|
|
|
|
Changelog for xen-dom0-libs-4.13.5-10.58.xcpng8.3.x86_64.rpm :
* Mon Dec 04 2023 Alejandro Vallejo - 4.13.5-10.58- Remove limit of 64 CPUs from hvmloader.- Fix pygrub incompatibility with python3.- Improve the livepatch infrastructure. * Wed Nov 08 2023 Roger Pau Monné - 4.13.5-10.57- Add new x2APIC \'Mixed mode\' driver, and use it by default. * Wed Nov 01 2023 Andrew Cooper - 4.13.5-10.56- Fixes for - XSA-445 CVE-2023-46835 - XSA-446 CVE-2023-46836 * Wed Nov 01 2023 Andrew Cooper - 4.13.5-10.55- Fix for AMD erratum #1485, which has been observed to cause #UD exception on AMD Zen4 systems.- Allow using the platform/ovmf-override key to configure the OVMF firwmare to use on a per-VM basis.- Further Python3 fixes. * Tue Oct 17 2023 Andrew Cooper - 4.13.5-10.54- Increase the compile time max CPUs from 512 to 2048. * Fri Sep 29 2023 Andrew Cooper - 4.13.5-10.53- Fixes for - XSA-438 CVE-2023-34322 - XSA-440 CVE-2023-34323 - XSA-442 CVE-2023-34326 - XSA-443 CVE-2023-34325 - XSA-444 CVE-2023-34327 CVE-2023-34328- Pygrub extended to deprivilege itself before operating on guest disks. * Tue Sep 19 2023 Andrew Cooper - 4.13.5-10.52- Fix for XSA-439 / CVE-2023-20588.- Ignore MADT entries with invalid APIC_IDs.- Fix the emulation of VPBLENDMW with a mask and memory operand.- Fix a incorrect diagnostic about spurious interrupts. * Fri Aug 25 2023 Andrew Cooper - 4.13.5-10.51- Further fix for XSA-433. Extend the chicken-bit workaround to all CPUs which appear to be a Zen2 microarchtiecture, even those not on the published model list.- Fix for AMD errata #1474. Disable C6 after 1000 days of uptime on AMD Zen2 systems to avoid a crash at ~1044 days.- Fix for MSR_ARCH_CAPS boot-time calculations for PV guests.- Remove the debug PV-shim hypervisor. The release build is still present and operates as before.- Remove TBOOT and XENOPROF support in Xen. Both are obsolete and the latter leaves benign-but-alarming messages in logs.- Remove the \"pod\" command line option. This was intended as a further workaround for XSA-246, but wasn\'t effective owing to poor error handling elsewhere. * Thu Aug 03 2023 Andrew Cooper - 4.13.5-10.50- Fixes for - XSA-434 CVE-2023-20569 - XSA-435 CVE-2022-40982 * Thu Aug 03 2023 Andrew Cooper - 4.13.5-10.49- Fix bug in XSA-433 fix, which accidentally disabled a hardware errata workaround.- Update IO-APIC IRTEs atomically. Fixes a race condition which causes interrupts to be routed badly, often with \"No irq handler for vector\" errors.- Expose MSR_ARCH_CAPS to guests on all Intel hardware by default. On Cascade Lake and later hardware, guests now see the bits stating hardware immunity to various speculative vulnerabilities. * Mon Jul 24 2023 Andrew Cooper - 4.13.5-10.48- Fix for XSA-433 CVE-2023-20593.- Limit scheduler loadbalancing to once per millisecond. This improves performance on large systems.- Mask IO-APIC pins before enabling LVTERR/ESR. This fixes issues booting if firmware leaves the IO-APIC in a bad state. * Tue Jun 06 2023 Pau Ruiz Safont - 4.13.5-10.47- Backport late microcode loading changes.- Rebuild with Ocaml 4.14. * Fri May 19 2023 Roger Pau Monné - 4.13.5-10.46- Fix AMD-Vi assert.- Remove broken not built code in pv-iommu.- Add test_x86_emulator to XenDom0Tests. * Thu May 11 2023 Andrew Cooper - 4.13.5-10.45- Ignore VCPU_SSHOTTMR_future entirely. The only known user of this is Linux prior to v4.7, and the usage is buggy. This resolves guest crashes during migration.- Improve Xen\'s early boot checking of its own alignment. In case of a bootloader error, this turns a crash with no diagnostics into a clear error message.- Drop XENMEM_get_mfn_from_pfn technical debt, the use of which has been replaced by PV-IOMMU.- Minor specfile improvements; branding, and a bad changelog date. * Thu Apr 27 2023 Andrew Cooper - 4.13.5-10.44- Add Obsoletes following the removal of xen-installer-files. * Mon Apr 17 2023 Andrew Cooper - 4.13.5-10.43- Remove the NR_IOMMUs compile time limit. This is necessary to boot on 4-socket Sapphire Rapids systems.- Cope booting in x2APIC mode on AMD systems without XT mode.- Allow creating domains with grant settings larger than dom0.- Remove sequential microcode application support. Only parallel application is supported by the HW vendors.- Introduce an elfnote for Dom0 <-> Xen negotiation of the activation of PV-IOMMU.- Increase the size of the serial transmit buffer.- Backport python3 shebang fixes. Drop obsolete scripts.- Remove the xen-installer-files subpackage. It was a vestigial remnant of an old build system. * Mon Mar 06 2023 Andrew Cooper - 4.13.5-10.42- Fixes for - XSA-427 CVE-2022-42332 - XSA-428 CVE-2022-42333 CVE-2022-42334 - XSA-429 CVE-2022-42331- Move partial python library from xen-tools to xen-dom0-tools. The content was all specific to dom0, and ineligible to be used elsewhere.- Reintroduce the python2 pygrub/libfsimage bindings. * Fri Mar 03 2023 Andrew Cooper - 4.13.5-10.41- Load AMD microcode on all logical processors.- Switch to using Python 3. Retain Python 2 builds of xen.lowlevel in the short term until dependent packages have been updated.- Fix libfsimage build in the presence of newer Linux headers. * Mon Feb 06 2023 Andrew Cooper - 4.13.5-10.40- Fix for XSA-426 CVE-2022-27672.- More fixes for memory corruption issues in the Ocaml bindings.- On xenstored live update, validate the config file before launching into the new xenstored. * Thu Feb 02 2023 Andrew Cooper - 4.13.5-10.39- Fix memory corruption issues in the Ocaml bindings. * Mon Jan 16 2023 Andrew Cooper - 4.13.5-10.38- Update to Xen 4.13.5 * Fri Jan 13 2023 Andrew Cooper - 4.13.4-10.37- Initial support for Intel Sapphire Rapids.- Don\'t mark IRQ vectors as pending when the vLAPIC is disabled. This fixes an issue with Linux 5.19 and later.- Remove an incorrect but benign warning which occurs for a UEFI VM that modifies the vRTC time.- Fix overflow with high frequency TSCs.- Fix crash on boot with invalid UEFI framebuffer configurations.- Fix race condition releasing an IRQ which is in the process of moving between CPUs.- Fix timer affinity after S3.- Drop Introspection Extensions. * Fri Dec 02 2022 Andrew Cooper - 4.13.4-10.36- Activate AVX-512 by default on AMD platforms.- Fixes for oxenstored live update. * Fri Nov 04 2022 Andrew Cooper - 4.13.4-10.35- Fix for XSA-422 CVE-2022-23824 * Thu Oct 27 2022 Andrew Cooper - 4.13.4-10.34- Fixes for - XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 - XSA-414 CVE-2022-42309 - XSA-415 CVE-2022-42310 - XSA-416 CVE-2022-42319 - XSA-417 CVE-2022-42320 - XSA-418 CVE-2022-42321 - XSA-419 CVE-2022-42322 CVE-2022-42323 - XSA-420 CVE-2022-42324 - XSA-421 CVE-2022-42325 CVE-2022-42326 * Thu Oct 06 2022 Andrew Cooper - 4.13.4-10.33- Fixes for XSA-410 CVE-2022-33746, XSA-411 CVE-2022-33748.- Activate DOITM (Data Operand Invariant Timing Mode) unilaterally on capable hardware (Intel IceLake/Gracemont and later) to keep properly-written crypto code safe from timing attacks.- Fix compressed XSAVE size reporting. Fixes an issue with Linux 5.19+ on Intel Skylake or AMD Zen1 or later hardware.- Fix a performance issue when when using CUDA workloads (e.g. Tensorflow) on a passed-through GPU. * Fri Sep 16 2022 Ross Lagerwall - 4.13.4-10.32- Add TPM 2.0 supporting patches * Wed Aug 17 2022 Andrew Cooper - 4.13.4-10.31- Fix CPU hotplug on AMD.- Improve diagnostics in nmi_show_execution_state().- Rework specfile so tools get the default RPM CFLAGS/LDFLAGS, including various hardening settings. * Tue Aug 09 2022 Pau Ruiz Safont - 4.13.4-10.30- Bump release and rebuild with OCaml 4.13.1-3 compiler. * Fri Aug 05 2022 Andrew Cooper - 4.13.4-10.29- Improve boot speed by using WC mappings for the VGA framebuffer.- Fix crash on boot on AMD Zen2/3 systems when x2apic is disabled by firmware.- Correct the RPM license fields. * Tue Jul 26 2022 Andrew Cooper - 4.13.4-10.28- Fix for XSA-408 CVE-2022-33745. * Fri Jul 08 2022 Andrew Cooper - 4.13.4-10.27- Fixes for XSA-407 CVE-2022-23816 CVE-2022-23825.- Switch to x2APIC physical destination mode by default. Addresses problems with vector exhaustion on large systems.- Address an issue where EPT superpages were unnecessarily split. * Thu Jun 16 2022 Andrew Cooper - 4.13.4-10.26- Fixes for XSA-404 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166. * Thu Jun 09 2022 Andrew Cooper - 4.13.4-10.25- Fixes for XSA-401 CVE-2022-26362, XSA-402 CVE-2022-26363 CVE-2022-26364. * Wed Apr 13 2022 Andrew Cooper - 4.13.4-10.24- Rebuild using devtoolset-11. * Wed Apr 13 2022 Andrew Cooper - 4.13.4-10.23- Fixes to the XSA-400 changes. * Fri Mar 25 2022 Andrew Cooper - 4.13.4-10.22- Fixes for XSA-397 CVE-2022-26356, XSA-399 CVE-2022-26357, XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361. * Thu Mar 10 2022 Andrew Cooper - 4.13.4-10.21- Fix for XSA-386 CVE-2021-26401. * Tue Feb 15 2022 Rob Hoes - 4.13.4-10.20- Rebuild with OCaml 4.13.1 compiler.- CP-37343: Drop Ocaml/CPUID technical debt. * Tue Feb 08 2022 Andrew Cooper - 4.13.4-10.19- Fixes for XSA-394 CVE-2022-23034, XSA-395 CVE-2022-23035.- Support for AMD MSR_SPEC_CTRL in HVM guests.- Logic to match the Intel Feb 2022 microcode. De-featuring TSX on more client parts, and retrofitting AMD\'s PSFD interface for guests.- Build fix for Ocaml 4.12- Fix and simplify runtime new CPUID feature logic. * Wed Dec 22 2021 Igor Druzhinin - 4.13.4-10.18- CA-361938: Fix advertisment of HLE/RTM to guests on Broadwell- CA-360592: CVE-2021-28705 / XSA-389: issues with partially successful P2M updates on x86- CA-360591: CVE-2021-28704 / XSA-388: PoD operations on misaligned GFNs * Tue Nov 02 2021 Igor Druzhinin - 4.13.4-10.17- CP-38201: Enable static analysis with Coverity * Wed Oct 13 2021 Andrew Cooper - 4.13.4-3- Fix ACPI table alignment in guests- Fix compat hypercall translation- Perf improvements at boot, for hypercalls, and for the XSM subsystem * Wed Oct 06 2021 Andrew Cooper - 4.13.4-2- Fix boot failure if a PCI Bridge is has a subordinate bus of 255.- Reduce overhead from the trace infrastructure.- Fix for XSA-386 CVE-2021-28702. * Fri Sep 10 2021 Andrew Cooper - 4.13.4-1- Update to RELEASE-4.13.4. * Wed Sep 08 2021 Andrew Cooper - 4.13.3-10.16- Fix for XSA-384 CVE-2021-28701.- Bugfixes to XSA-378 fix. * Wed Sep 01 2021 Andrew Cooper - 4.13.3-10.15- Fixes for XSA-378 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696, XSA-379 CVE-2021-28697, XSA-380 CVE-2021-28698, XSA-382 CVE-2021-28699.- Retain visibility of HLE/RTM CPUID bits in guests when resuming on a client part with TSX disabled.- Use production hypervisor by default, rather than the debug hypervisor. * Mon Aug 23 2021 Andrew Cooper - 4.13.3-10.14- Disable 32bit PV guests by default. They\'re not security supported at all and by disabling them, we can recover performance in the common case from the Spectre mitigations. If necessary, 32bit PV guests can be re-enabled by booting Xen with `pv=32`. * Mon Jul 26 2021 Igor Druzhinin - 4.13.3-10.13- Correctly handle IRQ > 255 on PCI passthrough- Reserve HyperTransport region properly on AMD Fam 17h+- More IOMMU error path fixes- Fix populating vbd.rd_sect in xentop * Wed Jul 21 2021 Andrew Cooper - 4.13.3-10.12- Remove old workaround which causes a test-tsx failure on the hardware which the Intel June microcode de-featured TSX on. * Wed Jun 30 2021 Andrew Cooper - 4.13.3-10.11- Fix migration of VMs which previously saw MPX. * Tue Jun 22 2021 Andrew Cooper - 4.13.3-10.10- New xen-dom0-tests subpackage with unit and low level functional tests.- Logic to match the Intel June microcode, de-featuring TSX on client parts.- Prep work to move CPUID handling out of xenopsd and into libxc.- Hide MPX by default from VMs. * Mon Jun 14 2021 Igor Druzhinin - 4.13.3-10.8- Fix another race with vCPU timers * Wed Jun 09 2021 Andrew Cooper - 4.13.3-10.7- LBR and PMU fixes for Icelake Server- Don\'t assume that VT-d Register based invalidation is available. Expected to be necessary to boot on Sapphire Rapids Server.- Fix the emulation of the PINSRW instruction.- Reduce lock contention for virtual periodic timers, to fix a perf regression introduced by the XSA-336 fix.- Fixes for XSA-373 CVE-2021-28692, XSA-375 CVE-2021-0089 CVE-2021-26313, XSA-377 CVE-2021-28690. * Fri Apr 16 2021 Andrew Cooper - 4.13.3-10.6- Fix booting on Intel systems with static PIT clock gating.- Drop unnecessary build dependencies. * Fri Mar 26 2021 Rob Hoes - 4.13.3-10.5- Rebuild with OCaml 4.10 compiler. * Tue Mar 23 2021 Andrew Cooper - 4.13.3-10.4- Update to Xen 4.13.3. * Mon Mar 22 2021 Andrew Cooper - 4.13.2-10.3- Fix library packaging so that autoreqprov doesn\'t cause xen-libs{,-devel} to depend on xen-dom0-libs{,devel}. * Fri Mar 12 2021 Andrew Cooper - 4.13.2-10.2- Fix a failure to boot of Windows Server vNext (build 20270). Reduces the upper limit of HVM vCPUs to 64, pending other bugfixes.- Advertise Viridian vCPU hotplug to guests as Xen already implements the functionality.- Fixes for XSA-360 CVE-2021-3308.- Backport XEN_DMOP_nr_vcpus and stable library fixes.- Backport build system fix and drop 32bit libc as a build dependency.- Fix microcode loading on AMD Family 19h (Zen3) parts.- Fix HVM Shadow / migrating PV guests on IceLake parts.- Fix booting on IceLake when the IOMMU is left in a partially initialised state by the firmware. * Fri Dec 18 2020 Andrew Cooper - 4.13.2-10.1- Backport changes for Ocaml 4.10 compatibility- Fixes for XSA-115 CVE-2020-29480, XSA-322 CVE-2020-29481, XSA-323 CVE-2020-29482, XSA-324 CVE-2020-29484, XSA-325 CVE-2020-29483, XSA-330 CVE-2020-29485, XSA-348 CVE-2020-29484, XSA-352 CVE-2020-29486, XSA-353 CVE-2020-29479, XSA-359 CVE-2020-29571- Prototype oxenstored live update support
|
|
|