa430.patch
* Tue Apr 11 2023 carnoldAATTsuse.com- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging arbitrary pointer dereference (XSA-430) xsa430.patch
* Fri Mar 31 2023 carnoldAATTsuse.com- Not building the shim is correctly handled by --disable-pvshim Drop disable-building-pv-shim.patch
* Thu Mar 23 2023 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 63a03b73-VMX-VMExit-based-BusLock-detection.patch 63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch 63a03bce-VMX-Notify-VMExit.patch 63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch 63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch 63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch 63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch 641041e8-VT-d-constrain-IGD-check.patch 6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch- Use \"proper\" upstream backports: 640f3035-x86-altp2m-help-gcc13.patch 64104238-bunzip-gcc13.patch 64199e0c-x86-shadow-account-for-log-dirty-mode.patch 64199e0d-x86-HVM-bound-number-of-pca-regions.patch 64199e0e-x86-HVM-serialize-pca-list-manipulation.patch 64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch- ... in place of: bunzip-gcc13.patch altp2m-gcc13.patch xsa427.patch xsa428-1.patch xsa428-2.patch xsa429.patch
* Thu Mar 16 2023 oheringAATTsuse.de- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs libxl.fix-guest-kexec-skip-cpuid-policy.patch
* Tue Mar 07 2023 carnoldAATTsuse.com- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus log-dirty mode use-after-free (XSA-427) xsa427.patch- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM pinned cache attributes mis-handling (XSA-428) xsa428-1.patch xsa428-2.patch- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative vulnerability in 32bit SYSCALL path (XSA-429) xsa429.patch
* Thu Mar 02 2023 carnoldAATTsuse.com- bsc#1208736 - GCC 13: xen package fails bunzip-gcc13.patch altp2m-gcc13.patch- Drop gcc13-fixes.patch
* Tue Feb 28 2023 carnoldAATTsuse.com- bsc#1208736 - GCC 13: xen package fails gcc13-fixes.patch
* Wed Feb 15 2023 carnoldAATTsuse.com- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return Address Predictions (XSA-426) 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
* Thu Feb 09 2023 carnoldAATTsuse.com- bsc#1205792 - Partner-L3: launch-xenstore error messages show in SLES15 SP4 xen kernel. 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
* Mon Feb 06 2023 jbeulichAATTsuse.com- bsc#1026236 - tidy/modernize patch xen.bug1026236.suse_vtsc_tolerance.patch
* Mon Feb 06 2023 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 63c05478-VMX-calculate-model-specific-LBRs-once.patch 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause Xenstore crash via soft reset (XSA-425) xsa425.patch -> 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
* Wed Jan 25 2023 carnoldAATTsuse.com- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause Xenstore crash via soft reset (XSA-425) xsa425.patch
* Tue Jan 03 2023 Stefan Schubert - Migration of PAM settings to /usr/lib/pam.d.
* Tue Dec 20 2022 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 63a03e28-x86-high-freq-TSC-overflow.patch
* Thu Dec 08 2022 carnoldAATTsuse.com- Update to Xen 4.17.0 FCS release (jsc#PED-1858) xen-4.17.0-testing-src.tar.bz2
* On x86 \"vga=current\" can now be used together with GrUB2\'s gfxpayload setting. Note that this requires use of \"multiboot2\" (and \"module2\") as the GrUB commands loading Xen.
* The \"gnttab\" option now has a new command line sub-option for disabling the GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C, added MISRA-C checker build integration, and defined how to document deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones when they don\'t share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own protection. Both Shadow Stacks (ROP protection) and Indirect Branch Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line option on Arm.
* Grant-table support on Arm was improved and hardened by implementing \"simplified M2P-like approach for the xenheap pages\"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) \"vesa-mtrr\" and \"vesa-remap\" command line options- Drop patches contained in new tarball or invalid 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch xsa411.patch
* Wed Sep 28 2022 carnoldAATTsuse.com- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) xsa411.patch
* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Mon Aug 29 2022 carnoldAATTsuse.com- bsc#1201994 - Xen DomU unable to emulate audio device 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
* Tue Aug 23 2022 carnoldAATTsuse.com- Things are compiling fine now with gcc12. Drop gcc12-fixes.patch
* Thu Aug 18 2022 carnoldAATTsuse.com- Update to Xen 4.16.2 bug fix release (bsc#1027519) xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage- Drop patches contained in new tarball 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch 62a99614-IOMMU-x86-gcc12.patch 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch xsa408.patch
* Thu Jul 28 2022 oheringAATTsuse.de- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels A previous change to the built-in default had a logic error, effectively restoring the upstream limit of 1023 channels per domU. Fix the logic to calculate the default based on the number of vcpus. adjust libxl.max_event_channels.patch
* Wed Jul 13 2022 carnoldAATTsuse.com- Added --disable-pvshim when running configure in xen.spec. We have never shipped the shim and don\'t need to build it.
* Wed Jul 13 2022 jbeulichAATTsuse.com- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch- Upstream bug fixes (bsc#1027519) 62a99614-IOMMU-x86-gcc12.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch- Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch
* Tue Jul 12 2022 carnoldAATTsuse.com- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch- Fix gcc13 compilation error 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
* Tue Jun 28 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 jbeulichAATTsuse.com- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings fix xsa402-5.patch
* Tue May 31 2022 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition in typeref acquisition xsa401-1.patch xsa401-2.patch- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch
* Tue May 10 2022 Dirk Müller - fix python3 >= 3.10 version detection
* Wed Apr 13 2022 carnoldAATTsuse.com- Update to Xen 4.16.1 bug fix release (bsc#1027519) xen-4.16.1-testing-src.tar.bz2- Drop patches contained in new tarball 61b31d5c-x86-restrict-all-but-self-IPI.patch 61b88e78-x86-CPUID-TSXLDTRK-definition.patch 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch 61f933a4-x86-cpuid-advertise-SSB_NO.patch 61f933a5-x86-drop-use_spec_ctrl-boolean.patch 61f933a6-x86-new-has_spec_ctrl-boolean.patch 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch 61f933a8-x86-SPEC_CTRL-record-last-write.patch 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch 61f933ab-x86-AMD-SPEC_CTRL-infra.patch 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch 6202afa4-x86-TSX-move-has_rtm_always_abort.patch 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch 6202afa8-x86-Intel-PSFD-for-guests.patch 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch xsa397.patch xsa399.patch xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch
* Fri Apr 08 2022 jbeulichAATTsuse.com- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
* Mon Apr 04 2022 carnoldAATTsuse.com- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions between dirty vram tracking and paging log dirty hypercalls (XSA-397) xsa397.patch- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID cleanup (XSA-399) xsa399.patch- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch- Additional upstream bug fixes for XSA-400 (bsc#1027519) 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
* Mon Mar 14 2022 jbeulichAATTsuse.com- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: xen: BHB speculation issues (XSA-398) 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch
* Thu Mar 03 2022 carnoldAATTsuse.com- bsc#1196545 - GCC 12: xen package fails gcc12-fixes.patch
* Mon Feb 14 2022 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch 61f933a4-x86-cpuid-advertise-SSB_NO.patch 61f933a5-x86-drop-use_spec_ctrl-boolean.patch 61f933a6-x86-new-has_spec_ctrl-boolean.patch 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch 61f933a8-x86-SPEC_CTRL-record-last-write.patch 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch 61f933ab-x86-AMD-SPEC_CTRL-infra.patch 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch 6202afa4-x86-TSX-move-has_rtm_always_abort.patch 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch 6202afa8-x86-Intel-PSFD-for-guests.patch- Drop patches replaced by the above: xsa393.patch xsa394.patch xsa395.patch libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Thu Jan 13 2022 carnoldAATTsuse.com- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393) xsa393.patch- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS Xen while unmapping a grant (XSA-394) xsa394.patch- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of passed-through device IRQs (XSA-395) xsa395.patch
* Wed Jan 12 2022 carnoldAATTsuse.com- bsc#1191668 - L3: issue around xl and virsh operation - virsh list not giving any output (see also bsc#1194267) libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
* Tue Jan 11 2022 carnoldAATTsuse.com- bsc#1193307 - pci backend does not exist when attach a vf to a pv guest libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch Drop libxl-PCI-defer-backend-wait.patch
* Thu Jan 06 2022 jbeulichAATTsuse.com- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains an sriov device 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch- Upstream bug fixes (bsc#1027519) 61b31d5c-x86-restrict-all-but-self-IPI.patch 61b88e78-x86-CPUID-TSXLDTRK-definition.patch 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
* Tue Jan 04 2022 James Fehlig - Collect active VM config files in the supportconfig plugin xen-supportconfig
* Thu Dec 09 2021 carnoldAATTsuse.com- bsc#1193307 - pci backend does not exist when attach a vf to a pv guest libxl-PCI-defer-backend-wait.patch
* Wed Dec 01 2021 carnoldAATTsuse.com- Update to Xen 4.16.0 FCS release xen-4.16.0-testing-src.tar.bz2
* Miscellaneous fixes to the TPM manager software in preparation for TPM 2.0 support.
* Increased reliance on the PV shim as 32-bit PV guests will only be supported in shim mode going forward. This change reduces the attack surface in the hypervisor.
* Increased hardware support by allowing Xen to boot on Intel devices that lack a Programmable Interval Timer.
* Cleanup of legacy components by no longer building QEMU Traditional or PV-Grub by default. Note both projects have upstream Xen support merged now, so it is no longer recommended to use the Xen specific forks.
* Initial support for guest virtualized Performance Monitor Counters on Arm.
* Improved support for dom0less mode by allowing the usage on Arm 64bit hardware with EFI firmware.
* Improved support for Arm 64-bit heterogeneous systems by leveling the CPU features across all to improve big.LITTLE support.
* Wed Nov 17 2021 carnoldAATTsuse.com- Update to Xen 4.16.0 RC3 release xen-4.16.0-testing-src.tar.bz2- Drop iPXE sources and patches. iPXE is only used by QEMU traditional which has never shipped with SLE15. ipxe.tar.bz2 ipxe-enable-nics.patch ipxe-no-error-logical-not-parentheses.patch ipxe-use-rpm-opt-flags.patch- Drop building ocaml xenstored in the spec file. There are no plans or need to support this version.
* Mon Nov 08 2021 carnoldAATTsuse.com- Update to Xen 4.16.0 RC2 release xen-4.16.0-testing-src.tar.bz2- Modified files ipxe-use-rpm-opt-flags.patch ipxe.tar.bz2 (new version)
* Mon Nov 01 2021 carnoldAATTsuse.com- Update to Xen 4.16.0 RC1 release xen-4.16.0-testing-src.tar.bz2- Drop patches contained in new tarball or invalid 615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch xenstore-launch.patch
* Wed Oct 06 2021 carnoldAATTsuse.com- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs not deassigned correctly (XSA-386) 615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
* Mon Sep 13 2021 jbeulichAATTsuse.com- Revert \"Simplify %autosetup\".
* Fri Sep 10 2021 carnoldAATTsuse.com- Update to Xen 4.15.1 bug fix release xen-4.15.1-testing-src.tar.bz2- Drop patches contained in new tarball 60631c38-VT-d-QI-restore-flush-hooks.patch 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch 60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 608676f2-VT-d-register-based-invalidation-optional.patch 60a27288-x86emul-gas-2-36-test-harness-build.patch 60af933d-x86-gcc11-hypervisor-build.patch 60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch 60afe617-x86-TSX-minor-cleanup-and-improvements.patch 60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch 60be0e24-credit2-pick-runnable-unit.patch 60be0e42-credit2-per-entity-load-tracking-when-continuing.patch 60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch 60bf9e19-Arm-create-dom0less-domUs-earlier.patch 60bf9e1a-Arm-boot-modules-scrubbing.patch 60bf9e1b-VT-d-size-qinval-queue-dynamically.patch 60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch 60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch 60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch 60bfa904-AMD-IOMMU-wait-for-command-slot.patch 60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch 60c0bf86-x86-TSX-cope-with-deprecation.patch 60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch 60c8de6e-osdep_xenforeignmemory_map-prototype.patch 60d49689-VT-d-undo-device-mappings-upon-error.patch 60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch 60d496d6-VT-d-clear_fault_bits-should-clear-all.patch 60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch 60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch libxl-85760c03d664400368a3f76ae0225307c25049a7.patch libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch libxl-qemu6-vnc-password.patch libxl-qemu6-scsi.patch
* Mon Aug 30 2021 oheringAATTsuse.de- bsc#1189882 - refresh libxc-sr-restore-hvm-legacy-superpage.patch prevent superpage allocation in the LAPIC and ACPI_INFO range
* Wed Aug 04 2021 carnoldAATTsuse.com- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
* Mon Jul 26 2021 oheringAATTsuse.de- Simplify %autosetup
* Fri Jul 23 2021 oheringAATTsuse.de- refresh the migration patches to state v20210713 removed libxc-sr-add-xc_is_known_page_type.patch removed libxc-sr-arrays.patch removed libxc-sr-batch_pfns.patch removed libxc-sr-page_type_has_stream_data.patch removed libxc-sr-use-xc_is_known_page_type.patch removed libxc.migrate_tracking.patch removed libxc.sr.superpage.patch removed libxl.set-migration-constraints-from-cmdline.patch added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch added libxc-sr-abort_if_busy.patch added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch added libxc-sr-max_iters.patch added libxc-sr-min_remaining.patch added libxc-sr-number-of-iterations.patch added libxc-sr-precopy_policy.patch added libxc-sr-restore-hvm-legacy-superpage.patch added libxc-sr-track-migration-time.patch added libxc-sr-xg_sr_bitmap-populated_pfns.patch added libxc-sr-xg_sr_bitmap.patch added libxc-sr-xl-migration-debug.patch
* Fri Jul 23 2021 James Fehlig - spec: Change the \'--with-system-ovmf\' configure option to use the new Xen-specific ovmf firmware. The traditional, unified firmwares will no longer support multi-VMM. For more information https://bugzilla.tianocore.org/show_bug.cgi?id=1689 https://bugzilla.tianocore.org/show_bug.cgi?id=2122
* Wed Jul 21 2021 oheringAATTsuse.de- bsc#1176189 - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown xl-save-pc.patch
* Tue Jul 13 2021 jbeulichAATTsuse.com- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest 60be0e24-credit2-pick-runnable-unit.patch 60be0e42-credit2-per-entity-load-tracking-when-continuing.patch- Upstream bug fixes (bsc#1027519) 60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch 60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch) 60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch) 60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch) 60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch) 60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch) 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch) 60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch) 60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch) 60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch) 60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch 60c8de6e-osdep_xenforeignmemory_map-prototype.patch 60d49689-VT-d-undo-device-mappings-upon-error.patch 60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch 60d496d6-VT-d-clear_fault_bits-should-clear-all.patch 60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch 60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch- Dropped gcc11-fixes.patch
* Tue Jun 29 2021 oheringAATTsuse.de- bsc#1180350 - some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands. libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch libxl-85760c03d664400368a3f76ae0225307c25049a7.patch libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch libxl-qemu6-vnc-password.patch libxl-qemu6-scsi.patch
* Tue Jun 22 2021 oheringAATTsuse.de- Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406)
* Mon Jun 07 2021 oheringAATTsuse.de- Fix shell macro expansion in xen.spec, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877)
* Mon May 31 2021 jbeulichAATTsuse.com- Upstream bug fixes (bsc#1027519) 60631c38-VT-d-QI-restore-flush-hooks.patch 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch 60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 608676f2-VT-d-register-based-invalidation-optional.patch 60a27288-x86emul-gas-2-36-test-harness-build.patch 60af933d-x86-gcc11-hypervisor-build.patch 60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch 60afe617-x86-TSX-minor-cleanup-and-improvements.patch 60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch- Embargoed security fixes xsa372-1.patch xsa372-2.patch xsa373-1.patch xsa373-2.patch xsa373-3.patch xsa373-4.patch xsa373-5.patch xsa375.patch xsa377.patch- Embargoed non-security fix x86-TSX-cope-with-deprecation.patch
* Mon May 31 2021 jbeulichAATTsuse.com- x86-cpufreq-report.patch: Drop. We haven\'t had a kernel understanding this custom extension for quite some time.
* Tue May 04 2021 oheringAATTsuse.de- Add xen.sysconfig-fillup.patch to make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update
* Tue May 04 2021 oheringAATTsuse.de- Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf The number of loop devices is unlimited since a while
* Tue Apr 27 2021 oheringAATTsuse.de- Refresh xenstore-launch.patch to cover also daemon case
* Thu Apr 22 2021 carnoldAATTsuse.com- Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it, drop reproducible.patch
* Tue Apr 20 2021 carnoldAATTsuse.com- Update to Xen 4.15.0 FCS release xen-4.15.0-testing-src.tar.bz2
* Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
* Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
* Xenstored and oxenstored both now support LiveUpdate (tech preview).
* Unified boot images
* Switched x86 MSR accesses to deny by default policy.
* Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
* Support for zstd-compressed dom0 (x86) and domU kernels.
* Reduce ACPI verbosity by default.
* Add ucode=allow-same option to test late microcode loading path.
* Library improvements from NetBSD ports upstreamed.
* x86: Allow domains to use AVX-VNNI instructions.
* Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
* xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
* On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
* Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.- Dropped patches contained in new tarball 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6011bbc7-x86-timer-fix-boot-without-PIT.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch libxc-bitmap-longs.patch libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxl.fix-libacpi-dependency.patch stubdom-have-iovec.patch xenwatchdogd-options.patch
* Mon Apr 19 2021 carnoldAATTsuse.com- bsc#1180491 - \"Panic on CPU 0: IO-APIC + timer doesn\'t work!\" 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch- Upstream bug fixes (bsc#1027519) 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
* Thu Mar 25 2021 oheringAATTsuse.de- bsc#1137251 - Restore changes for xen-dom0-modules.service which were silently removed on 2019-10-17
* Fri Mar 12 2021 oheringAATTsuse.de- bsc#1177112 - Fix libxc.sr.superpage.patch The receiving side did detect holes in a to-be-allocated superpage, but allocated a superpage anyway. This resulted to over-allocation.
* Mon Mar 08 2021 oheringAATTsuse.de- bsc#1167608 - adjust limit for max_event_channels A previous change allowed an unbound number of event channels to make sure even large domUs can start of of the box. This may have a bad side effect in the light of XSA-344. Adjust the built-in limit based on the number of vcpus. In case this is not enough, max_event_channels=/maxEventChannels= has to be used to set the limit as needed for large domUs adjust libxl.max_event_channels.patch
* Fri Mar 05 2021 carnoldAATTsuse.com- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes toolstack (XSA-368). Also resolves, bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl bsc#1181989 - openQA job causes libvirtd to dump core when running kdump inside domain xsa368.patch
* Fri Feb 26 2021 jbeulichAATTsuse.com- bsc#1177204 - L3-Question: conring size for XEN HV\'s with huge memory to small. Inital Xen logs cut 5ffc58c4-ACPI-reduce-verbosity-by-default.patch- Upstream bug fixes (bsc#1027519) 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch- bsc#1181921 - GCC 11: xen package fails gcc11-fixes.patch
* Tue Feb 23 2021 carnoldAATTsuse.com- bsc#1182576 - L3: XEN domU crashed on resume when using the xl unpause command 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
* Thu Feb 18 2021 carnoldAATTsuse.com- Start using the %autosetup macro to simplify patch management xen.spec
* Wed Feb 10 2021 carnoldAATTsuse.com- bsc#1181921 - GCC 11: xen package fails gcc11-fixes.patch- Drop gcc10-fixes.patch
* Tue Feb 02 2021 carnoldAATTsuse.com- Upstream bug fixes (bsc#1027519) 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch) 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch- bsc#1180491 - \"Panic on CPU 0: IO-APIC + timer doesn\'t work!\" 6011bbc7-x86-timer-fix-boot-without-PIT.patch
* Thu Jan 21 2021 carnoldAATTsuse.com- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360) xsa360.patch
* Wed Jan 13 2021 carnoldAATTsuse.com- bsc#1180794 - bogus qemu binary path used when creating fv guest under xen xen.spec
* Wed Jan 13 2021 carnoldAATTsuse.com- bsc#1180690 - L3-Question: xen: no needsreboot flag set Add Provides: installhint(reboot-needed) in xen.spec for libzypp
* Mon Jan 04 2021 oheringAATTsuse.de- Update libxl.set-migration-constraints-from-cmdline.patch Remove code which handled --max_factor. The total amount of transferred data is no indicator to trigger the final stop+copy. This should have been removed during upgrade to Xen 4.7. Fix off-by-one in --max_iters, it caused one additional copy cycle. Reduce default value of --max_iters from 5 to 2. The workload within domU will continue to produce dirty pages. It is unreasonable to expect any slowdown during migration. Now there is one initial copy of all memory, one instead of four iteration for dirty memory, and a final copy iteration prior move.
 
ICM