|
|
|
|
Changelog for xen-ocaml-devel-4.13.4-10.35.xcpng8.3.x86_64.rpm :
* Fri Nov 04 2022 Andrew Cooper - 4.13.4-10.35- Fix for XSA-422 CVE-2022-23824 * Thu Oct 27 2022 Andrew Cooper - 4.13.4-10.34- Fixes for - XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 - XSA-414 CVE-2022-42309 - XSA-415 CVE-2022-42310 - XSA-416 CVE-2022-42319 - XSA-417 CVE-2022-42320 - XSA-418 CVE-2022-42321 - XSA-419 CVE-2022-42322 CVE-2022-42323 - XSA-420 CVE-2022-42324 - XSA-421 CVE-2022-42325 CVE-2022-42326 * Thu Oct 06 2022 Andrew Cooper - 4.13.4-10.33- Fixes for XSA-410 CVE-2022-33746, XSA-411 CVE-2022-33748.- Activate DOITM (Data Operand Invariant Timing Mode) unilaterally on capable hardware (Intel IceLake/Gracemont and later) to keep properly-written crypto code safe from timing attacks.- Fix compressed XSAVE size reporting. Fixes an issue with Linux 5.19+ on Intel Skylake or AMD Zen1 or later hardware.- Fix a performance issue when when using CUDA workloads (e.g. Tensorflow) on a passed-through GPU. * Fri Sep 16 2022 Ross Lagerwall - 4.13.4-10.32- Add TPM 2.0 supporting patches * Wed Aug 17 2022 Andrew Cooper - 4.13.4-10.31- Fix CPU hotplug on AMD.- Improve diagnostics in nmi_show_execution_state().- Rework specfile so tools get the default RPM CFLAGS/LDFLAGS, including various hardening settings. * Tue Aug 09 2022 Pau Ruiz Safont - 4.13.4-10.30- Bump release and rebuild with OCaml 4.13.1-3 compiler. * Fri Aug 05 2022 Andrew Cooper - 4.13.4-10.29- Improve boot speed by using WC mappings for the VGA framebuffer.- Fix crash on boot on AMD Zen2/3 systems when x2apic is disabled by firmware.- Correct the RPM license fields. * Tue Jul 26 2022 Andrew Cooper - 4.13.4-10.28- Fix for XSA-408 CVE-2022-33745. * Fri Jul 08 2022 Andrew Cooper - 4.13.4-10.27- Fixes for XSA-407 CVE-2022-23816 CVE-2022-23825.- Switch to x2APIC physical destination mode by default. Addresses problems with vector exhaustion on large systems.- Address an issue where EPT superpages were unnecessarily split. * Thu Jun 16 2022 Andrew Cooper - 4.13.4-10.26- Fixes for XSA-404 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166. * Thu Jun 09 2022 Andrew Cooper - 4.13.4-10.25- Fixes for XSA-401 CVE-2022-26362, XSA-402 CVE-2022-26363 CVE-2022-26364. * Wed Apr 13 2022 Andrew Cooper - 4.13.4-10.24- Rebuild using devtoolset-11. * Wed Apr 13 2022 Andrew Cooper - 4.13.4-10.23- Fixes to the XSA-400 changes. * Fri Mar 25 2022 Andrew Cooper - 4.13.4-10.22- Fixes for XSA-397 CVE-2022-26356, XSA-399 CVE-2022-26357, XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361. * Thu Mar 10 2022 Andrew Cooper - 4.13.4-10.21- Fix for XSA-386 CVE-2021-26401. * Tue Feb 15 2022 Rob Hoes - 4.13.4-10.20- Rebuild with OCaml 4.13.1 compiler.- CP-37343: Drop Ocaml/CPUID technical debt. * Tue Feb 08 2022 Andrew Cooper - 4.13.4-10.19- Fixes for XSA-394 CVE-2022-23034, XSA-395 CVE-2022-23035.- Support for AMD MSR_SPEC_CTRL in HVM guests.- Logic to match the Intel Feb 2022 microcode. De-featuring TSX on more client parts, and retrofitting AMD\'s PSFD interface for guests.- Build fix for Ocaml 4.12- Fix and simplify runtime new CPUID feature logic. * Wed Dec 22 2021 Igor Druzhinin - 4.13.4-10.18- CA-361938: Fix advertisment of HLE/RTM to guests on Broadwell- CA-360592: CVE-2021-28705 / XSA-389: issues with partially successful P2M updates on x86- CA-360591: CVE-2021-28704 / XSA-388: PoD operations on misaligned GFNs * Tue Nov 02 2021 Igor Druzhinin - 4.13.4-10.17- CP-38201: Enable static analysis with Coverity * Wed Oct 13 2021 Andrew Cooper - 4.13.4-3- Fix ACPI table alignment in guests- Fix compat hypercall translation- Perf improvements at boot, for hypercalls, and for the XSM subsystem * Wed Oct 06 2021 Andrew Cooper - 4.13.4-2- Fix boot failure if a PCI Bridge is has a subordinate bus of 255.- Reduce overhead from the trace infrastructure.- Fix for XSA-386 CVE-2021-28702. * Fri Sep 10 2021 Andrew Cooper - 4.13.4-1- Update to RELEASE-4.13.4. * Wed Sep 08 2021 Andrew Cooper - 4.13.3-10.16- Fix for XSA-384 CVE-2021-28701.- Bugfixes to XSA-378 fix. * Wed Sep 01 2021 Andrew Cooper - 4.13.3-10.15- Fixes for XSA-378 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696, XSA-379 CVE-2021-28697, XSA-380 CVE-2021-28698, XSA-382 CVE-2021-28699.- Retain visibility of HLE/RTM CPUID bits in guests when resuming on a client part with TSX disabled.- Use production hypervisor by default, rather than the debug hypervisor. * Mon Aug 23 2021 Andrew Cooper - 4.13.3-10.14- Disable 32bit PV guests by default. They\'re not security supported at all and by disabling them, we can recover performance in the common case from the Spectre mitigations. If necessary, 32bit PV guests can be re-enabled by booting Xen with `pv=32`. * Mon Jul 26 2021 Igor Druzhinin - 4.13.3-10.13- Correctly handle IRQ > 255 on PCI passthrough- Reserve HyperTransport region properly on AMD Fam 17h+- More IOMMU error path fixes- Fix populating vbd.rd_sect in xentop * Wed Jul 21 2021 Andrew Cooper - 4.13.3-10.12- Remove old workaround which causes a test-tsx failure on the hardware which the Intel June microcode de-featured TSX on. * Wed Jun 30 2021 Andrew Cooper - 4.13.3-10.11- Fix migration of VMs which previously saw MPX. * Tue Jun 22 2021 Andrew Cooper - 4.13.3-10.10- New xen-dom0-tests subpackage with unit and low level functional tests.- Logic to match the Intel June microcode, de-featuring TSX on client parts.- Prep work to move CPUID handling out of xenopsd and into libxc.- Hide MPX by default from VMs. * Mon Jun 14 2021 Igor Druzhinin - 4.13.3-10.8- Fix another race with vCPU timers * Wed Jun 09 2021 Andrew Cooper - 4.13.3-10.7- LBR and PMU fixes for Icelake Server- Don\'t assume that VT-d Register based invalidation is available. Expected to be necessary to boot on Sapphire Rapids Server.- Fix the emulation of the PINSRW instruction.- Reduce lock contention for virtual periodic timers, to fix a perf regression introduced by the XSA-336 fix.- Fixes for XSA-373 CVE-2021-28692, XSA-375 CVE-2021-0089 CVE-2021-26313, XSA-377 CVE-2021-28690. * Fri Apr 16 2021 Andrew Cooper - 4.13.3-10.6- Fix booting on Intel systems with static PIT clock gating.- Drop unnecessary build dependencies. * Fri Mar 26 2021 Rob Hoes - 4.13.3-10.5- Rebuild with OCaml 4.10 compiler. * Tue Mar 23 2021 Andrew Cooper - 4.13.3-10.4- Update to Xen 4.13.3. * Mon Mar 22 2021 Andrew Cooper - 4.13.2-10.3- Fix library packaging so that autoreqprov doesn\'t cause xen-libs{,-devel} to depend on xen-dom0-libs{,devel}. * Fri Mar 12 2021 Andrew Cooper - 4.13.2-10.2- Fix a failure to boot of Windows Server vNext (build 20270). Reduces the upper limit of HVM vCPUs to 64, pending other bugfixes.- Advertise Viridian vCPU hotplug to guests as Xen already implements the functionality.- Fixes for XSA-360 CVE-2021-3308.- Backport XEN_DMOP_nr_vcpus and stable library fixes.- Backport build system fix and drop 32bit libc as a build dependency.- Fix microcode loading on AMD Family 19h (Zen3) parts.- Fix HVM Shadow / migrating PV guests on IceLake parts.- Fix booting on IceLake when the IOMMU is left in a partially initialised state by the firmware. * Fri Dec 18 2020 Andrew Cooper - 4.13.2-10.1- Backport changes for Ocaml 4.10 compatibility- Fixes for XSA-115 CVE-2020-29480, XSA-322 CVE-2020-29481, XSA-323 CVE-2020-29482, XSA-324 CVE-2020-29484, XSA-325 CVE-2020-29483, XSA-330 CVE-2020-29485, XSA-348 CVE-2020-29484, XSA-352 CVE-2020-29486, XSA-353 CVE-2020-29479, XSA-359 CVE-2020-29571- Prototype oxenstored live update support
|
|
|