commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-09-25 16:21:02 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.4249 (New) Package is "xen" Fri Sep 25 16:21:02 2020 rev:291 rq:836146 version:4.14.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-09-18 14:28:08.459274689 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.4249/xen.changes2020-09-25 16:21:30.839358028 +0200 @@ -1,0 +2,59 @@ +Tue Sep 22 10:54:28 MDT 2020 - carn...@suse.com + +- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when + handling guest access to MSR_MISC_ENABLE (XSA-333) + 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch +- bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in + XENMEM_acquire_resource error path (XSA-334) + 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch +- bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating + timers between x86 HVM vCPU-s (XSA-336) + 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch +- bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code + reading back hardware registers (XSA-337) + 5f6a05fa-msi-get-rid-of-read_msi_msg.patch + 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch +- bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event + channels may not turn invalid (XSA-338) + 5f6a062c-evtchn-relax-port_is_valid.patch +- bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel + DoS via SYSENTER (XSA-339) + 5f6a065c-pv-Avoid-double-exception-injection.patch +- bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier + barriers when accessing/allocating an event channel (XSA-340) + 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch +- bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event + channels available to 32-bit x86 domains (XSA-342) + 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch +- bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with + evtchn_reset() (XSA-343) + 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch + 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch + 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch +- bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in + evtchn_reset() / evtchn_destroy() (XSA-344) + 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch + 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch +- Upstream bug fix (bsc#1027519) + 5f5b6951-x86-PV-64bit-segbase-consistency.patch + +--- +Mon Sep 21 14:03:02 MDT 2020 - carn...@suse.com + +- Fix problems in xen.spec with building on aarch64 + +--- +Fri Sep 18 15:20:31 MDT 2020 - carn...@suse.com + +- Make use of %service_del_postun_without_restart while preserving + the old behavior for older distros. +- In %post tools, remove unnecessary qemu symlinks. + +--- +Thu Sep 17 11:11:11 UTC 2020 - oher...@suse.de + +- Fix error in xen-tools %post when linking pvgrub64.bin +- Make paths below libexec more explicit +- Create symlink also for pvgrub32.bin + +--- New: 5f5b6951-x86-PV-64bit-segbase-consistency.patch 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch 5f6a062c-evtchn-relax-port_is_valid.patch 5f6a065c-pv-Avoid-double-exception-injection.patch 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.juoBW6/_old 2020-09-25 16:21:32.367359381 +0200 +++ /var/tmp/diff_new_pack.juoBW6/_new 2020-09-25 16:21:32.371359385 +0200 @@ -38,6 +38,7 @@ %bcond_withxen_stubdom %endif # +%define qemu_arch i386 %ifarch x86_64 %define
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-09-18 14:26:58 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.4249 (New) Package is "xen" Fri Sep 18 14:26:58 2020 rev:290 rq:834358 version:4.14.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-09-05 23:57:08.383095719 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.4249/xen.changes2020-09-18 14:28:08.459274689 +0200 @@ -1,0 +2,23 @@ +Fri Sep 11 11:11:11 UTC 2020 - oher...@suse.de + +- Revert previous libexec change for qemu compat wrapper + The path is used in existing domU.xml files in the emulator field +- Escape some % chars in xen.spec, they have to appear verbatim + +--- +Wed Sep 9 10:11:12 UTC 2020 - oher...@suse.de + +- Enhance libxc.migrate_tracking.patch + Print number of allocated pages on sending side, this is more + accurate than p2m_size. + +--- +Wed Sep 2 12:53:47 MDT 2020 - carn...@suse.com + +- jsc#SLE-15926 - Dev: XEN: drop netware support + Dropped the following patches + pygrub-netware-xnloader.patch + xnloader.py + Refreshed pygrub-boot-legacy-sles.patch + +--- Old: pygrub-netware-xnloader.patch xnloader.py Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.mH2Vb6/_old 2020-09-18 14:28:10.459276703 +0200 +++ /var/tmp/diff_new_pack.mH2Vb6/_new 2020-09-18 14:28:10.467276711 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -123,7 +123,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.14.0_02 +Version:4.14.0_06 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -149,8 +149,7 @@ # Init script and sysconf file for pciback Source34: init.pciback Source35: sysconfig.pciback -Source36: xnloader.py -Source37: xen2libvirt.py +Source36: xen2libvirt.py # Systemd service files Source41: xencommons.service Source42: xen-dom0-modules.service @@ -186,7 +185,6 @@ Patch452: hibernate.patch Patch453: stdvga-cache.patch Patch454: ipxe-enable-nics.patch -Patch455: pygrub-netware-xnloader.patch Patch456: pygrub-boot-legacy-sles.patch Patch457: pygrub-handle-one-line-menu-entries.patch Patch458: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch @@ -217,7 +215,7 @@ Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch Patch9: reproducible.patch -Url:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ +URL:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define pyver %(python3 -c "import sys; print(sys.version[:3])") @@ -416,7 +414,6 @@ %patch452 -p1 %patch453 -p1 %patch454 -p1 -%patch455 -p1 %patch456 -p1 %patch457 -p1 %patch458 -p1 @@ -564,7 +561,7 @@ find %{buildroot} -ls for i in %{buildroot}/%{_fillupdir}/* do - mv -v $i ${i%/*}/sysconfig.${i##*/} + mv -v $i ${i%%/*}/sysconfig.${i##*/} done # @@ -602,7 +599,7 @@ : just started ;; cpu/[0-9]/availability|cpu/[0-9][0-9]/availability) - vcpu="${REPLY%/*}" + vcpu="${REPLY%%/*}" vcpu="${vcpu#*/}" sysfs="/sys/devices/system/cpu/cpu${vcpu}/online" if test -f "${sysfs}" @@ -649,9 +646,9 @@ _EOR_ # tee ${udev_rulesdir}/80-%{name}-channel-setup.rules <<'_EOF_' -SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", IMPORT{program}=="xen-channel-setup.sh $attr{nodename} %n" +SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", IMPORT{program}=="xen-channel-setup.sh $attr{nodename} %%n" -SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", ENV{XEN_CHANNEL_NAME}=="org.qemu.guest_agent.0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="qemu-ga@hvc%n.service" +SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", ENV{XEN_CHANNEL_NAME}=="org.qemu.guest_agent.0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="qemu-ga@hvc%%n.service" _EOF_ # dracut_moduledir=%{buildroot}/usr/lib/dracut/modules.d/50%{name}-tools-domU @@ -781,14 +778,14 @@ rm -fv xen/.config %if %{with xen_debug} echo CONFIG_DEBUG=y > xen/.config -echo "CONFIG_DOM0_MEM=\"1G+10%,max:64G\"" >> xen/.config +echo
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-09-05 23:56:59 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3399 (New) Package is "xen" Sat Sep 5 23:56:59 2020 rev:289 rq:831266 version:4.14.0_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-08-06 17:31:49.581090252 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3399/xen.changes2020-09-05 23:57:08.383095719 +0200 @@ -1,0 +2,6 @@ +Tue Sep 1 12:28:43 UTC 2020 - Guillaume GARDET + +- Fix build on aarch64 with gcc10 +- Package xenhypfs for aarch64 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.3kYUaA/_old 2020-09-05 23:57:11.275097167 +0200 +++ /var/tmp/diff_new_pack.3kYUaA/_new 2020-09-05 23:57:11.283097171 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild @@ -479,6 +479,10 @@ export WGET=$(type -P false) export FTP=$(type -P false) export GIT=$(type -P false) +%ifarch aarch64 +# GCC10+ enables outline-atomics option by default and breaks the build, so disable it +export CFLAGS="%{optflags} -mno-outline-atomics" +%endif export EXTRA_CFLAGS_XEN_TOOLS="%{optflags}" export EXTRA_CFLAGS_QEMU_TRADITIONAL="%{optflags}" export SMBIOS_REL_DATE="$SMBIOS_REL_DATE" @@ -1032,8 +1036,8 @@ /usr/sbin/xen-hvmctx /usr/sbin/xen-lowmemd /usr/sbin/xen-kdd -/usr/sbin/xenhypfs %endif +/usr/sbin/xenhypfs /usr/sbin/xen-list /usr/sbin/xen-destroy /usr/sbin/xen-livepatch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-08-06 17:31:00 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3399 (New) Package is "xen" Thu Aug 6 17:31:00 2020 rev:288 rq:824549 version:4.14.0_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-07-14 07:44:35.838938763 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3399/xen.changes2020-08-06 17:31:49.581090252 +0200 @@ -1,0 +2,70 @@ +Wed Aug 5 19:30:23 UTC 2020 - Callum Farmer + +- Correct license name + * GPL-3.0+ is now GPL-3.0-or-later + +--- +Mon Aug 3 06:26:08 MDT 2020 - carn...@suse.com + +- Upstream bug fixes (bsc#1027519) + 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch + 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch + +--- +Fri Jul 24 16:27:29 MDT 2020 - carn...@suse.com + +- Update to Xen 4.14.0 FCS release + xen-4.14.0-testing-src.tar.bz2 + * Linux stubdomains (contributed by QUBES OS) + * Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix) + * Lightweight VM fork for fuzzing / introspection. (contributed by Intel) + * Livepatch: buildid and hotpatch stack requirements + * CONFIG_PV32 + * Hypervisor FS support + * Running Xen as a Hyper-V Guest + * Domain ID randomization, persistence across save / restore + * Golang binding autogeneration + * KDD support for Windows 7, 8.x and 10 +- Dropped patches contained in new tarball + 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch + 5eb51caa-sched-vcpu-pause-flags-atomic.patch + 5ec2a760-x86-determine-MXCSR-mask-always.patch + 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch + 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch + 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch + 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch + 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch + 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch + 5ed69804-x86-ucode-fix-start-end-update.patch + 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch + 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch + 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch + 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch + 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch + xsa317.patch + xsa319.patch + xsa321-1.patch + xsa321-2.patch + xsa321-3.patch + xsa321-4.patch + xsa321-5.patch + xsa321-6.patch + xsa321-7.patch + xsa328-1.patch + xsa328-2.patch + +--- +Thu Jul 23 11:12:58 MDT 2020 - carn...@suse.com + +- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to + attach on next reboot while it should be live attached + ignore-ip-command-script-errors.patch + +--- +Fri Jul 17 14:14:14 UTC 2020 - oher...@suse.de + +- Enhance libxc.migrate_tracking.patch + After transfer of domU memory, the target host has to assemble + the backend devices. Track the time prior xc_domain_unpause. + +--- Old: 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch xen-4.13.1-testing-src.tar.bz2 xsa317.patch xsa319.patch xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch xsa328-1.patch xsa328-2.patch New: 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch ignore-ip-command-script-errors.patch xen-4.14.0-testing-src.tar.bz2 Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.nerjUn/_old 2020-08-06 17:31:53.541091180 +0200 +++ /var/tmp/diff_new_pack.nerjUn/_new 2020-08-06 17:31:53.545091181 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-07-14 07:44:00 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3060 (New) Package is "xen" Tue Jul 14 07:44:00 2020 rev:287 rq:820049 version:4.13.1_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-06-11 14:47:29.105868961 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3060/xen.changes2020-07-14 07:44:35.838938763 +0200 @@ -1,0 +2,49 @@ +Tue Jun 30 18:03:40 UTC 2020 - oher...@suse.de + +- Add libxc.migrate_tracking.patch to track live migrations + unconditionally in logfiles, especially in libvirt. + This will track how long a domU was suspended during transit. + +--- +Mon Jun 29 11:28:27 MDT 2020 - carn...@suse.com + +- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect + error handling in event channel port allocation + xsa317.patch +- bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code + paths in x86 dirty VRAM tracking + xsa319.patch +- bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient + cache write- back under VT-d + xsa321-1.patch + xsa321-2.patch + xsa321-3.patch + xsa321-4.patch + xsa321-5.patch + xsa321-6.patch + xsa321-7.patch +- bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic + modification of live EPT PTE + xsa328-1.patch + xsa328-2.patch + +--- +Mon Jun 22 11:24:48 MDT 2020 - carn...@suse.com + +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch + 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) + 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) +- Upstream bug fixes (bsc#1027519) + 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch + 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch + 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch + 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch + 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch + 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch + 5ed69804-x86-ucode-fix-start-end-update.patch + 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch + 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch + +--- @@ -114,0 +164,7 @@ + +--- +Wed Mar 25 18:18:18 UTC 2020 - oher...@suse.de + +- bsc#1167608 - unbound limit for max_event_channels + domUs with many vcpus and/or resources fail to start + libxl.max_event_channels.patch Old: xsa320-1.patch xsa320-2.patch New: 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch libxc.migrate_tracking.patch libxl.max_event_channels.patch xsa317.patch xsa319.patch xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch xsa328-1.patch xsa328-2.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Lgx3u0/_old 2020-07-14 07:44:54.186997996 +0200 +++ /var/tmp/diff_new_pack.Lgx3u0/_new 2020-07-14 07:44:54.190998010 +0200 @@ -123,7 +123,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.1_02 +Version:4.13.1_04 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -165,8 +165,29 @@ Patch1: 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch Patch2: 5eb51caa-sched-vcpu-pause-flags-atomic.patch Patch3: 5ec2a760-x86-determine-MXCSR-mask-always.patch -Patch100: xsa320-1.patch -Patch101: xsa320-2.patch +Patch4: 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch +Patch5: 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch +Patch6: 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch +Patch7:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-06-11 14:46:57 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3606 (New) Package is "xen" Thu Jun 11 14:46:57 2020 rev:286 rq:813013 version:4.13.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-06-04 17:50:50.619962048 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3606/xen.changes2020-06-11 14:47:29.105868961 +0200 @@ -1,0 +2,13 @@ +Fri Jun 5 16:42:16 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec + +--- +Thu May 28 08:35:20 MDT 2020 - carn...@suse.com + +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + xsa320-1.patch + xsa320-2.patch + +--- New: xsa320-1.patch xsa320-2.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.oYKmv6/_old 2020-06-11 14:47:32.241878097 +0200 +++ /var/tmp/diff_new_pack.oYKmv6/_new 2020-06-11 14:47:32.245878109 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild @@ -165,6 +165,8 @@ Patch1: 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch Patch2: 5eb51caa-sched-vcpu-pause-flags-atomic.patch Patch3: 5ec2a760-x86-determine-MXCSR-mask-always.patch +Patch100: xsa320-1.patch +Patch101: xsa320-2.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -299,7 +301,7 @@ %ifarch x86_64 %package tools-xendomains-wait-disk Summary:Adds a new xendomains-wait-disks.service -License:GPL-3.0+ +License:GPL-3.0-or-later Group: System/Kernel Requires: %{name}-tools = %{version}-%{release} Requires: coreutils @@ -393,6 +395,8 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch100 -p1 +%patch101 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -794,12 +798,12 @@ # /usr/bin/qemu-system-i386 # Using qemu-system-x86_64 will result in an incompatible VM %ifarch x86_64 -cat > %{buildroot}/usr/lib/xen/bin/qemu-system-i386 << 'EOF' +cat > %{buildroot}%{_libexecdir}/xen/bin/qemu-system-i386 << 'EOF' #!/bin/sh exec %{_bindir}/qemu-system-i386 "$@" EOF -chmod 0755 %{buildroot}/usr/lib/xen/bin/qemu-system-i386 +chmod 0755 %{buildroot}%{_libexecdir}/xen/bin/qemu-system-i386 # unit='%{_libexecdir}/%{name}/bin/xendomains-wait-disks' mkdir -vp '%{buildroot}%{_libexecdir}/%{name}/bin' @@ -943,7 +947,7 @@ # 32 bit hypervisor no longer supported. Remove dom0 tools. rm -rf %{buildroot}/%{_datadir}/doc rm -rf %{buildroot}/%{_datadir}/man -rm -rf %{buildroot}/%{_libdir}/xen +rm -rf %{buildroot}/%{_libexecdir}/xen rm -rf %{buildroot}/%{_libdir}/python* rm -rf %{buildroot}/%{_libdir}/ocaml* rm -rf %{buildroot}/%{_unitdir} ++ xsa320-1.patch ++ x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Wei Liu --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -483,10 +483,10 @@ accounting for hardware capabilities as Currently accepted: -The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, -`l1d-flush` and `ssbd` are used by default if available and applicable. They can -be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and -won't offer them to guests. +The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, +`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +use them itself, and won't offer them to guests. ### cpuid_mask_cpu > `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b` --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -213,6 +213,7 @@ int libxl_cpuid_parse_config(libxl_cpuid {"avx512-4vnniw",0x0007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x0007, 0, CPUID_REG_EDX, 3, 1}, +{"srbds-ctrl", 0x0007, 0, CPUID_REG_EDX, 9, 1}, {"md-clear", 0x0007, 0, CPUID_REG_EDX, 10, 1}, {"cet-ibt", 0x0007, 0, CPUID_REG_EDX, 20, 1}, {"ibrsb",
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-06-04 17:50:22 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3606 (New) Package is "xen" Thu Jun 4 17:50:22 2020 rev:285 rq:808027 version:4.13.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-05-14 23:23:55.080866217 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3606/xen.changes2020-06-04 17:50:50.619962048 +0200 @@ -1,0 +2,52 @@ +Mon May 18 10:55:26 MDT 2020 - carn...@suse.com + +- Update to Xen 4.13.1 bug fix release (bsc#1027519) + xen-4.13.1-testing-src.tar.bz2 + 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch + 5eb51caa-sched-vcpu-pause-flags-atomic.patch + 5ec2a760-x86-determine-MXCSR-mask-always.patch +- Drop patches contained in new tarball + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch + +--- +Wed May 13 21:07:29 UTC 2020 - James Fehlig + +- spec: Remove invocation of autogen.sh +- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares + +--- Old: 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-05-14 23:23:50 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2738 (New) Package is "xen" Thu May 14 23:23:50 2020 rev:284 rq:805360 version:4.13.0_12 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-04-18 00:27:37.169703076 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.2738/xen.changes2020-05-14 23:23:55.080866217 +0200 @@ -1,0 +2,6 @@ +Wed May 13 09:56:49 MDT 2020 - carn...@suse.com + +- bsc#1170968 - GCC 10: xen build fails on i586 + gcc10-fixes.patch + +--- Other differences: -- ++ gcc10-fixes.patch ++ --- /var/tmp/diff_new_pack.ZIEYgB/_old 2020-05-14 23:23:56.752869866 +0200 +++ /var/tmp/diff_new_pack.ZIEYgB/_new 2020-05-14 23:23:56.756869874 +0200 @@ -73,6 +73,15 @@ specified bound 108 equals destination size [-Werror=stringop-truncation] +xenpmd.c: In function 'get_next_battery_file': +xenpmd.c:92:37: error: '%s' directive output may be truncated writing between 4 and 2147483645 bytes into a region of size 271 [-Werror=format-truncation=] + 92 | #define BATTERY_STATE_FILE_PATH "/tmp/battery/%s/state" + | ^~~ +xenpmd.c:117:52: note: in expansion of macro 'BATTERY_STATE_FILE_PATH' + 117 | snprintf(file_name, sizeof(file_name), BATTERY_STATE_FILE_PATH, + | ^~~ + + Index: xen-4.13.0-testing/tools/libxl/libxlu_pci.c === --- xen-4.13.0-testing.orig/tools/libxl/libxlu_pci.c @@ -107,7 +116,7 @@ +++ xen-4.13.0-testing/stubdom/polarssl.patch @@ -62,3 +62,25 @@ diff -Naur polarssl-1.1.4/library/bignum t_udbl r; - + r = (t_udbl) X.p[i] << biL; +--- polarssl-1.1.4/library/ssl_tls.c.orig 2012-05-30 01:39:36.0 -0600 polarssl-1.1.4/library/ssl_tls.c 2020-03-10 10:17:26.270755351 -0600 @@ -177,3 +186,17 @@ int libxl__prepare_sockaddr_un(libxl__gc *gc, struct sockaddr_un *un, const char *path, const char *what) +Index: xen-4.13.0-testing/tools/xenpmd/xenpmd.c +=== +--- xen-4.13.0-testing.orig/tools/xenpmd/xenpmd.c xen-4.13.0-testing/tools/xenpmd/xenpmd.c +@@ -86,6 +86,9 @@ struct battery_status { + + static struct xs_handle *xs; + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++#endif + #ifdef RUN_IN_SIMULATE_MODE + #define BATTERY_DIR_PATH "/tmp/battery" + #define BATTERY_INFO_FILE_PATH "/tmp/battery/%s/info"
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-04-18 00:27:30 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2738 (New) Package is "xen" Sat Apr 18 00:27:30 2020 rev:283 rq:794376 version:4.13.0_12 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-03-27 21:55:41.818736895 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.2738/xen.changes2020-04-18 00:27:37.169703076 +0200 @@ -1,0 +2,44 @@ +Tue Apr 14 11:06:08 MDT 2020 - carn...@suse.com + +- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation + handling in GNTTABOP_copy (XSA-318) + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch + +--- +Mon Apr 6 12:01:45 MDT 2020 - carn...@suse.com + +- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 + multiple xenoprof issues + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch +- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing + memory barriers in read-write unlock paths + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch +- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error + path in GNTTABOP_map_grant + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch +- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core + analyzed + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch +- Drop for upstream solution (bsc#1165206) + 01-xen-credit2-avoid-vcpus-to.patch + default-to-credit1-scheduler.patch +- Upstream bug fixes (bsc#1027519) + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + +--- Old: 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch New: 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.CM6yhr/_old 2020-04-18 00:27:40.393709753 +0200 +++ /var/tmp/diff_new_pack.CM6yhr/_new 2020-04-18 00:27:40.397709761 +0200 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_11 +Version:4.13.0_12 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -183,6 +183,25 @@ Patch15:5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch Patch16:5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch Patch17: 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch +Patch18:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-03-27 21:55:25 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3160 (New) Package is "xen" Fri Mar 27 21:55:25 2020 rev:282 rq:788324 version:4.13.0_11 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-03-14 09:53:56.467048508 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.3160/xen.changes2020-03-27 21:55:41.818736895 +0100 @@ -1,0 +2,14 @@ +Wed Mar 18 17:00:34 UTC 2020 - oher...@suse.de + +- bsc#1161480 - Fix xl shutdown for HVM without PV drivers + add libxl.libxl__domain_pvcontrol.patch + +--- +Thu Mar 12 07:57:53 MDT 2020 - carn...@suse.com + +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + 01-xen-credit2-avoid-vcpus-to.patch + +--- New: 01-xen-credit2-avoid-vcpus-to.patch libxl.libxl__domain_pvcontrol.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Dy0zfP/_old 2020-03-27 21:55:44.522738468 +0100 +++ /var/tmp/diff_new_pack.Dy0zfP/_new 2020-03-27 21:55:44.534738475 +0100 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_10 +Version:4.13.0_11 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -200,6 +200,7 @@ Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch Patch424: gcc10-fixes.patch +Patch425: 01-xen-credit2-avoid-vcpus-to.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch @@ -216,6 +217,7 @@ Patch465: xen.libxl.dmmd.patch Patch466: libxl.set-migration-constraints-from-cmdline.patch Patch467: xenstore-run-in-studomain.patch +Patch468: libxl.libxl__domain_pvcontrol.patch Patch469: libxl.helper_done-crash.patch Patch470: libxl.LIBXL_HOTPLUG_TIMEOUT.patch # python3 conversion patches @@ -443,6 +445,7 @@ %patch422 -p1 %patch423 -p1 %patch424 -p1 +%patch425 -p1 # Other bug fixes or features %patch451 -p1 %patch452 -p1 @@ -459,6 +462,7 @@ %patch465 -p1 %patch466 -p1 %patch467 -p1 +%patch468 -p1 %patch469 -p1 %patch470 -p1 # python3 conversion patches ++ 01-xen-credit2-avoid-vcpus-to.patch ++ commit 149b5880db78648318b23623c93c6e4f91ad1e87 Author: Dario Faggioli Date: Wed Mar 11 19:13:59 2020 +0100 xen: credit2: avoid vCPUs to ever reach lower credits than idle There have been report of stalls of guest vCPUs, when Credit2 was used. It seemed like these vCPUs were not getting scheduled for very long time, even under light load conditions (e.g., during dom0 boot). Investigations led to the discovery that --although rarely-- it can happen that a vCPU manages to run for very long timeslices. In Credit2, this means that, when runtime accounting happens, the vCPU will lose a large quantity of credits. This in turn may lead to the vCPU having less credits than the idle vCPUs (-2^30). At this point, the scheduler will pick the idle vCPU, instead of the ready to run vCPU, for a few "epochs", which often times is enough for the guest kernel to think the vCPU is not responding and crashing. An example of this situation is shown here. In fact, we can see d0v1 sitting in the runqueue while all the CPUs are idle, as it has -1254238270 credits, which is smaller than -2^30 = −1073741824: (XEN) Runqueue 0: (XEN) ncpus = 28 (XEN) cpus = 0-27 (XEN) max_weight = 256 (XEN) pick_bias = 22 (XEN) instload = 1 (XEN) aveload= 293391 (~111%) (XEN) idlers: 00,,,,,,0fff (XEN) tickled: 00,,,,,, (XEN) fully idle cores: 00,,,,,,0fff [...] (XEN) Runqueue 0: (XEN) CPU[00] runq=0, sibling=00,..., core=00,... (XEN) CPU[01] runq=0, sibling=00,..., core=00,... [...] (XEN) CPU[26] runq=0, sibling=00,..., core=00,... (XEN) CPU[27] runq=0, sibling=00,..., core=00,... (XEN) RUNQ: (XEN) 0: [0.1] flags=0 cpu=5 credit=-1254238270 [w=256] load=262144 (~100%) We certainly don't want, under
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-03-14 09:53:55 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3160 (New) Package is "xen" Sat Mar 14 09:53:55 2020 rev:281 rq:783535 version:4.13.0_10 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-02-25 16:03:08.124206851 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.3160/xen.changes2020-03-14 09:53:56.467048508 +0100 @@ -1,0 +2,14 @@ +Tue Mar 10 07:41:34 MDT 2020 - carn...@suse.com + +- bsc#1158414 - GCC 10: xen build fails + gcc10-fixes.patch + +--- +Wed Mar 4 13:28:17 MST 2020 - carn...@suse.com + +- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog + bug soft lockup CPU #0 stuck under high load / upstream with + workaround. See also bsc#1134506 + default-to-credit1-scheduler.patch + +--- New: default-to-credit1-scheduler.patch gcc10-fixes.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.0qadtc/_old 2020-03-14 09:53:58.475049982 +0100 +++ /var/tmp/diff_new_pack.0qadtc/_new 2020-03-14 09:53:58.479049985 +0100 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_08 +Version:4.13.0_10 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -194,10 +194,12 @@ Patch407: replace-obsolete-network-configuration-commands-in-s.patch Patch408: disable-building-pv-shim.patch Patch409: xenstore-launch.patch +Patch410: default-to-credit1-scheduler.patch # Needs to go upstream Patch420: suspend_evtchn_lock.patch Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch +Patch424: gcc10-fixes.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch @@ -435,10 +437,12 @@ %patch407 -p1 %patch408 -p1 %patch409 -p1 +%patch410 -p1 # Needs to go upstream %patch420 -p1 %patch422 -p1 %patch423 -p1 +%patch424 -p1 # Other bug fixes or features %patch451 -p1 %patch452 -p1 ++ default-to-credit1-scheduler.patch ++ References: bsc#1165206, bsc#1134506 Switch the default scheduler back to the original credit scheduler. This action reverses the commit referenced below. From: George Dunlap george.dun...@citrix.com Mon Oct 29 14:51:51 2018 + Subject: Make credit2 the default scheduler Date: Mon Oct 29 14:58:34 2018 +: Git: dafd936dddbd7978d4131275ad1112f64457bf64 --- xen-4.13.0-testing.orig/xen/common/Kconfig +++ xen-4.13.0-testing/xen/common/Kconfig @@ -319,7 +319,7 @@ config SCHED_NULL choice prompt "Default Scheduler?" - default SCHED_CREDIT2_DEFAULT + default SCHED_CREDIT_DEFAULT config SCHED_CREDIT_DEFAULT bool "Credit Scheduler" if SCHED_CREDIT @@ -340,7 +340,7 @@ config SCHED_DEFAULT default "rtds" if SCHED_RTDS_DEFAULT default "arinc653" if SCHED_ARINC653_DEFAULT default "null" if SCHED_NULL_DEFAULT - default "credit2" + default "credit" endmenu ++ gcc10-fixes.patch ++ References: bsc#1158414 For libxlu_pci.c libxlu_pci.c: In function 'xlu_pci_parse_bdf': libxlu_pci.c:32:18: error: 'func' may be used uninitialized in this function [-Werror=maybe-uninitialized] 32 | pcidev->func = func; | ~^~ libxlu_pci.c:51:29: note: 'func' was declared here 51 | unsigned dom, bus, dev, func, vslot = 0; | ^~~~ libxlu_pci.c:31:17: error: 'dev' may be used uninitialized in this function [-Werror=maybe-uninitialized] 31 | pcidev->dev = dev; | ^ libxlu_pci.c:51:24: note: 'dev' was declared here 51 | unsigned dom, bus, dev, func, vslot = 0; |^~~ libxlu_pci.c:30:17: error: 'bus' may be used uninitialized in this function [-Werror=maybe-uninitialized] 30 | pcidev->bus = bus; | ^ libxlu_pci.c:51:19: note: 'bus' was declared here 51 | unsigned dom, bus, dev, func, vslot = 0; | ^~~ libxlu_pci.c:29:20: error: 'dom' may be used uninitialized in this function [-Werror=maybe-uninitialized] 29 | pcidev->domain = domain; | ~~~^~~~ libxlu_pci.c:51:14: note: 'dom' was declared here 51 | unsigned dom, bus, dev, func, vslot = 0; | ^~~ For kdd.c kdd.c: In function 'kdd_tx': kdd.c:408:30: error: array subscript 65534 is
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-02-25 16:01:56 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.26092 (New) Package is "xen" Tue Feb 25 16:01:56 2020 rev:280 rq:47 version:4.13.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-02-03 11:11:48.981799384 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.26092/xen.changes 2020-02-25 16:03:08.124206851 +0100 @@ -1,0 +2,48 @@ +Thu Feb 20 08:18:37 MST 2020 - carn...@suse.com + +- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate + past the ERET instruction + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch +- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch + hardening + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch +- Upstream bug fixes (bsc#1027519) + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + +--- +Tue Feb 18 18:18:18 UTC 2020 - oher...@suse.de + +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + This must be done in qemu to preserve PCI layout + remove libxl.lock-qemu-machine-for-hvm.patch + +--- +Fri Feb 7 12:37:35 UTC 2020 - oher...@suse.de + +- jsc#SLE-10183 - script to calculate cpuid= mask + add helper script from https://github.com/twizted/xen_maskcalc + domUs may be migrated between different cpus from the same vendor + if their visible cpuid value has incompatible feature bits masked. + +--- +Wed Feb 5 15:16:06 UTC 2020 - oher...@suse.de + +- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains + add helper script and systemd service from + https://github.com/luizluca/xen-tools-xendomains-wait-disk + in new sub package xen-tools-xendomains-wait-disk + See included README for usage instructions + xendomains-wait-disks.LICENSE + xendomains-wait-disks.README.md + xendomains-wait-disks.sh + +--- Old: libxl.lock-qemu-machine-for-hvm.patch New: 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch xen_maskcalc.py xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.5nXBtx/_old 2020-02-25 16:03:19.156228943 +0100 +++ /var/tmp/diff_new_pack.5nXBtx/_new 2020-02-25 16:03:19.160228951 +0100 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_06 +Version:4.13.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -159,6 +159,10 @@ Source41: xencommons.service Source42: xen-dom0-modules.service Source57: xen-utils-0.1.tar.bz2 +Source10172:xendomains-wait-disks.sh +Source10173:xendomains-wait-disks.LICENSE +Source10174:xendomains-wait-disks.README.md +Source10183:xen_maskcalc.py # For xen-libs Source99: baselibs.conf # Upstream patches @@ -167,6 +171,18 @@ Patch3: 5e15e03d-sched-fix-S3-resume-with-smt=0.patch Patch4: 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch Patch5: 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch +Patch6: 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch +Patch7:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-02-03 11:11:34 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.26092 (New) Package is "xen" Mon Feb 3 11:11:34 2020 rev:279 rq:768357 version:4.13.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2020-01-11 14:37:37.893127614 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.26092/xen.changes 2020-02-03 11:11:48.981799384 +0100 @@ -1,0 +2,19 @@ +Tue Jan 28 14:10:38 UTC 2020 - oher...@suse.de + +- bsc#1159755 - use fixed qemu-3.1 machine type for HVM + qemu4 introduced incompatible changes in pc-i440fx, which revealed + a design bug in 'xenfv'. Live migration from domUs started with + qemu versions prior qemu4 can not be received with qemu4+. + libxl.lock-qemu-machine-for-hvm.patch + +--- +Tue Jan 14 09:19:31 MST 2020 - carn...@suse.com + +- Upstream bug fixes (bsc#1027519) + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + +--- New: 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch libxl.lock-qemu-machine-for-hvm.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.4sL3EX/_old 2020-02-03 11:11:52.393801108 +0100 +++ /var/tmp/diff_new_pack.4sL3EX/_new 2020-02-03 11:11:52.393801108 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # needssslcertforbuild @@ -108,8 +108,8 @@ BuildRequires: acpica BuildRequires: openssl-devel BuildRequires: python3-devel -BuildRequires: pkgconfig(systemd) BuildRequires: xz-devel +BuildRequires: pkgconfig(systemd) %ifarch x86_64 BuildRequires: gcc-32bit BuildRequires: gcc-c++ @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_04 +Version:4.13.0_06 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -162,6 +162,11 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 5de65f84-gnttab-map-always-do-IOMMU-part.patch +Patch2: 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch +Patch3: 5e15e03d-sched-fix-S3-resume-with-smt=0.patch +Patch4: 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch +Patch5: 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -193,6 +198,7 @@ Patch465: xen.libxl.dmmd.patch Patch466: libxl.set-migration-constraints-from-cmdline.patch Patch467: xenstore-run-in-studomain.patch +Patch468: libxl.lock-qemu-machine-for-hvm.patch Patch469: libxl.helper_done-crash.patch Patch470: libxl.LIBXL_HOTPLUG_TIMEOUT.patch # python3 conversion patches @@ -356,6 +362,11 @@ %prep %setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57 # Upstream patches +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -387,6 +398,7 @@ %patch465 -p1 %patch466 -p1 %patch467 -p1 +%patch468 -p1 %patch469 -p1 %patch470 -p1 # python3 conversion patches ++ 5de65f84-gnttab-map-always-do-IOMMU-part.patch ++ # Commit 921f1f42260c7967bf18f8a143d39511d163c421 # Date 2019-12-03 14:13:40 +0100 # Author Jan Beulich # Committer Jan Beulich gnttab: make sure grant map operations don't skip their IOMMU part Two almost simultaneous mapping requests need to make sure that at the completion of the earlier one IOMMU mappings (established explicitly here in the PV case) have been put in place. Forever since the splitting of the grant table lock a violation of
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2020-01-11 14:37:34 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.6675 (New) Package is "xen" Sat Jan 11 14:37:34 2020 rev:278 rq:761890 version:4.13.0_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-12-23 22:39:04.157862620 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.6675/xen.changes2020-01-11 14:37:37.893127614 +0100 @@ -1,0 +2,6 @@ +Wed Jan 8 11:43:04 UTC 2020 - Dominique Leuenberger + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.tdgm1p/_old 2020-01-11 14:37:39.897128407 +0100 +++ /var/tmp/diff_new_pack.tdgm1p/_new 2020-01-11 14:37:39.897128407 +0100 @@ -60,7 +60,7 @@ %define with_gcc48 0 %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services %systemd_requires -BuildRequires: systemd-devel +BuildRequires: pkgconfig(libsystemd) %define with_systemd_modules_load %{_prefix}/lib/modules-load.d PreReq: %fillup_prereq %ifarch %arm aarch64 @@ -108,7 +108,7 @@ BuildRequires: acpica BuildRequires: openssl-devel BuildRequires: python3-devel -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) BuildRequires: xz-devel %ifarch x86_64 BuildRequires: gcc-32bit
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-12-23 22:36:33 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.6675 (New) Package is "xen" Mon Dec 23 22:36:33 2019 rev:277 rq:758031 version:4.13.0_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-12-02 11:35:37.590436934 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.6675/xen.changes2019-12-23 22:39:04.157862620 +0100 @@ -1,0 +2,27 @@ +Wed Dec 18 10:16:52 MST 2019 - carn...@suse.com + +- bsc#1159320 - Xen logrotate file needs updated + logrotate.conf + +--- +Wed Dec 18 08:21:17 MST 2019 - carn...@suse.com + +- Update to Xen 4.13.0 FCS release + xen-4.13.0-testing-src.tar.bz2 + * Core Scheduling (contributed by SUSE) + * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) + * Late uCode loading (contributed by Intel) + * Improved live-patching build tools (contributed by AWS) + * OP-TEE support (contributed by EPAM) + * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) + * Dom0-less passthrough and ImageBuilder (contributed by XILINX) + * Support for new Hardware + +--- +Tue Dec 3 08:57:29 MST 2019 - carn...@suse.com + +- Update to Xen 4.13.0 RC4 release + xen-4.13.0-testing-src.tar.bz2 +- Rebase libxl.pvscsi.patch + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.S1ZI7N/_old 2019-12-23 22:39:06.805863769 +0100 +++ /var/tmp/diff_new_pack.S1ZI7N/_new 2019-12-23 22:39:06.809863770 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_03 +Version:4.13.0_04 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only ++ build-python3-conversion.patch ++ --- /var/tmp/diff_new_pack.S1ZI7N/_old 2019-12-23 22:39:06.937863826 +0100 +++ /var/tmp/diff_new_pack.S1ZI7N/_new 2019-12-23 22:39:06.941863828 +0100 @@ -19,12 +19,12 @@ fi;; esac if test -z "$PYTHON"; then : -- PYTHON="python" -+ PYTHON="python3" - fi - if echo "$PYTHON" | grep -q "^/"; then : - -@@ -6981,15 +6981,15 @@ if test x"${PYTHONPATH}" = x"no" +- for ac_prog in python python3 python2 ++ for ac_prog in python3 python python2 + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +@@ -7065,15 +7065,15 @@ if test x"${PYTHONPATH}" = x"no" then as_fn_error $? "Unable to find $PYTHON, please install $PYTHON" "$LINENO" 5 fi @@ -368,13 +368,14 @@ === --- xen-4.13.0-testing.orig/tools/configure.ac +++ xen-4.13.0-testing/tools/configure.ac -@@ -337,13 +337,13 @@ case "$host_os" in +@@ -337,14 +337,14 @@ case "$host_os" in freebsd*) ;; *) AX_PATH_PROG_OR_FAIL([BASH], [bash]);; esac --AS_IF([test -z "$PYTHON"], [PYTHON="python"]) -+AS_IF([test -z "$PYTHON"], [PYTHON="python3"]) - AS_IF([echo "$PYTHON" | grep -q "^/"], [], [PYTHON=`type -p "$PYTHON"`]) +-AS_IF([test -z "$PYTHON"], [AC_CHECK_PROGS([PYTHON], [python python3 python2], err)]) ++AS_IF([test -z "$PYTHON"], [AC_CHECK_PROGS([PYTHON], [python3 python python2], err)]) + AS_IF([test "$PYTHON" = "err"], [AC_MSG_ERROR([No python interpreter found])]) + AS_IF([echo "$PYTHON" | grep -q "^/"], [], [AC_PATH_PROG([PYTHON], [$PYTHON])]) PYTHONPATH=$PYTHON PYTHON=`basename $PYTHONPATH` @@ -535,16 +536,6 @@ import re,sys -Index: xen-4.13.0-testing/xen/xsm/flask/gen-policy.py -=== xen-4.13.0-testing.orig/xen/xsm/flask/gen-policy.py -+++ xen-4.13.0-testing/xen/xsm/flask/gen-policy.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/python3 - import sys - - policy_size = 0 Index: xen-4.13.0-testing/xen/tools/fig-to-oct.py === --- xen-4.13.0-testing.orig/xen/tools/fig-to-oct.py ++ libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch ++ --- /var/tmp/diff_new_pack.S1ZI7N/_old 2019-12-23 22:39:06.989863849 +0100 +++ /var/tmp/diff_new_pack.S1ZI7N/_new 2019-12-23 22:39:06.989863849 +0100 @@ -48,7
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-12-02 11:31:12 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.4691 (New) Package is "xen" Mon Dec 2 11:31:12 2019 rev:276 rq:751119 version:4.13.0_03 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-11-18 20:02:39.185825992 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.4691/xen.changes2019-12-02 11:35:37.590436934 +0100 @@ -1,0 +2,7 @@ +Mon Nov 25 10:49:13 MST 2019 - carn...@suse.com + +- Update to Xen 4.13.0 RC3 release + xen-4.13.0-testing-src.tar.bz2 +- Drop python38-build.patch + +--- Old: python38-build.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.nQxnA1/_old 2019-12-02 11:35:40.278435602 +0100 +++ /var/tmp/diff_new_pack.nQxnA1/_new 2019-12-02 11:35:40.278435602 +0100 @@ -24,7 +24,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define changeset 40113 +%define changeset 40162 %define xen_build_dir xen-4.13.0-testing # %define with_gdbsx 0 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_02 +Version:4.13.0_03 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -207,7 +207,6 @@ Patch623: ipxe-no-error-logical-not-parentheses.patch Patch624: ipxe-use-rpm-opt-flags.patch # Build patches -Patch5: python38-build.patch Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch Patch9: reproducible.patch @@ -402,7 +401,6 @@ %patch623 -p1 %patch624 -p1 # Build patches -%patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 ++ build-python3-conversion.patch ++ --- /var/tmp/diff_new_pack.nQxnA1/_old 2019-12-02 11:35:40.394435545 +0100 +++ /var/tmp/diff_new_pack.nQxnA1/_new 2019-12-02 11:35:40.398435543 +0100 @@ -487,7 +487,7 @@ state.common_1d = featureset_to_uint32s(common_1d, 1)[0] state.special = featureset_to_uint32s(state.raw_special, nr_entries) state.pv = featureset_to_uint32s(state.raw_pv, nr_entries) -@@ -316,11 +316,11 @@ def crunch_numbers(state): +@@ -317,11 +317,11 @@ def crunch_numbers(state): state.deep_deps[feat] = seen[1:] @@ -502,7 +502,7 @@ except AttributeError: _tmp = state.deep_deps.items() -@@ -328,10 +328,10 @@ def crunch_numbers(state): +@@ -329,10 +329,10 @@ def crunch_numbers(state): state.deep_deps[k] = featureset_to_uint32s(v, nr_entries) # Calculate the bitfield name declarations ++ libxl.LIBXL_HOTPLUG_TIMEOUT.patch ++ --- /var/tmp/diff_new_pack.nQxnA1/_old 2019-12-02 11:35:40.446435519 +0100 +++ /var/tmp/diff_new_pack.nQxnA1/_new 2019-12-02 11:35:40.450435517 +0100 @@ -290,7 +290,7 @@ #include #include -@@ -1507,6 +1508,7 @@ struct libxl__xswait_state { +@@ -1593,6 +1594,7 @@ struct libxl__xswait_state { const char *what; /* for error msgs: noun phrase, what we're waiting for */ const char *path; int timeout_ms; /* as for poll(2) */ @@ -298,7 +298,7 @@ libxl__xswait_callback *callback; /* remaining fields are private to xswait */ libxl__ev_time time_ev; -@@ -2565,6 +2567,7 @@ struct libxl__async_exec_state { +@@ -2652,6 +2654,7 @@ struct libxl__async_exec_state { char **args; /* execution arguments */ char **env; /* execution environment */ @@ -306,7 +306,7 @@ /* private */ libxl__ev_time time; libxl__ev_child child; -@@ -4744,6 +4747,9 @@ _hidden int libxl__domain_pvcontrol(libx +@@ -4783,6 +4786,9 @@ _hidden int libxl__domain_pvcontrol(libx #endif ++ libxl.pvscsi.patch ++ --- /var/tmp/diff_new_pack.nQxnA1/_old 2019-12-02 11:35:40.462435511 +0100 +++ /var/tmp/diff_new_pack.nQxnA1/_new 2019-12-02 11:35:40.462435511 +0100 @@ -226,7 +226,7 @@ === --- xen-4.13.0-testing.orig/tools/libxl/libxl_internal.h +++ xen-4.13.0-testing/tools/libxl/libxl_internal.h -@@ -3849,6 +3849,7 @@ extern const libxl__device_type libxl__v +@@ -3936,6 +3936,7 @@ extern const libxl__device_type libxl__v extern const libxl__device_type libxl__disk_devtype; extern const libxl__device_type libxl__nic_devtype; extern const libxl__device_type libxl__vtpm_devtype; ++ libxl.set-migration-constraints-from-cmdline.patch ++ --- /var/tmp/diff_new_pack.nQxnA1/_old 2019-12-02 11:35:40.470435507 +0100 +++ /var/tmp/diff_new_pack.nQxnA1/_new 2019-12-02 11:35:40.474435505 +0100 @@ -395,7 +395,7 @@
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-11-18 20:02:37 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.26869 (New) Package is "xen" Mon Nov 18 20:02:37 2019 rev:275 rq:748496 version:4.13.0_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-11-03 11:18:25.348420050 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.26869/xen.changes 2019-11-18 20:02:39.185825992 +0100 @@ -1,0 +2,6 @@ +Tue Nov 12 08:09:27 MST 2019 - carn...@suse.com + +- Update to Xen 4.13.0 RC2 release + xen-4.13.0-testing-src.tar.bz2 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Nojayp/_old 2019-11-18 20:02:43.329823911 +0100 +++ /var/tmp/diff_new_pack.Nojayp/_new 2019-11-18 20:02:43.337823907 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # needssslcertforbuild @@ -24,7 +24,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 -%define changeset 40015 +%define changeset 40113 %define xen_build_dir xen-4.13.0-testing # %define with_gdbsx 0 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.13.0_01 +Version:4.13.0_02 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -207,8 +207,6 @@ Patch623: ipxe-no-error-logical-not-parentheses.patch Patch624: ipxe-use-rpm-opt-flags.patch # Build patches -# PATCH-FIX-UPSTREAM python38-build.patch mc...@suse.com -# Make package buildable with python3.8 Patch5: python38-build.patch Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch ++ libxl.LIBXL_HOTPLUG_TIMEOUT.patch ++ --- /var/tmp/diff_new_pack.Nojayp/_old 2019-11-18 20:02:43.573823789 +0100 +++ /var/tmp/diff_new_pack.Nojayp/_new 2019-11-18 20:02:43.573823789 +0100 @@ -89,7 +89,7 @@ === --- xen-4.13.0-testing.orig/tools/libxl/libxl_create.c +++ xen-4.13.0-testing/tools/libxl/libxl_create.c -@@ -1024,6 +1024,7 @@ static void initiate_domain_create(libxl +@@ -1116,6 +1116,7 @@ static void initiate_domain_create(libxl * build info around just to know if the domain has a device model or not. */ store_libxl_entry(gc, domid, _config->b_info); @@ -290,7 +290,7 @@ #include #include -@@ -1496,6 +1497,7 @@ struct libxl__xswait_state { +@@ -1507,6 +1508,7 @@ struct libxl__xswait_state { const char *what; /* for error msgs: noun phrase, what we're waiting for */ const char *path; int timeout_ms; /* as for poll(2) */ @@ -298,7 +298,7 @@ libxl__xswait_callback *callback; /* remaining fields are private to xswait */ libxl__ev_time time_ev; -@@ -2554,6 +2556,7 @@ struct libxl__async_exec_state { +@@ -2565,6 +2567,7 @@ struct libxl__async_exec_state { char **args; /* execution arguments */ char **env; /* execution environment */ @@ -306,7 +306,7 @@ /* private */ libxl__ev_time time; libxl__ev_child child; -@@ -4732,6 +4735,9 @@ _hidden int libxl__domain_pvcontrol(libx +@@ -4744,6 +4747,9 @@ _hidden int libxl__domain_pvcontrol(libx #endif ++ libxl.pvscsi.patch ++ --- /var/tmp/diff_new_pack.Nojayp/_old 2019-11-18 20:02:43.593823779 +0100 +++ /var/tmp/diff_new_pack.Nojayp/_new 2019-11-18 20:02:43.593823779 +0100 @@ -38,7 +38,7 @@ === --- xen-4.13.0-testing.orig/docs/man/xl.cfg.5.pod.in +++ xen-4.13.0-testing/docs/man/xl.cfg.5.pod.in -@@ -750,6 +750,62 @@ frontend to backend. It can be used as a +@@ -756,6 +756,62 @@ frontend to backend. It can be used as a For more information about the protocol, see https://xenbits.xenproject.org/docs/unstable/misc/pvcalls.html. @@ -154,7 +154,7 @@ === --- xen-4.13.0-testing.orig/tools/libxl/libxl.h +++ xen-4.13.0-testing/tools/libxl/libxl.h -@@ -1124,6 +1124,13 @@ void libxl_mac_copy(libxl_ctx *ctx, libx +@@ -1125,6 +1125,13 @@ void libxl_mac_copy(libxl_ctx *ctx, libx #define LIBXL_HAVE_PCITOPOLOGY 1 /* @@ -168,7 +168,7 @@ * LIBXL_HAVE_SOCKET_BITMAP * * If this is defined, then libxl_socket_bitmap_alloc and -@@ -2119,6 +2126,41 @@ int libxl_device_channel_getinfo(libxl_c +@@ -2141,6 +2148,41 @@ int
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-11-03 11:18:21 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2990 (New) Package is "xen" Sun Nov 3 11:18:21 2019 rev:274 rq:743878 version:4.13.0_01 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-10-22 15:41:54.485474805 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.2990/xen.changes2019-11-03 11:18:25.348420050 +0100 @@ -1,0 +2,6 @@ +Tue Oct 29 14:27:13 CET 2019 - Matej Cepl + +- Add python38-build.patch fixing build with Python 3.8 (add + --embed to python-config call) + +--- New: python38-build.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.h5lLDM/_old 2019-11-03 11:18:27.512422814 +0100 +++ /var/tmp/diff_new_pack.h5lLDM/_new 2019-11-03 11:18:27.512422814 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild @@ -207,6 +207,9 @@ Patch623: ipxe-no-error-logical-not-parentheses.patch Patch624: ipxe-use-rpm-opt-flags.patch # Build patches +# PATCH-FIX-UPSTREAM python38-build.patch mc...@suse.com +# Make package buildable with python3.8 +Patch5: python38-build.patch Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch Patch9: reproducible.patch @@ -401,6 +404,7 @@ %patch623 -p1 %patch624 -p1 # Build patches +%patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 ++ python38-build.patch ++ --- a/m4/python_devel.m4 +++ b/m4/python_devel.m4 @@ -24,7 +24,12 @@ AS_IF([test x"$pyconfig" = x"no"], [ dnl If python-config is found use it CPPFLAGS="$CFLAGS `$PYTHON-config --cflags`" LDFLAGS="$LDFLAGS `$PYTHON-config --ldflags`" -LIBS="$LIBS `$PYTHON-config --libs`" +if $PYTHON-config --libs --embed >/dev/null 2>&1 ; then +PYLIBS="$($PYTHON-config --libs --embed)" +else +PYLIBS="$($PYTHON-config --libs)" +fi +LIBS="$LIBS $PYLIBS" ]) AC_CHECK_HEADER([Python.h], [],
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-10-22 15:40:58 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2352 (New) Package is "xen" Tue Oct 22 15:40:58 2019 rev:273 rq:741160 version:4.13.0_01 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-10-14 14:53:06.774197611 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.2352/xen.changes2019-10-22 15:41:54.485474805 +0200 @@ -1,0 +2,76 @@ +Mon Oct 14 09:01:47 MDT 2019 - carn...@suse.com + +- Update to Xen 4.13.0 RC1 release + xen-4.13.0-testing-src.tar.bz2 +- Drop patches contained in new tarball or invalid + 5ca7660f-x86-entry-drop-unused-includes.patch + 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch + 5cab2ab7-x86-IOMMU-introduce-init-ops.patch + 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch + 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch + 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch + 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch + 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch + 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch + 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch + 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch + 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch + 5d358508-x86-IRQ-desc-affinity-represents-request.patch + 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch + 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch + 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch + 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch + 5d417813-AMD-IOMMU-bitfield-extended-features.patch + 5d417838-AMD-IOMMU-bitfield-control-reg.patch + 5d41785b-AMD-IOMMU-bitfield-IRTE.patch + 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch + 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch + 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch + 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch + 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch + 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch + 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch + 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch + 5d67ceaf-x86-properly-gate-PKU-clearing.patch + 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch + 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch + 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch + 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch + 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch + 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch + 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch + 5d80ea13-vpci-honor-read-only-devices.patch + 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch + 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch + 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch + 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch + 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch + 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch + 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch + blktap2-no-uninit.patch + libxl.prepare-environment-for-domcreate_stream_done.patch + pygrub-python3-conversion.patch + fix-xenpvnetboot.patch + +--- +Thu Oct 10 08:39:52 MDT 2019 - carn...@suse.com + +- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines + 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch + 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch + 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch + +--- @@ -81,0 +158 @@ +- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch @@ -145 +222,6 @@ - xen-tools.etc_pollution.patch + +--- +Thu Aug 1 13:10:39 MDT 2019 - carn...@suse.com + +- bsc#1143563 - Speculative mitigation facilities report wrong status + 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch @@ -198 +280,2 @@ -- bsc#1138294 -
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-10-14 14:53:06 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.2352 (New) Package is "xen" Mon Oct 14 14:53:06 2019 rev:272 rq:737541 version:4.12.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-10-05 16:19:18.641592606 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.2352/xen.changes2019-10-14 14:53:06.774197611 +0200 @@ -1,0 +2,7 @@ +Wed Oct 2 08:37:47 UTC 2019 - oher...@suse.de + +- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime + The included README has details about the impact of this change + libxl.LIBXL_HOTPLUG_TIMEOUT.patch + +--- New: libxl.LIBXL_HOTPLUG_TIMEOUT.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.qHle4R/_old 2019-10-14 14:53:09.898189463 +0200 +++ /var/tmp/diff_new_pack.qHle4R/_new 2019-10-14 14:53:09.902189453 +0200 @@ -249,6 +249,7 @@ Patch467: xenstore-run-in-studomain.patch Patch468: libxl.prepare-environment-for-domcreate_stream_done.patch Patch469: libxl.helper_done-crash.patch +Patch470: libxl.LIBXL_HOTPLUG_TIMEOUT.patch # python3 conversion patches Patch500: build-python3-conversion.patch Patch501: pygrub-python3-conversion.patch @@ -501,6 +502,7 @@ %patch467 -p1 %patch468 -p1 %patch469 -p1 +%patch470 -p1 # python3 conversion patches %patch500 -p1 %patch501 -p1 ++ README.SUSE ++ --- /var/tmp/diff_new_pack.qHle4R/_old 2019-10-14 14:53:10.102188931 +0200 +++ /var/tmp/diff_new_pack.qHle4R/_new 2019-10-14 14:53:10.102188931 +0200 @@ -527,6 +527,64 @@ take effect. +Adjusting LIBXL_HOTPLUG_TIMEOUT at runtime +-- +A domU with a large amount of disks may run into the hardcoded +LIBXL_HOTPLUG_TIMEOUT limit, which is 40 seconds. This happens if the +preparation for each disk takes an unexpected large amount of time. Then +the sum of all configured disks and the individual preparation time will +be larger than 40 seconds. The hotplug script which does the preparation +takes a lock before doing the actual preparation. Since the hotplug +scripts for each disk are spawned at nearly the same time, each one has +to wait for the lock. Due to this contention, the total execution time +of a script can easily exceed the timeout. In this case libxl will +terminate the script because it has to assume an error condition. + +Example: +10 configured disks, each one takes 3 seconds within the critital +section. The total execution time will be 30 seconds, which is still +within the limit. With 5 additional configured disks, the total +execution time will be 45 seconds, which would trigger the timeout. + +To handle such setup without a recompile of libxl, a special key/value +has to be created in xenstore prior domain creation. This can be done +either manually, or at system startup. A dedicated systemd service file +exists to set the required value. To enable it, run these commands: + +/etc/systemd/system # systemctl enable xen-LIBXL_HOTPLUG_TIMEOUT.service +/etc/systemd/system # systemctl start xen-LIBXL_HOTPLUG_TIMEOUT.service + + +In case the value in this service file needs to be changed, a copy with +the exact same name must be created in the /etc/systemd/system directory: + +/etc/systemd/system # cat xen-LIBXL_HOTPLUG_TIMEOUT.service +[Unit] +Description=set global LIBXL_HOTPLUG_TIMEOUT +ConditionPathExists=/proc/xen/capabilities + +Requires=xenstored.service +After=xenstored.service +Requires=xen-init-dom0.service +After=xen-init-dom0.service +Before=xencommons.service + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities +ExecStart=/usr/bin/xenstore-write /libxl/suse/per-device-LIBXL_HOTPLUG_TIMEOUT 10 + +[Install] +WantedBy=multi-user.target + +In this example the per-device value will be set to 10 seconds. + +The change for libxl which handles this xenstore value will enable +additional logging if the key is found. That extra logging will show how +the execution time of each script. + + Troubleshooting --- First try to get Linux running on bare metal before trying with Xen. ++ libxl.LIBXL_HOTPLUG_TIMEOUT.patch ++ References: bsc#1120095 A domU with a large amount of disks may run into the hardcoded LIBXL_HOTPLUG_TIMEOUT limit, which is 40 seconds. This happens if the preparation for each disk takes an unexpected large amount of time. Then the sum of all configured disks and the individual preparation time will be larger than 40 seconds. The hotplug script which does
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-09-11 10:22:29 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.7948 (New) Package is "xen" Wed Sep 11 10:22:29 2019 rev:270 rq:728544 version:4.12.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-08-19 20:48:45.477080861 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.7948/xen.changes2019-09-11 10:22:34.415494531 +0200 @@ -1,0 +2,19 @@ +Wed Aug 28 09:25:30 MDT 2019 - carn...@suse.com + +- Upstream bug fixes (bsc#1027519) + 5d419d49-x86-spec-ctrl-report-proper-status.patch + 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch + 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch + 5d4afa7a-credit2-fix-memory-leak.patch + 5d4d850a-introduce-bss-percpu-page-aligned.patch + 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch + 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch + 5d6524ca-x86-mm-correctly-init-M2P-entries.patch + +--- +Wed Aug 28 11:25:17 UTC 2019 - oher...@suse.de + +- Preserve modified files which used to be marked as %config, + rename file.rpmsave to file + +--- New: 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.HuVxiw/_old 2019-09-11 10:22:37.147494192 +0200 +++ /var/tmp/diff_new_pack.HuVxiw/_new 2019-09-11 10:22:37.151494191 +0200 @@ -159,6 +159,14 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 5d419d49-x86-spec-ctrl-report-proper-status.patch +Patch2: 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch +Patch3: 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch +Patch4: 5d4afa7a-credit2-fix-memory-leak.patch +Patch5: 5d4d850a-introduce-bss-percpu-page-aligned.patch +Patch6: 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch +Patch7: 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch +Patch8: 5d6524ca-x86-mm-correctly-init-M2P-entries.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -357,6 +365,14 @@ %prep %setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57 # Upstream patches +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -1158,6 +1174,17 @@ fi %pre tools +for empty_config_file in \ + logrotate.d/xen \ + modprobe.d/xen_loop.conf \ + pam.d/xen-api \ + xen/cpupool \ + xen/xenapiusers \ + xen/xl.conf +do + test -f /etc/${empty_config_file}.rpmsave && mv -v /etc/${empty_config_file}.rpmsave /etc/${empty_config_file}.rpmsave.old ||: +done + %service_add_pre xencommons.service %service_add_pre xendomains.service %service_add_pre xen-watchdog.service @@ -1229,6 +1256,18 @@ %service_del_postun xen-init-dom0.service %service_del_postun xen-qemu-dom0-disk-backend.service +%posttrans tools +for empty_config_file in \ + logrotate.d/xen \ + modprobe.d/xen_loop.conf \ + pam.d/xen-api \ + xen/cpupool \ + xen/xenapiusers \ + xen/xl.conf +do + test -f /etc/${empty_config_file}.rpmsave && mv -v /etc/${empty_config_file}.rpmsave /etc/${empty_config_file} +done + %endif %post libs -p /sbin/ldconfig ++ 5d419d49-x86-spec-ctrl-report-proper-status.patch ++ # Commit 2adc580bd59f5c3034fd6ecacd5748678373f17a # Date 2019-07-31 14:53:13 +0100 # Author Jin Nan Wang # Committer Andrew Cooper xen/spec-ctrl: Speculative mitigation facilities report wrong status Booting with spec-ctrl=0 results in Xen printing "None MD_CLEAR". (XEN) Support for HVM VMs: None MD_CLEAR (XEN) Support for PV VMs: None MD_CLEAR Add a check about X86_FEATURE_MD_CLEAR to avoid to print "None". Signed-off-by: James Wang Reviewed-by: Andrew Cooper --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -360,6 +360,7 @@ static void __init print_details(enum in printk(" Support for HVM VMs:%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-08-19 20:48:41 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.22127 (New) Package is "xen" Mon Aug 19 20:48:41 2019 rev:269 rq:724162 version:4.12.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-08-07 13:54:57.680857127 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.22127/xen.changes 2019-08-19 20:48:45.477080861 +0200 @@ -1,0 +2,58 @@ +Fri Aug 9 10:29:45 MDT 2019 - carn...@suse.com + +- Update to Xen 4.12.1 bug fix release (bsc#1027519) + xen-4.12.1-testing-src.tar.bz2 +- Drop patches contained in new tarball + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87b6c8-drop-arch_evtchn_inject.patch + 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8f752c-x86-e820-build-with-gcc9.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch + 5cd921fb-trace-fix-build-with-gcc9.patch + 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch + 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch + 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch + 5cd926d0-bitmap_fill-zero-sized.patch + 5cd92724-drivers-video-drop-constraints.patch + 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch + 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch + 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch + 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch + 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch + 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch + 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch + 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch + 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch + 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch + 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch + 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch + 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch + 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch + 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch + 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch + 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch + 5d03a0c4-6-Arm64-cmpxchg-simplify.patch + 5d03a0c4-7-Arm32-cmpxchg-simplify.patch + 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch + 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch + 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch + 5d03a0c4-B-bitops-guest-helpers.patch + 5d03a0c4-C-cmpxchg-guest-helpers.patch + 5d03a0c4-D-use-guest-atomics-helpers.patch + 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch + 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch +- Refreshed patches + libxl.pvscsi.patch + xen-tools.etc_pollution.patch + +--- Old: 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-06-22 11:04:29 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.4615 (New) Package is "xen" Sat Jun 22 11:04:29 2019 rev:267 rq:710678 version:4.12.0_12 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-05-17 23:39:19.322039407 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.4615/xen.changes2019-06-22 11:04:36.251856662 +0200 @@ -1,0 +2,13 @@ +Tue Jun 11 20:22:47 UTC 2019 - Jim Fehlig + +- spec: xen-tools: require matching version of xen package + bsc#1137471 + +--- +Fri May 17 08:50:57 UTC 2019 - oher...@suse.de + +- Remove two stale patches + xen.build-compare.man.patch + xenpaging.doc.patch + +--- @@ -14 +27,2 @@ -- bsc#331 - VUL-0: CPU issues Q2 2019 aka "Group 4" +- bsc#331 - VUL-0: CPU issues Q2 2019 aka "Group 4". + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Old: xen.build-compare.man.patch xenpaging.doc.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.cJ5qPJ/_old 2019-06-22 11:04:38.691860740 +0200 +++ /var/tmp/diff_new_pack.cJ5qPJ/_new 2019-06-22 11:04:38.695860748 +0200 @@ -195,7 +195,6 @@ Patch409: xenstore-launch.patch # Needs to go upstream Patch420: suspend_evtchn_lock.patch -Patch421: xenpaging.doc.patch Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch Patch424: gcc9-ignore-warnings.patch @@ -228,7 +227,6 @@ Patch601: x86-ioapic-ack-default.patch Patch602: x86-cpufreq-report.patch Patch621: xen.build-compare.doc_html.patch -Patch622: xen.build-compare.man.patch Patch623: ipxe-no-error-logical-not-parentheses.patch Patch624: ipxe-use-rpm-opt-flags.patch # Build patches @@ -285,6 +283,7 @@ %ifarch %arm aarch64 Requires: qemu-arm %endif +Requires: %{name} = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release} Recommends: multipath-tools Requires: python3 @@ -413,7 +412,6 @@ %patch409 -p1 # Needs to go upstream %patch420 -p1 -%patch421 -p1 %patch422 -p1 %patch423 -p1 %patch424 -p1 @@ -446,7 +444,6 @@ %patch601 -p1 %patch602 -p1 %patch621 -p1 -%patch622 -p1 %patch623 -p1 %patch624 -p1 # Build patches
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-05-17 23:39:15 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.5148 (New) Package is "xen" Fri May 17 23:39:15 2019 rev:266 rq:702959 version:4.12.0_12 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-04-18 13:58:17.887992681 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.5148/xen.changes2019-05-17 23:39:19.322039407 +0200 @@ -1,0 +2,25 @@ +Tue May 14 15:35:17 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133296). + +--- +Mon May 13 20:20:00 UTC 2019 - oher...@suse.de + +- Remove arm32 from ExclusiveArch to fix build + +--- +Mon Apr 29 08:54:04 MDT 2019 - carn...@suse.com + +- bsc#331 - VUL-0: CPU issues Q2 2019 aka "Group 4" + xsa297-0a.patch + xsa297-0b.patch + xsa297-0c.patch + xsa297-0d.patch + xsa297-1.patch + xsa297-2.patch + xsa297-3.patch +- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and + drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch + Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch + +--- Old: 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch New: xsa297-0a.patch xsa297-0b.patch xsa297-0c.patch xsa297-0d.patch xsa297-1.patch xsa297-2.patch xsa297-3.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.EPEEdb/_old 2019-05-17 23:39:21.242038352 +0200 +++ /var/tmp/diff_new_pack.EPEEdb/_new 2019-05-17 23:39:21.246038350 +0200 @@ -23,7 +23,7 @@ %endif Name: xen -ExclusiveArch: %ix86 x86_64 %arm aarch64 +ExclusiveArch: %ix86 x86_64 aarch64 %define changeset 38667 %define xen_build_dir xen-4.12.0-testing # @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.12.0_10 +Version:4.12.0_12 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -174,8 +174,14 @@ Patch10:5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch Patch11:5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch Patch12:5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch -Patch13:5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch -Patch14:5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +Patch13:5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +Patch29701: xsa297-0a.patch +Patch29702: xsa297-0b.patch +Patch29703: xsa297-0c.patch +Patch29704: xsa297-0d.patch +Patch29711: xsa297-1.patch +Patch29712: xsa297-2.patch +Patch29713: xsa297-3.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -387,7 +393,13 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 +%patch29701 -p1 +%patch29702 -p1 +%patch29703 -p1 +%patch29704 -p1 +%patch29711 -p1 +%patch29712 -p1 +%patch29713 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -443,6 +455,7 @@ %patch9 -p1 %build +%define _lto_cflags %{nil} # JWF: Anthony's series to load BIOS from toolstack requires autogen.sh. # http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html ./autogen.sh @@ -785,12 +798,6 @@ make -C xen install DEBUG_DIR=/boot DESTDIR=%{buildroot} CC=$CC %{?_smp_mflags} install_xen make -C xen clean -echo > xen.files.txt -# EFI depends on gcc47 or newer -if test -d %{buildroot}/%{_datadir}/efi/$arch -then - echo %{_datadir}/efi/$arch >> xen.files.txt -fi %endif # On x86_64, qemu-xen was installed as /usr/lib/xen/bin/qemu-system-i386 @@ -945,7 +952,7 @@ %if %{?with_dom0_support}0 -%files -f xen.files.txt +%files %defattr(-,root,root) /boot/* %{_libdir}/efi ++ 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch ++ --- /var/tmp/diff_new_pack.EPEEdb/_old 2019-05-17 23:39:21.302038319 +0200 +++ /var/tmp/diff_new_pack.EPEEdb/_new 2019-05-17 23:39:21.306038317 +0200 @@ -1,6 +1,3 @@ - -WARNING: Breaks Arm build! Fix is being discussed upstream. - # Commit 597fbb8be6021440cd53493c14201c32671bade1 # Date 2019-04-08 11:16:06 +0100 # Author Andrew Cooper @@ -24,9 +21,54 @@ Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich +# Commit a6448adfd3d537aacbbd784e5bf1777ab3ff5f85 +# Date 2019-04-09 10:12:57 +0100 +# Author Andrew Cooper +# Committer Wei Liu +xen/cpu: Fix ARM build following c/s 597fbb8 + +c/s 597fbb8 "xen/timers: Fix memory leak
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-04-18 13:57:59 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.5536 (New) Package is "xen" Thu Apr 18 13:57:59 2019 rev:265 rq:695298 version:4.12.0_10 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-04-04 12:05:40.969434536 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.5536/xen.changes2019-04-18 13:58:17.887992681 +0200 @@ -1,0 +2,45 @@ +Wed Apr 17 08:28:50 MDT 2019 - carn...@suse.com + +- bsc#1131811 - [XEN] internal error: libxenlight failed to create + new domain. This patch is a workaround for a systemd issue. See + patch header for additional comments. + xenstore-launch.patch + +--- +Thu Apr 11 16:29:39 MDT 2019 - carn...@suse.com + +- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest + after upgrading host from sle11sp4 to sle15sp1 + pygrub-python3-conversion.patch +- Fix "TypeError: virDomainDefineXML() argument 2 must be str or + None, not bytes" when converting VMs from using the xm/xend + toolstack to the libxl/libvirt toolstack. (bsc#1123378) + xen2libvirt.py + +--- +Mon Apr 8 08:13:04 MDT 2019 - carn...@suse.com + +- bsc#1124560 - Fully virtualized guests crash on boot + 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch +- bsc#1121391 - GCC 9: xen build fails + 5c8f752c-x86-e820-build-with-gcc9.patch +- Upstream bug fixes (bsc#1027519) + 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch + 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch + 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch + 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch + 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch + 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch + 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch + 5c9e63c5-credit2-SMT-idle-handling.patch + 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch + 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch + 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch + 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch + +--- +Thu Apr 4 08:53:02 UTC 2019 - oher...@suse.de + +- Install pkgconfig files into libdir instead of datadir + +--- New: 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch xenstore-launch.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.U92DbZ/_old 2019-04-18 13:58:20.875993677 +0200 +++ /var/tmp/diff_new_pack.U92DbZ/_new 2019-04-18 13:58:20.875993677 +0200 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.12.0_08 +Version:4.12.0_10 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -162,6 +162,20 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch +Patch2: 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch +Patch3: 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch +Patch4: 5c8f752c-x86-e820-build-with-gcc9.patch +Patch5: 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch +Patch6: 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch +Patch7: 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch +Patch8: 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch +Patch9: 5c9e63c5-credit2-SMT-idle-handling.patch +Patch10:5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch +Patch11:5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch +Patch12:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-04-04 12:05:32 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.3908 (New) Package is "xen" Thu Apr 4 12:05:32 2019 rev:264 rq:690700 version:4.12.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-04-01 12:33:45.293804083 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new.3908/xen.changes2019-04-04 12:05:40.969434536 +0200 @@ -1,0 +2,27 @@ +Tue Apr 2 08:03:53 MDT 2019 - carn...@suse.com + +- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates +the HVM/PVH and PV code paths in Xen and provides KCONFIG +options to build a PV only or HVM/PVH only hypervisor. + * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has +been vastly improved. + * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- +domain communication mechanism. + * Improvements to Virtual Machine Introspection: The VMI subsystem +which allows detection of 0-day vulnerabilities has seen many +functional and performance improvements. + * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project +default scheduler. + * PVH Support: Grub2 boot support has been added to Xen and Grub2. + * PVH Dom0: PVH Dom0 support has now been upgraded from experimental +to tech preview. + * The Xen 4.12 upgrade also includes improved IOMMU mapping code, +which is designed to significantly improve the startup times of +AMD EPYC based systems. + * The upgrade also features Automatic Dom0 Sizing which allows the +setting of Dom0 memory size as a percentage of host memory (e.g. +10%) or with an offset (e.g. 1G+10%). + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.HjPiq8/_old 2019-04-04 12:05:45.441435720 +0200 +++ /var/tmp/diff_new_pack.HjPiq8/_new 2019-04-04 12:05:45.445435721 +0200 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.12.0_07 +Version:4.12.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only ++ xen-4.12.0-testing-src.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.12.0-testing/ChangeLog new/xen-4.12.0-testing/ChangeLog --- old/xen-4.12.0-testing/ChangeLog2019-03-25 15:16:43.0 +0100 +++ new/xen-4.12.0-testing/ChangeLog2019-04-02 15:59:08.0 +0200 @@ -1,30 +1,7 @@ -commit 07c181c83e03a860d806305369cd677c24df9b78 -Author: Andrew Cooper -Date: Thu Mar 21 19:36:48 2019 + +commit 997d6248a9ae932d0dbaac8d8755c2b15fec25dc +Author: Ian Jackson +Date: Mon Apr 1 12:03:23 2019 +0100 -passthrough/vtd: Drop the "workaround_bios_bug" logic entirely +README, xen/Makefile: Set version to 4.12.0 -It turns out that this code was previously dead. - -c/s dcf41790 " x86/mmcfg/drhd: Move acpi_mmcfg_init() call before calling -acpi_parse_dmar()" resulted in PCI segment 0 now having been initialised -enough for acpi_parse_one_drhd() to not take the - - /* Skip checking if segment is not accessible yet. */ - -path unconditionally. However, some systems have DMAR tables which list -devices which are disabled by user choice (in particular, Dell PowerEdge R740 -with I/O AT DMA disabled), and turning off all IOMMU functionality in this -case is entirely unhelpful behaviour. - -Leave the warning which identifies the problematic devices, but drop the -remaining logic. This leaves the system in better overall state, and working -in the same way that it did in previous releases. - -Reported-by: Igor Druzhinin -Signed-off-by: Andrew Cooper -Reviewed-by: Igor Druzhinin -Reviewed-by: Roger Pau Monné -Acked-by: George Dunlap -Release-acked-by: Juergen Gross -(cherry picked from commit 74dadb8556c6a0972fa422b5ae346589ace404b6) +Signed-off-by: Ian Jackson diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.12.0-testing/Config.mk new/xen-4.12.0-testing/Config.mk --- old/xen-4.12.0-testing/Config.mk2019-03-25 15:16:43.0 +0100 +++ new/xen-4.12.0-testing/Config.mk2019-04-02 15:59:08.0 +0200 @@ -275,15 +275,15 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= ef529e6ab7c31290a33045bb1f1837447cc0eb56 -QEMU_UPSTREAM_REVISION ?=
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-04-01 12:33:37 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.25356 (New) Package is "xen" Mon Apr 1 12:33:37 2019 rev:263 rq:688873 version:4.12.0_07 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-03-13 09:07:25.111435115 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.25356/xen.changes 2019-04-01 12:33:45.293804083 +0200 @@ -1,0 +2,54 @@ +Tue Mar 26 10:06:06 MDT 2019 - carn...@suse.com + +- bsc#1130485 - Please drop Requires on multipath-tools in + xen-tools. Now using Recommends multipath-tools. + xen.spec + +--- +Mon Mar 25 08:17:31 MDT 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +--- +Wed Mar 20 09:48:26 MDT 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +--- +Fri Mar 15 13:09:29 UTC 2019 - oher...@suse.de + +- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to + avoid TSC emulation for HVM domUs if their expected frequency + does not match exactly the frequency of the receiving host + xen.bug1026236.suse_vtsc_tolerance.patch + +--- +Mon Mar 11 11:24:42 MDT 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +--- +Mon Mar 11 05:58:59 MDT 2019 - carn...@suse.com + +- jsc#SLE-3059 - Disable Xen auto-ballooning +- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. + xen.spec +- Disable autoballooning in xl.con + xl-conf-disable-autoballoon.patch + +--- +Thu Mar 7 17:55:20 UTC 2019 - oher...@suse.de + +- Update gcc9-ignore-warnings.patch to fix build in SLE12 + +--- +Thu Mar 7 15:28:02 UTC 2019 - oher...@suse.de + +- bsc#1126325 - fix crash in libxl in error path + Setup of grant_tables and other variables may fail + libxl.prepare-environment-for-domcreate_stream_done.patch + +--- New: libxl.prepare-environment-for-domcreate_stream_done.patch xen.bug1026236.suse_vtsc_tolerance.patch xl-conf-disable-autoballoon.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.pd7zGq/_old 2019-04-01 12:33:48.205804830 +0200 +++ /var/tmp/diff_new_pack.pd7zGq/_new 2019-04-01 12:33:48.205804830 +0200 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.12.0_04 +Version:4.12.0_07 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -167,10 +167,11 @@ Patch401: vif-bridge-no-iptables.patch Patch402: vif-bridge-tap-fix.patch Patch403: xl-conf-default-bridge.patch -Patch404: xen-arch-kconfig-nr_cpus.patch -Patch405: suse-xendomains-service.patch -Patch406: replace-obsolete-network-configuration-commands-in-s.patch -Patch407: disable-building-pv-shim.patch +Patch404: xl-conf-disable-autoballoon.patch +Patch405: xen-arch-kconfig-nr_cpus.patch +Patch406: suse-xendomains-service.patch +Patch407: replace-obsolete-network-configuration-commands-in-s.patch +Patch408: disable-building-pv-shim.patch # Needs to go upstream Patch420: suspend_evtchn_lock.patch Patch421: xenpaging.doc.patch @@ -195,12 +196,14 @@ Patch465: xen.libxl.dmmd.patch Patch466: libxl.set-migration-constraints-from-cmdline.patch Patch467: xenstore-run-in-studomain.patch +Patch468: libxl.prepare-environment-for-domcreate_stream_done.patch # python3 conversion patches Patch500: build-python3-conversion.patch Patch501: pygrub-python3-conversion.patch Patch502: migration-python3-conversion.patch Patch503: bin-python3-conversion.patch # Hypervisor and PV driver Patches +Patch600: xen.bug1026236.suse_vtsc_tolerance.patch Patch601: x86-ioapic-ack-default.patch Patch602: x86-cpufreq-report.patch Patch621: xen.build-compare.doc_html.patch @@ -262,7 +265,7 @@ Requires: qemu-arm %endif Requires: %{name}-libs = %{version}-%{release} -Requires:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-03-13 09:07:16 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.28833 (New) Package is "xen" Wed Mar 13 09:07:16 2019 rev:262 rq:682286 version:4.12.0_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-02-06 15:46:04.299308182 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.28833/xen.changes 2019-03-13 09:07:25.111435115 +0100 @@ -1,0 +2,22 @@ +Wed Mar 6 11:12:09 MST 2019 - carn...@suse.com + +- bsc#1127620 - Documentation for the xl configuration file allows + for firmware=pvgrub64 but we don't ship pvgrub64. + Create a link from grub.xen to pvgrub64 + xen.spec + +--- +Mon Mar 4 14:58:18 MST 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Tarball also contains additional post RC4 security fixes for + Xen Security Advisories 287, 288, and 290 through 294. + +--- +Tue Feb 19 08:11:38 MST 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.vrRKFK/_old 2019-03-13 09:07:29.971434614 +0100 +++ /var/tmp/diff_new_pack.vrRKFK/_new 2019-03-13 09:07:29.975434613 +0100 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.12.0_02 +Version:4.12.0_04 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0-only @@ -940,7 +940,6 @@ /usr/sbin/xenperf /usr/sbin/xenpm /usr/sbin/xenpmd -/usr/sbin/xen-ringwatch /usr/sbin/xenstored /usr/sbin/xen-tmem-list-parse /usr/sbin/xentop @@ -968,7 +967,6 @@ %endif /usr/sbin/xen-list /usr/sbin/xen-destroy -/usr/sbin/xen-bugtool /usr/sbin/xen-livepatch /usr/sbin/xen-diag %dir %attr(700,root,root) /etc/xen @@ -1196,6 +1194,9 @@ echo '# Xen boot parameters for non-recovery Xen boots (in addition to GRUB_CMDLINE_XEN)' >> /etc/default/grub echo 'GRUB_CMDLINE_XEN_DEFAULT=""' >> /etc/default/grub fi +if [ -f /usr/lib/grub2/x86_64-xen/grub.xen -a ! -f /usr/lib/xen/boot/pvgrub64.bin ]; then +ln -s /usr/lib/grub2/x86_64-xen/grub.xen /usr/lib/xen/boot/pvgrub64.bin +fi %preun tools %service_del_preun xencommons.service ++ bin-python3-conversion.patch ++ --- /var/tmp/diff_new_pack.vrRKFK/_old 2019-03-13 09:07:30.015434609 +0100 +++ /var/tmp/diff_new_pack.vrRKFK/_new 2019-03-13 09:07:30.019434608 +0100 @@ -1,20 +1,3 @@ -Index: xen-4.10.0-testing/tools/misc/xen-bugtool -=== xen-4.10.0-testing.orig/tools/misc/xen-bugtool -+++ xen-4.10.0-testing/tools/misc/xen-bugtool -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/python3 - - # -*- mode: python; -*- - -@@ -13,5 +13,5 @@ if __name__ == "__main__": - try: - sys.exit(bugtool.main()) - except KeyboardInterrupt: --print "\nInterrupted." -+print("\nInterrupted.") - sys.exit(1) Index: xen-4.10.0-testing/tools/misc/xencons === --- xen-4.10.0-testing.orig/tools/misc/xencons @@ -241,188 +224,6 @@ sys.exit(1) sys.stdout.flush() -Index: xen-4.10.0-testing/tools/misc/xen-ringwatch -=== xen-4.10.0-testing.orig/tools/misc/xen-ringwatch -+++ xen-4.10.0-testing/tools/misc/xen-ringwatch -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - # - # Copyright (C) 2011 Citrix Systems, Inc. - # -@@ -75,8 +75,8 @@ class XenBackend(object): - def from_name(cls, name): - match = cls._name_pattern.search(name) - if not match: --raise Exception, "Malformed %s name: %s" % \ --(type(self).__name__, name) -+raise Exception("Malformed %s name: %s" % \ -+(type(self).__name__, name)) - - rd= match.group(1) - devid = match.group(2) -@@ -214,9 +214,9 @@ class RingState(object): - match = cls._size_pattern.search(_nr_ents) - nr_ents = int(match.group(1)) - --except Exception, e: --raise Exception, "Malformed %s input: %s (%s)" % \ --(cls.__name__, repr(s), str(e)) -+except Exception as e: -+raise Exception("Malformed %s input: %s (%s)" % \ -+
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-02-06 15:45:56 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.28833 (New) Package is "xen" Wed Feb 6 15:45:56 2019 rev:261 rq:671220 version:4.12.0_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-01-15 13:16:29.504352260 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.28833/xen.changes 2019-02-06 15:46:04.299308182 +0100 @@ -1,0 +2,55 @@ +Mon Feb 4 12:34:57 MST 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 + +--- +Fri Jan 25 12:53:37 MST 2019 - carn...@suse.com + +- bsc#1121391 - GCC 9: xen build fails + gcc9-ignore-warnings.patch + +--- +Thu Jan 24 09:39:18 MST 2019 - carn...@suse.com + +- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing + /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. + Keep xen.efi in /usr/lib64/efi for booting older distros. + xen.spec + +--- +Fri Jan 18 10:51:12 MST 2019 - carn...@suse.com + +- fate#326960: Package grub2 as noarch. + As part of the effort to have a unified bootloader across + architectures, modify the xen.spec file to move the Xen efi files + to /usr/share/efi/$(uname -m) from /usr/lib64/efi. + +--- +Wed Jan 16 11:24:49 MST 2019 - carn...@suse.com + +- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) + xen-4.12.0-testing-src.tar.bz2 +- Drop + 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch + gcc8-fix-array-warning-on-i586.patch + gcc8-fix-format-warning-on-i586.patch + gcc8-inlining-failed.patch + xen.bug1079730.patch + +--- +Tue Jan 15 13:38:13 MST 2019 - carn...@suse.com + +- bsc#1121960 - xen: sync with Factory + xen.spec + xen.changes + +--- @@ -120,2 +175,3 @@ -- bsc#1115040 - VUL-0: xen: insufficient TLB flushing / improper - large page mappings with AMD IOMMUs (XSA-275) +- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: + insufficient TLB flushing / improper large page mappings with AMD + IOMMUs (XSA-275) @@ -124,2 +180,2 @@ -- bsc#1115043 - VUL-0: xen: resource accounting issues in x86 IOREQ - server handling (XSA-276) +- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting + issues in x86 IOREQ server handling (XSA-276) @@ -128,2 +184,2 @@ -- bsc#1115044 - VUL-0: xen: x86: incorrect error handling for guest - p2m page removals (XSA-277) +- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error + handling for guest p2m page removals (XSA-277) @@ -134,2 +190,2 @@ -- bsc#1115045 - VUL-0: xen: x86: DoS from attempting to use INVPCID - with a non-canonical addresses (XSA-279) +- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting + to use INVPCID with a non-canonical addresses (XSA-279) @@ -137,2 +193,2 @@ -- bsc#1115047 - VUL-0: xen: Fix for XSA-240 conflicts with shadow - paging (XSA-280) +- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 + conflicts with shadow paging (XSA-280) @@ -141,2 +197,2 @@ -- bsc#1114988 - VUL-0: xen: guest use of HLE constructs may lock up - host (XSA-282) +- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE + constructs may lock up host (XSA-282) Old: 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch gcc8-fix-array-warning-on-i586.patch gcc8-fix-format-warning-on-i586.patch gcc8-inlining-failed.patch xen-4.11.1-testing-src.tar.bz2
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-01-15 13:16:28 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.28833 (New) Package is "xen" Tue Jan 15 13:16:28 2019 rev:260 rq:666052 version:4.11.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2019-01-08 12:18:39.948915069 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.28833/xen.changes 2019-01-15 13:16:29.504352260 +0100 @@ -1,0 +2,19 @@ +Sat Jan 12 14:06:02 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars. +- Run fdupes for all architectures, and not crossing + subvolume boundaries. + +--- +Thu Jan 10 10:57:44 UTC 2019 - Guillaume GARDET + +- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition + rpmlint error + +--- +Tue Jan 8 13:31:30 UTC 2019 - Guillaume GARDET + +- Require qemu-seabios only on x86* as it is not available on non-x86 + systems + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.N8u43d/_old 2019-01-15 13:16:32.384349991 +0100 +++ /var/tmp/diff_new_pack.N8u43d/_new 2019-01-15 13:16:32.388349989 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild @@ -130,7 +130,7 @@ Version:4.11.1_02 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) -License:GPL-2.0 +License:GPL-2.0-only Group: System/Kernel Source0:xen-4.11.1-testing-src.tar.bz2 Source1:stubdom.tar.bz2 @@ -277,7 +277,9 @@ Requires: multipath-tools Requires: python3 Requires: python3-curses +%ifarch %{ix86} x86_64 Requires: qemu-seabios +%endif # subpackage existed in 10.3 Provides: xen-tools-ioemu = %{version} Obsoletes: xen-tools-ioemu < %{version} @@ -461,8 +463,8 @@ export WGET=$(type -P false) export FTP=$(type -P false) export GIT=$(type -P false) -export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" -export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_XEN_TOOLS="%{optflags}" +export EXTRA_CFLAGS_QEMU_TRADITIONAL="%{optflags}" export SMBIOS_REL_DATE="$SMBIOS_REL_DATE" export RELDATE="$RELDATE" XEN_VERSION=$XEN_VERSION @@ -534,19 +536,19 @@ source ./.our_xenversion # tools make \ - DESTDIR=$RPM_BUILD_ROOT \ + DESTDIR=%{buildroot} \ SYSCONFIG_DIR=%{_fillupdir} \ %{?_smp_mflags} \ install -find $RPM_BUILD_ROOT -ls -for i in $RPM_BUILD_ROOT%{_fillupdir}/* +find %{buildroot} -ls +for i in %{buildroot}/%{_fillupdir}/* do mv -v $i ${i%/*}/sysconfig.${i##*/} done # -udev_rulesdir=$RPM_BUILD_ROOT%{_udevrulesdir} -tools_domU_dir=$RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU +udev_rulesdir=%{buildroot}/%{_udevrulesdir} +tools_domU_dir=%{buildroot}/%{_libexecdir}/%{name}-tools-domU mkdir -p ${udev_rulesdir} mkdir -p ${tools_domU_dir} # @@ -555,7 +557,7 @@ SUBSYSTEM=="pci", ATTR{modalias}=="pci:v5853d0001sv5853sd0001bcFFsc80i00", TAG+="systemd", ENV{SYSTEMD_WANTS}+="%{name}-vcpu-watch.service" _EOR_ # -tee $RPM_BUILD_ROOT%{_unitdir}/%{name}-vcpu-watch.service <<'_EOS_' +tee %{buildroot}/%{_unitdir}/%{name}-vcpu-watch.service <<'_EOS_' [Unit] Description=Listen to CPU online/offline events from dom0 toolstack @@ -566,7 +568,7 @@ RestartSec=2 _EOS_ # -tee $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh <<'_EOS_' +tee %{buildroot}/%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh <<'_EOS_' #!/bin/bash unset LANG unset ${!LC_*} @@ -613,7 +615,7 @@ done exit 1 _EOS_ -chmod 755 $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh +chmod 755 %{buildroot}/%{_libexecdir}/%{name}-tools-domU/%{name}-vcpu-watch.sh # tee ${udev_rulesdir}/60-persistent-xvd.rules <<'_EOR_' ACTION=="remove", GOTO="xvd_aliases_end" @@ -631,7 +633,7 @@ SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]",
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2019-01-08 12:18:34 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.28833 (New) Package is "xen" Tue Jan 8 12:18:34 2019 rev:259 rq:662517 version:4.11.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-12-10 12:27:04.798602401 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.28833/xen.changes 2019-01-08 12:18:39.948915069 +0100 @@ -1,0 +2,6 @@ +Thu Dec 27 18:16:54 UTC 2018 - Bernhard Wiedemann + +- Avoid creating dangling symlinks (bsc#1116524) + This reverts the revert of tmp_build.patch + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.J1cRQZ/_old 2019-01-08 12:18:41.588913531 +0100 +++ /var/tmp/diff_new_pack.J1cRQZ/_new 2019-01-08 12:18:41.588913531 +0100 @@ -889,8 +889,8 @@ # "xl devd" has to be called manually in a driver domain find $RPM_BUILD_ROOT -name xendriverdomain.service -print -delete -# Create symlinks for keymaps -%fdupes -s $RPM_BUILD_ROOT +# Create hardlinks for 3 .txt files and 1 .py +%fdupes $RPM_BUILD_ROOT find $RPM_BUILD_ROOT -size 0 -delete %else ++ tmp_build.patch ++ --- /var/tmp/diff_new_pack.J1cRQZ/_old 2019-01-08 12:18:41.816913316 +0100 +++ /var/tmp/diff_new_pack.J1cRQZ/_new 2019-01-08 12:18:41.816913316 +0100 @@ -22,7 +22,7 @@ xenstore: xenstore_client.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) -+ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=uuid -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ ++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ xenstore-control: xenstore_control.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-12-10 12:27:01 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.19453 (New) Package is "xen" Mon Dec 10 12:27:01 2018 rev:258 rq:654117 version:4.11.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-12-03 10:04:29.840033854 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.19453/xen.changes 2018-12-10 12:27:04.798602401 +0100 @@ -1,0 +2,82 @@ +Tue Dec 4 13:19:21 MST 2018 - carn...@suse.com + +- Update to Xen 4.11.1 bug fix release (bsc#1027519) + xen-4.11.1-testing-src.tar.bz2 +- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch + replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch + replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +- Drop the following patches contained in the new tarball + 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch + 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch + 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch + 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch + 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch + 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch + 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch + 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch + 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch + 5b3f8fa5-port-array_index_nospec-from-Linux.patch + 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch + 5b4488e7-x86-spec-ctrl-cmdline-handling.patch + 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch + 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch + 5b4db308-SVM-fix-cleanup-svm_inject_event.patch + 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch + 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch + 5b505fe5-VMX-fix-find-msr-build.patch + 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch + 5b508775-2-x86-possibly-bring-up-all-CPUs.patch + 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch + 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch + 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch + 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch + 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch + 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch + 5b62ca93-VMX-avoid-hitting-BUG_ON.patch + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b6d8ce2-x86-XPTI-parsing.patch + 5b72fbbe-ARM-disable-grant-table-v2.patch + 5b72fbbe-oxenstored-eval-order.patch + 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch + 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch + 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch + 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch + 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch + 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch + 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch + 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch + 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch + 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch + 5b72fbbf-xl.conf-Add-global-affinity-masks.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch + xsa275-1.patch + xsa275-2.patch + xsa276-1.patch + xsa276-2.patch + xsa277.patch + xsa279.patch + xsa280-1.patch + xsa280-2.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-12-03 10:04:05 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new.19453 (New) Package is "xen" Mon Dec 3 10:04:05 2018 rev:257 rq:652068 version:4.11.0_09 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-11-13 16:23:56.974832220 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new.19453/xen.changes 2018-12-03 10:04:29.840033854 +0100 @@ -1,0 +2,58 @@ +Wed Nov 21 15:44:39 MST 2018 - carn...@suse.com + +- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: + Missing /bin/domu-xenstore. This was broken because "make + package build reproducible" change. (boo#1047218, boo#1062303) + This fix reverses the change to this patch. + tmp_build.patch + +--- +Mon Nov 12 09:47:39 MST 2018 - carn...@suse.com + +- bsc#1115040 - VUL-0: xen: insufficient TLB flushing / improper + large page mappings with AMD IOMMUs (XSA-275) + xsa275-1.patch + xsa275-2.patch +- bsc#1115043 - VUL-0: xen: resource accounting issues in x86 IOREQ + server handling (XSA-276) + xsa276-1.patch + xsa276-2.patch +- bsc#1115044 - VUL-0: xen: x86: incorrect error handling for guest + p2m page removals (XSA-277) + xsa277.patch +- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even + when disabled (XSA-278) + 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch +- bsc#1115045 - VUL-0: xen: x86: DoS from attempting to use INVPCID + with a non-canonical addresses (XSA-279) + xsa279.patch +- bsc#1115047 - VUL-0: xen: Fix for XSA-240 conflicts with shadow + paging (XSA-280) + xsa280-1.patch + xsa280-2.patch +- bsc#1114988 - VUL-0: xen: guest use of HLE constructs may lock up + host (XSA-282) + 5be2a308-x86-extend-get_platform_badpages.patch + 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch +- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV + 5bdc31d5-VMX-fix-vmx_handle_eoi.patch +- Upstream bug fixes (bsc#1027519) + 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch + 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch + 5bacae4b-x86-boot-allocate-extra-module-slot.patch + 5bae44ce-x86-silence-false-log-messages.patch + 5bb60c12-x86-split-opt_xpti.patch + 5bb60c4f-x86-split-opt_pv_l1tf.patch + 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch + 5bcf0722-x86-boot-enable-NMIs.patch + 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch + 5bd076e9-x86-boot-init-debug-regs-correctly.patch + 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch + 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch + +--- +Wed Oct 24 20:08:24 UTC 2018 - oher...@suse.de + +- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries + +--- New: 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch xsa275-1.patch xsa275-2.patch xsa276-1.patch xsa276-2.patch xsa277.patch xsa279.patch xsa280-1.patch xsa280-2.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.1BrBU4/_old 2018-12-03 10:04:31.752032107 +0100 +++ /var/tmp/diff_new_pack.1BrBU4/_new 2018-12-03 10:04:31.760032101 +0100 @@ -205,18 +205,42 @@ Patch41: 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch Patch42:5b72fbbf-xl.conf-Add-global-affinity-masks.patch Patch43:5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch -Patch44:5b75afef-x86-setup-avoid-OoB-E820-lookup.patch -Patch45:5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch -Patch46:5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch -Patch47:5b8d5832-x86-assorted-array_index_nospec-insertions.patch -Patch48: 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-11-13 16:23:37 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Nov 13 16:23:37 2018 rev:256 rq:647072 version:4.11.0_09 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-10-18 15:28:32.178841944 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-11-13 16:23:56.974832220 +0100 @@ -1,0 +2,8 @@ +Wed Oct 24 08:21:01 UTC 2018 - Bernhard Wiedemann + +- make package build reproducible (boo#1047218, boo#1062303) + * Set SMBIOS_REL_DATE + * Update tmp_build.patch to use SHA instead of random build-id + * Add reproducible.patch to use --no-insert-timestamp + +--- New: reproducible.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.534827759 +0100 +++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.538827752 +0100 @@ -268,6 +268,7 @@ # Build patches Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch +Patch9: reproducible.patch Url:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define pyver %(python3 -c "import sys; print(sys.version[:3])") @@ -517,6 +518,7 @@ # Build patches %patch6 -p1 %patch8 -p1 +%patch9 -p1 %build # JWF: Anthony's series to load BIOS from toolstack requires autogen.sh. @@ -553,7 +555,7 @@ export GIT=$(type -P false) export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" -export SMBIOS_DATE="$SMBIOS_DATE" +export SMBIOS_REL_DATE="$SMBIOS_DATE" export RELDATE="$RELDATE" XEN_VERSION=$XEN_VERSION XEN_SUBVERSION=$XEN_SUBVERSION ++ reproducible.patch ++ commit e4c8f21e198e739e279b274c17e9246ea9a6d8e5 Author: Bernhard M. Wiedemann Date: Wed Oct 24 09:50:26 2018 +0200 x86/efi: Do not insert timestamps in efi files in order to make builds reproducible. See https://reproducible-builds.org/ for why this is good. We only add the option, if ld understands it. Signed-off-by: Bernhard M. Wiedemann diff --git a/Config.mk b/Config.mk index 9b13e75a3e..46b064bcae 100644 --- a/Config.mk +++ b/Config.mk @@ -151,6 +151,14 @@ export XEN_HAS_BUILD_ID=y build_id_linker := --build-id=sha1 endif +ld-ver-timestamp = $(shell $(1) -mi386pep --no-insert-timestamp 2>&1 | \ + grep -q no-insert-timestamp && echo n || echo y) +ifeq ($(call ld-ver-timestamp,$(LD)),n) +ld_no_insert_timestamp := +else +ld_no_insert_timestamp := --no-insert-timestamp +endif + ifndef XEN_HAS_CHECKPOLICY CHECKPOLICY ?= checkpolicy XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 162b0b94c0..866125a8ac 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -158,6 +158,7 @@ note.o: $(TARGET)-syms EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 EFI_LDFLAGS += --image-base=$(1) --stack=0,0 --heap=0,0 --strip-debug +EFI_LDFLAGS += $(ld_no_insert_timestamp) EFI_LDFLAGS += --section-alignment=0x20 --file-alignment=0x20 EFI_LDFLAGS += --major-image-version=$(XEN_VERSION) EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION) ++ tmp_build.patch ++ --- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.902827118 +0100 +++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.902827118 +0100 @@ -22,7 +22,7 @@ xenstore: xenstore_client.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) -+ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=uuid -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ ++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ xenstore-control: xenstore_control.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-10-18 15:28:30 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Oct 18 15:28:30 2018 rev:255 rq:642003 version:4.11.0_09 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-09-18 11:39:18.528170496 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-10-18 15:28:32.178841944 +0200 @@ -1,0 +2,8 @@ +Mon Oct 15 06:55:47 UTC 2018 - oher...@suse.de + +- Building with ncurses 6.1 will fail without + xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch +- Building libxl acpi support on aarch64 with gcc 8.2 will fail without + xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch + +--- New: xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.KwDSgJ/_old 2018-10-18 15:28:33.966839830 +0200 +++ /var/tmp/diff_new_pack.KwDSgJ/_new 2018-10-18 15:28:33.970839826 +0200 @@ -127,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.11.0_08 +Version:4.11.0_09 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -215,6 +215,8 @@ Patch51:5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch Patch52:5b9784d2-x86-HVM-add-known_gla-helper.patch Patch53:5b9784f2-x86-HVM-split-page-straddling-accesses.patch +Patch98:xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch +Patch99:xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -462,6 +464,8 @@ %patch51 -p1 %patch52 -p1 %patch53 -p1 +%patch98 -p1 +%patch99 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 ++ xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch ++ From: Christopher Clark Date: Wed, 18 Jul 2018 15:22:17 -0700 Subject: 2b50cdbc444c637575580dcfa6c9525a84d5cc62 tools/xentop : replace use of deprecated vwprintw gcc-8.1 complains: | xentop.c: In function 'print': | xentop.c:304:4: error: 'vwprintw' is deprecated [-Werror=deprecated-declarations] | vwprintw(stdscr, (curses_str_t)fmt, args); | ^~~~ vw_printw (note the underscore) is a non-deprecated alternative. Signed-off-by: Christopher Clark Acked-by: Wei Liu --- tools/xenstat/xentop/xentop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/xenstat/xentop/xentop.c +++ b/tools/xenstat/xentop/xentop.c @@ -301,7 +301,7 @@ static void print(const char *fmt, ...) if (!batch) { if((current_row() < lines()-1)) { va_start(args, fmt); - vwprintw(stdscr, (curses_str_t)fmt, args); + vw_printw(stdscr, (curses_str_t)fmt, args); va_end(args); } } else { ++ xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch ++ >From b8f33431f3dd23fb43a879f4bdb4283fdc9465ad Mon Sep 17 00:00:00 2001 From: Christopher Clark Date: Thu, 16 Aug 2018 13:22:41 -0700 Subject: libxl/arm: Fix build on arm64 + acpi w/ gcc 8.2 Add zero-padding to #defined ACPI table strings that are copied. Provides sufficient characters to satisfy the length required to fully populate the destination and prevent array-bounds warnings. Add BUILD_BUG_ON sizeof checks for compile-time length checking. Signed-off-by: Christopher Clark Reviewed-by: Stefano Stabellini Acked-by: Wei Liu --- tools/libxl/libxl_arm_acpi.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_arm_acpi.c b/tools/libxl/libxl_arm_acpi.c index 636f724039..ba874c3d32 100644 --- a/tools/libxl/libxl_arm_acpi.c +++ b/tools/libxl/libxl_arm_acpi.c @@ -48,9 +48,9 @@ extern const unsigned char dsdt_anycpu_arm[]; _hidden extern const int dsdt_anycpu_arm_len; -#define ACPI_OEM_ID "Xen" -#define ACPI_OEM_TABLE_ID "ARM" -#define ACPI_ASL_COMPILER_ID "XL" +#define ACPI_OEM_ID "Xen\0\0" +#define ACPI_OEM_TABLE_ID "ARM\0\0\0\0" +#define ACPI_ASL_COMPILER_ID "XL\0" enum { RSDP,
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-09-18 11:39:08 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Sep 18 11:39:08 2018 rev:254 rq:635194 version:4.11.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-09-05 13:43:49.845806306 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-09-18 11:39:18.528170496 +0200 @@ -1,0 +2,38 @@ +Tue Sep 11 13:29:58 MDT 2018 - carn...@suse.com + +- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is + apparently broken + 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch + 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch + 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch + +--- +Tue Sep 11 07:47:57 MDT 2018 - carn...@suse.com + +- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by + d_materialise_unique() + 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch + 5b9784d2-x86-HVM-add-known_gla-helper.patch + 5b9784f2-x86-HVM-split-page-straddling-accesses.patch +- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: + oxenstored does not apply quota-maxentity (XSA-272) + 5b72fbbe-oxenstored-eval-order.patch +- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of + v2 grant tables may cause crash on ARM (XSA-268) + 5b72fbbe-ARM-disable-grant-table-v2.patch +- Upstream patches from Jan (bsc#1027519) + 5b6d84ac-x86-fix-improve-vlapic-read-write.patch + 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch + 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch + 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch + 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch + 5b8d5832-x86-assorted-array_index_nospec-insertions.patch +- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch + +--- +Tue Aug 28 16:07:52 MDT 2018 - carn...@suse.com + +- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed + xen.spec + +--- @@ -14,2 +52,2 @@ -- bsc#1103276 - VUL-0: xen: x86: Incorrect MSR_DEBUGCTL handling - lets guests enable BTS (XSA-269) +- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect + MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) Old: 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch New: 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b72fbbe-ARM-disable-grant-table-v2.patch 5b72fbbe-oxenstored-eval-order.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.RbomEQ/_old 2018-09-18 11:39:20.212168719 +0200 +++ /var/tmp/diff_new_pack.RbomEQ/_new 2018-09-18 11:39:20.216168715 +0200 @@ -83,6 +83,7 @@ BuildRequires: glib2-devel BuildRequires: libaio-devel BuildRequires: libbz2-devel +BuildRequires: libnl3-devel BuildRequires: libpixman-1-0-devel BuildRequires: libuuid-devel BuildRequires: libxml2-devel @@ -126,7 +127,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.11.0_04 +Version:4.11.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -188,19 +189,32 @@ Patch25:5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch Patch26: 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch Patch27:5b62ca93-VMX-avoid-hitting-BUG_ON.patch -Patch28:5b6d8ce2-x86-XPTI-parsing.patch -Patch29: 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch -Patch30: 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch -Patch31: 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch -Patch32: 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch -Patch33:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-07-10 16:13:22 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Jul 10 16:13:22 2018 rev:251 rq:621168 version:4.10.1_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-07-02 23:30:44.733450521 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-07-10 16:13:26.385722044 +0200 @@ -1,0 +2,8 @@ +Wed Jul 4 15:46:01 UTC 2018 - tr...@suse.de + +- Submit upstream patch libacpi: fixes for iasl >= 20180427 + git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 +A xen_fix_build_with_acpica_20180427_and_new_packages.patch + This is needed for acpica package to get updated in our build service + +--- New: xen_fix_build_with_acpica_20180427_and_new_packages.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.QvyWhs/_old 2018-07-10 16:13:28.417718878 +0200 +++ /var/tmp/diff_new_pack.QvyWhs/_new 2018-07-10 16:13:28.417718878 +0200 @@ -195,6 +195,7 @@ Patch32:5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch Patch33: 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch Patch34:5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch +Patch35:xen_fix_build_with_acpica_20180427_and_new_packages.patch # XPTI speedup Patch51:5aec7393-1-x86-xpti-avoid-copy.patch Patch52:5aec7393-2-x86-xpti-write-cr3.patch @@ -465,6 +466,7 @@ %patch32 -p1 %patch33 -p1 %patch34 -p1 +%patch35 -p1 %patch51 -p1 %patch52 -p1 %patch53 -p1 ++ xen_fix_build_with_acpica_20180427_and_new_packages.patch ++ From: Roger Pau Monné Subject: libacpi: fixes for iasl >= 20180427 References: fix builds with latest acpica package Patch-Mainline: 4.11.0-rc4^0 Git-commit: 858dbaaeda33b05c1ac80aea0ba9a03924e09005 Git-repo: git://xenbits.xen.org/xen.git New versions of iasl have introduced improved C file generation, as reported in the changelog: iASL: Enhanced the -tc option (which creates an AML hex file in C, suitable for import into a firmware project): 1) Create a unique name for the table, to simplify use of multiple SSDTs. 2) Add a protection #ifdef in the file, similar to a .h header file. The net effect of that on generated files is: -unsigned char AmlCode[] = +#ifndef __SSDT_S4_HEX__ +#define __SSDT_S4_HEX__ + +unsigned char ssdt_s4_aml_code[] = The above example is from ssdt_s4.asl. Fix the build with newer versions of iasl by stripping the '_aml_code' suffix from the variable name on generated files. Signed-off-by: Roger Pau Monné Reviewed-by: Wei Liu Acked-by: Andrew Cooper Release-acked-by: Juergen Gross Signed-off-by: Thomas Renninger diff --git a/tools/libacpi/Makefile b/tools/libacpi/Makefile index a47a658..c17f392 100644 --- a/tools/libacpi/Makefile +++ b/tools/libacpi/Makefile @@ -43,7 +43,7 @@ all: $(C_SRC) $(H_SRC) $(H_SRC): $(ACPI_BUILD_DIR)/%.h: %.asl iasl iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $< - sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex >$@ + sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex >$@ rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) $(MK_DSDT): mk_dsdt.c @@ -76,7 +76,7 @@ $(ACPI_BUILD_DIR)/dsdt_anycpu_arm.asl: $(MK_DSDT) $(C_SRC): $(ACPI_BUILD_DIR)/%.c: iasl $(ACPI_BUILD_DIR)/%.asl iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $(ACPI_BUILD_DIR)/$*.asl - sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) + sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) echo "int $*_len=sizeof($*);" >> $@.$(TMP_SUFFIX) mv -f $@.$(TMP_SUFFIX) $@ rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex)
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-07-02 23:30:29 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Mon Jul 2 23:30:29 2018 rev:250 rq:619824 version:4.10.1_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-06-08 23:08:45.490595786 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-07-02 23:30:44.733450521 +0200 @@ -1,0 +2,62 @@ +Fri Jun 29 08:35:34 MDT 2018 - carn...@suse.com + +- Upstream patches from Jan (bsc#1027519) + 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) + 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) + 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) + 5b0bc9da-x86-XPTI-fix-S3-resume.patch + 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x8008.patch + 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch + 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch + 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch + 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch + 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) + 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) + 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch + 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch + 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch + 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) + 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) + 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) + 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) + 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch + 5b348954-x86-guard-against-NM.patch + +--- +Mon Jun 25 09:50:31 UTC 2018 - oher...@suse.de + +- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch + +--- +Mon Jun 25 09:44:25 UTC 2018 - oher...@suse.de + +- bsc#1098403 - fix regression introduced by changes for bsc#1079730 + a PV domU without qcow2 and/or vfb has no qemu attached. + Ignore QMP errors for PV domUs to handle PV domUs with and without + an attached qemu-xen. + xen.bug1079730.patch + +--- +Mon Jun 18 14:57:06 MDT 2018 - carn...@suse.com + +- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks + bypassed in x86 PV MM handling (XSA-264) + xsa264.patch +- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception + safety check can be triggered by a guest (XSA-265) + xsa265.patch +- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour + readonly flag on HVM emulated SCSI disks (XSA-266) + xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch + xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch + +--- +Wed Jun 13 14:20:14 MDT 2018 - carn...@suse.com + +- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore + (XSA-267) + xsa267-1.patch + xsa267-2.patch + +--- @@ -11 +73 @@ - Bypass aka "Memory Disambiguation" + Bypass aka "Memory Disambiguation" (XSA-263) @@ -31 +93 @@ -- always call qemus xen-save-devices-state in suspend/resume to +- Always call qemus xen-save-devices-state in suspend/resume to @@ -39,0 +102,3 @@ +- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 + 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch + 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch @@ -48,2 +112,0 @@ - 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch - 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch Old: Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch New: 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x8008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-06-08 23:08:33 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Jun 8 23:08:33 2018 rev:249 rq:613995 version:4.10.1_02 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-05-25 21:36:12.634366084 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-06-08 23:08:45.490595786 +0200 @@ -1,0 +2,6 @@ +Fri Jun 1 10:27:44 MDT 2018 - carn...@suse.com + +- bsc#1092543 - GCC 8: xen build fails + gcc8-fix-warning-on-i586.patch + +--- New: gcc8-fix-warning-on-i586.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.rjpk1P/_old 2018-06-08 23:08:48.338492972 +0200 +++ /var/tmp/diff_new_pack.rjpk1P/_new 2018-06-08 23:08:48.374491672 +0200 @@ -129,7 +129,7 @@ Version:4.10.1_02 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) -License:GPL-2.0 +License:GPL-2.0-only Group: System/Kernel Source0:xen-4.10.1-testing-src.tar.bz2 Source1:stubdom.tar.bz2 @@ -231,6 +231,7 @@ Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch Patch424: gcc8-inlining-failed.patch +Patch425: gcc8-fix-warning-on-i586.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch @@ -480,6 +481,7 @@ %patch422 -p1 %patch423 -p1 %patch424 -p1 +%patch425 -p1 # Other bug fixes or features %patch451 -p1 %patch452 -p1 ++ gcc8-fix-warning-on-i586.patch ++ >From bc2c1eab55a34acc054ec6dbeb0184a599323478 Mon Sep 17 00:00:00 2001 From: marxin Date: Fri, 1 Jun 2018 13:29:59 +0200 Subject: [PATCH] Fix GCC 8 warning on i586: xenpmd.c: In function 'write_battery_info_to_xenstore': xenpmd.c:354:23: error: '%02x' directive output may be truncated writing between 2 and 8 bytes into a region of size 3 [-Werror=format-truncation=] snprintf(val, 3, "%02x", ^~~~ xenpmd.c:354:22: note: directive argument in the range [40, 2147483778] snprintf(val, 3, "%02x", ^~ In file included from /usr/include/stdio.h:862, from xenpmd.c:35: /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 3 and 9 bytes into a destination of size 3 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~ __bos (__s), __fmt, __va_arg_pack ()); ~ --- tools/xenpmd/xenpmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/xenpmd/xenpmd.c b/tools/xenpmd/xenpmd.c index 56412a9a81..e49de1aee6 100644 --- a/tools/xenpmd/xenpmd.c +++ b/tools/xenpmd/xenpmd.c @@ -356,7 +356,7 @@ void write_battery_info_to_xenstore(struct battery_info *info) strlen(info->model_number) + strlen(info->serial_number) + strlen(info->battery_type) + -strlen(info->oem_info) + 4)); +strlen(info->oem_info) + 4) & 0xff); write_ulong_lsb_first(val+2, info->present); write_ulong_lsb_first(val+10, info->design_capacity); write_ulong_lsb_first(val+18, info->last_full_capacity); -- 2.17.0
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-05-13 15:55:00 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Sun May 13 15:55:00 2018 rev:247 rq:605943 version:4.10.0_20 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-04-27 16:00:39.633358022 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-05-13 15:55:05.864152498 +0200 @@ -1,0 +2,29 @@ +Wed May 9 08:32:42 MDT 2018 - carn...@suse.com + +- bsc#1092543 - GCC 8: xen build fails + 5ac72a48-gcc8.patch + 5ac72a5f-gcc8.patch + 5ac72a64-gcc8.patch + 5ac72a69-gcc8.patch + 5ac72a6e-gcc8.patch + 5ac72a74-gcc8.patch + 5ac72a7b-gcc8.patch + gcc8-inlining-failed.patch + +--- +Wed Apr 25 09:45:03 MDT 2018 - carn...@suse.com + +- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of + debug exceptions (XSA-260) + xsa260-1.patch + xsa260-2.patch + xsa260-3.patch + xsa260-4.patch +- bsc#1090822 - VUL-0: xen: x86 vHPET interrupt injection errors + (XSA-261) + xsa261.patch +- bsc#1090823 - VUL-0: xen: qemu may drive Xen into unbounded loop + (XSA-262) + xsa262.patch + +--- @@ -4,2 +33,2 @@ -- bsc#1089152 - VUL-0: xen: Information leak via crafted - user-supplied CDROM (XSA-258) +- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via + crafted user-supplied CDROM (XSA-258) @@ -7,2 +36,2 @@ -- bsc#1089635 - VUL-0: xen: x86: PV guest may crash Xen with XPTI - (XSA-259) +- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash + Xen with XPTI (XSA-259) New: 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch gcc8-inlining-failed.patch xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch xsa261.patch xsa262.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.lVeVER/_old 2018-05-13 15:55:08.912041275 +0200 +++ /var/tmp/diff_new_pack.lVeVER/_new 2018-05-13 15:55:08.912041275 +0200 @@ -126,7 +126,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_18 +Version:4.10.0_20 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -224,8 +224,21 @@ Patch61:5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch Patch62:5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch Patch63:5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch +Patch64:5ac72a48-gcc8.patch +Patch65:5ac72a5f-gcc8.patch +Patch66:5ac72a64-gcc8.patch +Patch67:5ac72a69-gcc8.patch +Patch68:5ac72a6e-gcc8.patch +Patch69:5ac72a74-gcc8.patch +Patch70:5ac72a7b-gcc8.patch Patch258: xsa258.patch Patch259: xsa259.patch +Patch26001: xsa260-1.patch +Patch26002: xsa260-2.patch +Patch26003: xsa260-3.patch +Patch26004: xsa260-4.patch +Patch261: xsa261.patch +Patch262: xsa262.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -239,6 +252,7 @@ Patch421: xenpaging.doc.patch Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch +Patch424: gcc8-inlining-failed.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch @@ -479,8 +493,21 @@ %patch61 -p1 %patch62 -p1 %patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 %patch258 -p1 %patch259 -p1 +%patch26001 -p1 +%patch26002 -p1 +%patch26003 -p1 +%patch26004 -p1 +%patch261 -p1 +%patch262 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -494,6 +521,7 @@ %patch421 -p1 %patch422 -p1 %patch423 -p1 +%patch424 -p1 # Other bug fixes or features %patch451 -p1 %patch452 -p1 ++ 5ac72a48-gcc8.patch ++ Subject: tools/libxc: fix strncpy size From: Marek Marczykowski-Górecki marma...@invisiblethingslab.com Thu Apr 5 03:50:49 2018 +0200 Date: Fri Apr 6 09:05:28 2018 +0100: Git: fa7789ef18bd2e716997937af71b2e4b5b00a159 gcc-8 warns about possible truncation of trailing '\0'. Final character is overridden by '\0' anyway, so don't bother to copy it. This fixes compile failure: xc_pm.c: In function 'xc_set_cpufreq_gov': xc_pm.c:308:5: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation] strncpy(scaling_governor, govname,
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-04-27 16:00:36 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Apr 27 16:00:36 2018 rev:246 rq:601072 version:4.10.0_18 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-03-30 12:00:43.480265750 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-04-27 16:00:39.633358022 +0200 @@ -1,0 +2,16 @@ +Mon Apr 16 14:03:24 MDT 2018 - carn...@suse.com + +- bsc#1089152 - VUL-0: xen: Information leak via crafted + user-supplied CDROM (XSA-258) + xsa258.patch +- bsc#1089635 - VUL-0: xen: x86: PV guest may crash Xen with XPTI + (XSA-259) + xsa259.patch + +--- +Wed Mar 28 08:28:59 UTC 2018 - oher...@suse.de + +- Preserve xen-syms from xen-dbg.gz to allow processing vmcores + with crash(1) (bsc#1087251) + +--- New: xsa258.patch xsa259.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.bxKPP6/_old 2018-04-27 16:00:46.281114042 +0200 +++ /var/tmp/diff_new_pack.bxKPP6/_new 2018-04-27 16:00:46.289113748 +0200 @@ -126,7 +126,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_16 +Version:4.10.0_18 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -224,6 +224,8 @@ Patch61:5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch Patch62:5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch Patch63:5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch +Patch258: xsa258.patch +Patch259: xsa259.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -477,6 +479,8 @@ %patch61 -p1 %patch62 -p1 %patch63 -p1 +%patch258 -p1 +%patch259 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -815,6 +819,8 @@ find $RPM_BUILD_ROOT/boot -ls if [ -n "$1" ]; then ext="-$1" +mv $RPM_BUILD_ROOT/boot/xen-syms-${XEN_FULLVERSION} \ + $RPM_BUILD_ROOT/boot/xen-syms${ext}-${XEN_FULLVERSION} mv $RPM_BUILD_ROOT/boot/xen-${XEN_FULLVERSION}%{xen_install_suffix} \ $RPM_BUILD_ROOT/boot/xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} if test -d $RPM_BUILD_ROOT%{_libdir}/efi; then ++ libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch ++ --- /var/tmp/diff_new_pack.bxKPP6/_old 2018-04-27 16:00:47.845056643 +0200 +++ /var/tmp/diff_new_pack.bxKPP6/_new 2018-04-27 16:00:47.849056497 +0200 @@ -87,7 +87,7 @@ === --- xen-4.10.0-testing.orig/tools/libxl/libxl_dm.c +++ xen-4.10.0-testing/tools/libxl/libxl_dm.c -@@ -805,6 +805,19 @@ enum { +@@ -792,6 +792,19 @@ enum { LIBXL__COLO_SECONDARY, }; @@ -107,7 +107,7 @@ static char *qemu_disk_scsi_drive_string(libxl__gc *gc, const char *target_path, int unit, const char *format, const libxl_device_disk *disk, -@@ -818,8 +831,8 @@ static char *qemu_disk_scsi_drive_string +@@ -805,8 +818,8 @@ static char *qemu_disk_scsi_drive_string switch (colo_mode) { case LIBXL__COLO_NONE: drive = libxl__sprintf @@ -118,7 +118,7 @@ break; case LIBXL__COLO_PRIMARY: /* -@@ -832,13 +845,15 @@ static char *qemu_disk_scsi_drive_string +@@ -819,13 +832,15 @@ static char *qemu_disk_scsi_drive_string * vote-threshold=1 */ drive = GCSPRINTF( @@ -136,7 +136,7 @@ break; case LIBXL__COLO_SECONDARY: /* -@@ -852,7 +867,7 @@ static char *qemu_disk_scsi_drive_string +@@ -839,7 +854,7 @@ static char *qemu_disk_scsi_drive_string * file.backing.backing=exportname, */ drive = GCSPRINTF( @@ -145,7 +145,7 @@ "driver=replication," "mode=secondary," "top-id=top-colo," -@@ -861,7 +876,9 @@ static char *qemu_disk_scsi_drive_string +@@ -848,7 +863,9 @@ static char *qemu_disk_scsi_drive_string "file.backing.driver=qcow2," "file.backing.file.filename=%s," "file.backing.backing=%s", @@ -156,7 +156,7 @@ break; default: abort(); -@@ -883,8 +900,8 @@ static char *qemu_disk_ide_drive_string( +@@ -870,8 +887,8 @@ static char *qemu_disk_ide_drive_string( switch (colo_mode) { case LIBXL__COLO_NONE: drive =
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-03-30 12:00:34 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Mar 30 12:00:34 2018 rev:245 rq:591751 version:4.10.0_16 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-03-20 21:50:48.542316318 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-03-30 12:00:43.480265750 +0200 @@ -1,0 +2,12 @@ +Mon Mar 26 08:20:45 MDT 2018 - carn...@suse.com + +- Upstream patches from Jan (bsc#1027519) and fixes related to + Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 + 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch + 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch + 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch + 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch + 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch + 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch + +--- New: 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.XjVnAv/_old 2018-03-30 12:00:46.148169274 +0200 +++ /var/tmp/diff_new_pack.XjVnAv/_new 2018-03-30 12:00:46.152169129 +0200 @@ -126,7 +126,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_14 +Version:4.10.0_16 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -211,13 +211,19 @@ Patch48: 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch Patch49:5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch Patch50:5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch -Patch51:5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch -Patch52:5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch -Patch53:5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch -Patch54:5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch -Patch55:5a955800-gnttab-dont-free-status-pages-on-ver-change.patch -Patch56:5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch -Patch57: 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch +Patch51:5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch +Patch52:5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch +Patch53:5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch +Patch54:5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch +Patch55:5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch +Patch56:5a955800-gnttab-dont-free-status-pages-on-ver-change.patch +Patch57:5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch +Patch58: 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch +Patch59:5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch +Patch60:5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch +Patch61:5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch +Patch62:5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch +Patch63:5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -465,6 +471,12 @@ %patch55 -p1 %patch56 -p1 %patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 ++ 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch ++ # Commit 422588e88511d17984544c0f017a927de3315290 # Date 2018-02-15 11:08:27 + # Author Andrew Cooper# Committer Andrew Cooper x86/xpti: Hide almost all of .text and all .data/.rodata/.bss mappings The current XPTI implementation isolates the directmap (and therefore a lot of guest data), but a large quantity of CPU0's state (including its stack) remains visible. Furthermore, an attacker able to read .text is in a vastly superior position to normal when it comes to fingerprinting Xen for known vulnerabilities, or scanning for ROP/Spectre gadgets. Collect together the entrypoints in
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-03-20 21:50:37 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Mar 20 21:50:37 2018 rev:244 rq:586076 version:4.10.0_14 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-03-01 12:02:21.481832679 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-03-20 21:50:48.542316318 +0100 @@ -1,0 +2,24 @@ +Thu Mar 1 09:36:03 MST 2018 - carn...@suse.com + +- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from + 0xc90 at rIP: 0x93061456 (native_read_msr+0x6/0x30) + 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch +- Upstream patches from Jan (bsc#1027519) + 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch + 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch + 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch + 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch + 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch + 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch + 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch + 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) + 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) + 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) + 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) +- Drop + xsa252.patch + xsa255-1.patch + xsa255-2.patch + xsa256.patch + +--- @@ -4,2 +28,2 @@ -- bsc#1080635 - VUL-0: xen: DoS via non-preemptable L3/L4 pagetable - freeing (XSA-252) +- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable + L3/L4 pagetable freeing (XSA-252) @@ -7,2 +31,2 @@ -- bsc#1080662 - VUL-0: xen: grant table v2 -> v1 transition may - crash Xen (XSA-255) +- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 + transition may crash Xen (XSA-255) @@ -11,2 +35,2 @@ -- bsc#1080634 - VUL-0: xen: x86 PVH guest without LAPIC may DoS the - host (XSA-256) +- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without + LAPIC may DoS the host (XSA-256) @@ -56,2 +80,3 @@ -- bsc#1074562 - VUL-0: xen: Information leak via side effects of - speculative execution (XSA-254). Includes Spectre v2 mitigation. +- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 + xen: Information leak via side effects of speculative execution + (XSA-254). Includes Spectre v2 mitigation. Old: xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch New: 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.FoVs26/_old 2018-03-20 21:50:50.858232921 +0100 +++ /var/tmp/diff_new_pack.FoVs26/_new 2018-03-20 21:50:50.862232777 +0100 @@ -126,7 +126,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_13 +Version:4.10.0_14 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -206,10 +206,18 @@ Patch43:5a6b36cd-9-x86-issue-speculation-barrier.patch Patch44:5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch Patch45:5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch -Patch252: xsa252.patch -Patch25501: xsa255-1.patch -Patch25502: xsa255-2.patch -Patch256: xsa256.patch +Patch46:5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch +Patch47:5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch +Patch48: 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch +Patch49:5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch +Patch50:5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch +Patch51:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-03-01 12:02:20 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Mar 1 12:02:20 2018 rev:243 rq:580646 version:4.10.0_13 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-02-18 11:38:14.490480633 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-03-01 12:02:21.481832679 +0100 @@ -1,0 +2,36 @@ +Mon Feb 12 13:26:38 MST 2018 - carn...@suse.com + +- bsc#1080635 - VUL-0: xen: DoS via non-preemptable L3/L4 pagetable + freeing (XSA-252) + xsa252.patch +- bsc#1080662 - VUL-0: xen: grant table v2 -> v1 transition may + crash Xen (XSA-255) + xsa255-1.patch + xsa255-2.patch +- bsc#1080634 - VUL-0: xen: x86 PVH guest without LAPIC may DoS the + host (XSA-256) + xsa256.patch + +--- +Fri Feb 9 12:59:12 UTC 2018 - oher...@suse.de + +- Remove stale systemd presets code for 13.2 and older + +--- +Fri Feb 9 12:31:33 UTC 2018 - oher...@suse.de + +- fate#324965 - add script, udev rule and systemd service to watch + for vcpu online/offline events in a HVM domU + They are triggered via xl vcpu-set domU N + +--- +Fri Feb 9 10:23:15 UTC 2018 - oher...@suse.de + +- Replace hardcoded xen with Name tag when refering to subpkgs + +--- +Fri Feb 9 10:19:49 UTC 2018 - oher...@suse.de + +- Make sure tools and tools-domU require libs from the very same build + +--- New: xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.BKiFK0/_old 2018-03-01 12:02:27.993599148 +0100 +++ /var/tmp/diff_new_pack.BKiFK0/_new 2018-03-01 12:02:27.997599005 +0100 @@ -14,10 +14,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - # needssslcertforbuild + #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates @@ -60,10 +59,6 @@ %define with_gcc47 0 %define with_gcc48 0 %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services -%define include_systemd_preset 0 -%if 0%{?suse_version} <= 1320 && 0%{?sle_version} < 120300 -%define include_systemd_preset 1 -%endif %systemd_requires BuildRequires: systemd-devel %define with_systemd_modules_load %{_prefix}/lib/modules-load.d @@ -131,7 +126,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_12 +Version:4.10.0_13 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -211,6 +206,10 @@ Patch43:5a6b36cd-9-x86-issue-speculation-barrier.patch Patch44:5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch Patch45:5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch +Patch252: xsa252.patch +Patch25501: xsa255-1.patch +Patch25502: xsa255-2.patch +Patch256: xsa256.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -308,11 +307,11 @@ %ifarch %arm aarch64 Requires: qemu-arm %endif +Requires: %{name}-libs = %{version}-%{release} Requires: multipath-tools Requires: python3 Requires: python3-curses Requires: qemu-seabios -Requires: xen-libs = %{version} # subpackage existed in 10.3 Provides: xen-tools-ioemu = %{version} Obsoletes: xen-tools-ioemu < %{version} @@ -340,7 +339,8 @@ %package tools-domU Summary:Xen Virtualization: Control tools for domain U Group: System/Kernel -Conflicts: xen-tools +Conflicts: %{name}-tools +Requires: %{name}-libs = %{version}-%{release} %description tools-domU Xen is a virtual machine monitor for x86 that supports execution of @@ -359,8 +359,8 @@ %package devel Summary:Xen Virtualization: Headers and libraries for development Group: System/Kernel +Requires: %{name}-libs = %{version} Requires: libuuid-devel -Requires: xen-libs = %{version} %description devel Xen is a virtual machine monitor for x86 that supports execution of @@ -445,6 +445,10 @@ %patch43 -p1 %patch44 -p1 %patch45 -p1 +%patch252 -p1 +%patch25501 -p1 +%patch25502 -p1 +%patch256 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -609,8 +613,77 @@ mv -v $i
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-01-28 20:30:02 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Sun Jan 28 20:30:02 2018 rev:241 rq:570273 version:4.10.0_10 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-01-16 09:26:32.530130432 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-01-28 20:30:07.204147627 +0100 @@ -1,0 +2,7 @@ +Fri Jan 26 14:40:14 MST 2018 - carn...@suse.com + +- Fix python3 deprecated atoi call (bsc#1067224) + pygrub-python3-conversion.patch +- Drop xenmon-python3-conversion.patch + +--- Old: xenmon-python3-conversion.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.ExAt3J/_old 2018-01-28 20:30:11.231959488 +0100 +++ /var/tmp/diff_new_pack.ExAt3J/_new 2018-01-28 20:30:11.235959301 +0100 @@ -207,9 +207,8 @@ # python3 conversion patches Patch500: build-python3-conversion.patch Patch501: pygrub-python3-conversion.patch -Patch502: xenmon-python3-conversion.patch -Patch503: migration-python3-conversion.patch -Patch504: bin-python3-conversion.patch +Patch502: migration-python3-conversion.patch +Patch503: bin-python3-conversion.patch # Hypervisor and PV driver Patches Patch601: x86-ioapic-ack-default.patch Patch602: x86-cpufreq-report.patch @@ -405,7 +404,6 @@ %patch501 -p1 %patch502 -p1 %patch503 -p1 -%patch504 -p1 # Hypervisor and PV driver Patches %patch601 -p1 %patch602 -p1 ++ bin-python3-conversion.patch ++ --- /var/tmp/diff_new_pack.ExAt3J/_old 2018-01-28 20:30:11.375952762 +0100 +++ /var/tmp/diff_new_pack.ExAt3J/_new 2018-01-28 20:30:11.375952762 +0100 @@ -526,6 +526,36 @@ sys.exit(e.code) except KeyboardInterrupt: sys.exit(2) +Index: xen-4.10.0-testing/tools/xenmon/xenmon.py +=== +--- xen-4.10.0-testing.orig/tools/xenmon/xenmon.py xen-4.10.0-testing/tools/xenmon/xenmon.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + # + # xenmon is a front-end for xenbaked. +@@ -248,8 +248,8 @@ def display(scr, row, col, str, attr=0): + scr.keypad(0) + _c.echo() + _c.endwin() +-print "Your terminal screen is not big enough; Please resize it." +-print "row=%d, col=%d, str='%s'" % (row, col, str) ++print("Your terminal screen is not big enough; Please resize it.") ++print("row=%d, col=%d, str='%s'" % (row, col, str)) + sys.exit(1) + + +@@ -704,7 +704,7 @@ def main(): + try: + writelog() + except: +-print 'Quitting.' ++print('Quitting.') + stop_xenbaked() + + if __name__ == "__main__": Index: xen-4.10.0-testing/tools/xentrace/xentrace_format === --- xen-4.10.0-testing.orig/tools/xentrace/xentrace_format ++ libxl.pvscsi.patch ++ --- /var/tmp/diff_new_pack.ExAt3J/_old 2018-01-28 20:30:11.543944915 +0100 +++ /var/tmp/diff_new_pack.ExAt3J/_new 2018-01-28 20:30:11.547944728 +0100 @@ -154,7 +154,7 @@ === --- xen-4.10.0-testing.orig/tools/libxl/libxl.h +++ xen-4.10.0-testing/tools/libxl/libxl.h -@@ -1010,6 +1010,13 @@ void libxl_mac_copy(libxl_ctx *ctx, libx +@@ -1013,6 +1013,13 @@ void libxl_mac_copy(libxl_ctx *ctx, libx #define LIBXL_HAVE_PCITOPOLOGY 1 /* @@ -168,7 +168,7 @@ * LIBXL_HAVE_SOCKET_BITMAP * * If this is defined, then libxl_socket_bitmap_alloc and -@@ -1917,6 +1924,41 @@ int libxl_device_channel_getinfo(libxl_c +@@ -1920,6 +1927,41 @@ int libxl_device_channel_getinfo(libxl_c libxl_device_channel *channel, libxl_channelinfo *channelinfo); ++ libxl.set-migration-constraints-from-cmdline.patch ++ --- /var/tmp/diff_new_pack.ExAt3J/_old 2018-01-28 20:30:11.559944167 +0100 +++ /var/tmp/diff_new_pack.ExAt3J/_new 2018-01-28 20:30:11.559944167 +0100 @@ -300,7 +300,7 @@ === --- xen-4.10.0-testing.orig/tools/libxl/libxl.h +++ xen-4.10.0-testing/tools/libxl/libxl.h -@@ -1467,8 +1467,23 @@ int libxl_domain_suspend(libxl_ctx *ctx, +@@ -1470,8 +1470,23 @@ int libxl_domain_suspend(libxl_ctx *ctx, int flags, /* LIBXL_SUSPEND_* */ const libxl_asyncop_how *ao_how)
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-01-16 09:26:26 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Jan 16 09:26:26 2018 rev:240 rq:563452 version:4.10.0_10 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-12-21 11:28:13.434825013 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-01-16 09:26:32.530130432 +0100 @@ -1,0 +2,33 @@ +Wed Jan 10 11:12:07 UTC 2018 - oher...@suse.de + +- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, + depending on the libxl disk settings + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch + +--- +Mon Jan 8 08:15:11 UTC 2018 - oher...@suse.de + +- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch + +--- +Fri Jan 5 13:45:40 MST 2018 - carn...@suse.com + +- bsc#1067224 - xen-tools have hard dependency on Python 2 + build-python3-conversion.patch + bin-python3-conversion.patch + +--- +Wed Dec 20 09:57:09 MST 2017 - carn...@suse.com + +- bsc#1070165 - xen crashes after aborted localhost migration + 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch +- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: + libxl__devices_destroy failed + 5a33a12f-domctl-improve-locking-during-domain-destruction.patch +- Upstream patches from Jan (bsc#1027519) + 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch + 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch + 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch + 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch + +--- Old: libxl.LIBXL_DESTROY_TIMEOUT.debug.patch New: 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch 5a33a12f-domctl-improve-locking-during-domain-destruction.patch bin-python3-conversion.patch build-python3-conversion.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.pxkMaJ/_old 2018-01-16 09:26:34.998014970 +0100 +++ /var/tmp/diff_new_pack.pxkMaJ/_new 2018-01-16 09:26:35.006014596 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -111,7 +111,7 @@ %endif BuildRequires: acpica BuildRequires: openssl-devel -BuildRequires: python-devel +BuildRequires: python3-devel BuildRequires: systemd BuildRequires: xz-devel %ifarch x86_64 @@ -131,7 +131,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_08 +Version:4.10.0_10 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -166,6 +166,12 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch +Patch2: 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch +Patch3: 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch +Patch4: 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch +Patch5: 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch +Patch6: 5a33a12f-domctl-improve-locking-during-domain-destruction.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -198,11 +204,12 @@ Patch466: libxl.set-migration-constraints-from-cmdline.patch Patch467: xenstore-run-in-studomain.patch Patch468: libxl.LIBXL_DESTROY_TIMEOUT.patch -Patch469: libxl.LIBXL_DESTROY_TIMEOUT.debug.patch # python3 conversion patches -Patch500: pygrub-python3-conversion.patch -Patch501: xenmon-python3-conversion.patch -Patch502: migration-python3-conversion.patch +Patch500: build-python3-conversion.patch +Patch501: pygrub-python3-conversion.patch +Patch502: xenmon-python3-conversion.patch +Patch503: migration-python3-conversion.patch +Patch504: bin-python3-conversion.patch # Hypervisor and PV driver
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-12-21 11:28:01 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Dec 21 11:28:01 2017 rev:239 rq:558584 version:4.10.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-12-12 21:17:10.459213262 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-12-21 11:28:13.434825013 +0100 @@ -1,0 +2,17 @@ +Wed Dec 13 08:43:00 MST 2017 - carn...@suse.com + +- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +--- +Mon Dec 11 12:07:30 UTC 2017 - oher...@suse.de + +- Rebuild initrd if xen-tools-domU is updated + +--- +Tue Dec 5 08:38:58 MST 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.3TcXME/_old 2017-12-21 11:28:14.902753437 +0100 +++ /var/tmp/diff_new_pack.3TcXME/_new 2017-12-21 11:28:14.906753242 +0100 @@ -15,8 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# needssslcertforbuild +# needssslcertforbuild #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} @@ -131,7 +131,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_06 +Version:4.10.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -980,6 +980,9 @@ # with_dom0_support %endif +%posttrans -n %{name}-tools-domU +%{?regenerate_initrd_posttrans} + %files tools-domU %defattr(-,root,root) %ifarch %ix86 x86_64 ++ ipxe.tar.bz2 ++ ++ stubdom.tar.bz2 ++ /work/SRC/openSUSE:Factory/xen/stubdom.tar.bz2 /work/SRC/openSUSE:Factory/.xen.new/stubdom.tar.bz2 differ: char 11, line 1 ++ xen-4.10.0-testing-src.tar.bz2 ++ /work/SRC/openSUSE:Factory/xen/xen-4.10.0-testing-src.tar.bz2 /work/SRC/openSUSE:Factory/.xen.new/xen-4.10.0-testing-src.tar.bz2 differ: char 11, line 1
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-12-12 21:17:02 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Dec 12 21:17:02 2017 rev:238 rq:554618 version:4.10.0_06 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-11-30 12:41:33.874266405 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-12-12 21:17:10.459213262 +0100 @@ -1,0 +2,16 @@ +Tue Nov 28 10:14:56 UTC 2017 - oher...@suse.de + +- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds + If many domUs shutdown in parallel the backends can not keep up + Add some debug output to track how long backend shutdown takes (bsc#1035442) + libxl.LIBXL_DESTROY_TIMEOUT.patch + libxl.LIBXL_DESTROY_TIMEOUT.debug.patch + +--- +Tue Nov 28 10:06:03 UTC 2017 - oher...@suse.de + +- Adjust xenstore-run-in-studomain.patch to change the defaults + in the code instead of changing the sysconfig template, to also + cover the upgrade case + +--- New: libxl.LIBXL_DESTROY_TIMEOUT.debug.patch libxl.LIBXL_DESTROY_TIMEOUT.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.DGCHtT/_old 2017-12-12 21:17:12.255126565 +0100 +++ /var/tmp/diff_new_pack.DGCHtT/_new 2017-12-12 21:17:12.259126372 +0100 @@ -15,9 +15,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild + #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates @@ -131,7 +131,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_03 +Version:4.10.0_06 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -197,6 +197,8 @@ Patch465: xen.libxl.dmmd.patch Patch466: libxl.set-migration-constraints-from-cmdline.patch Patch467: xenstore-run-in-studomain.patch +Patch468: libxl.LIBXL_DESTROY_TIMEOUT.patch +Patch469: libxl.LIBXL_DESTROY_TIMEOUT.debug.patch # python3 conversion patches Patch500: pygrub-python3-conversion.patch Patch501: xenmon-python3-conversion.patch @@ -384,6 +386,8 @@ %patch465 -p1 %patch466 -p1 %patch467 -p1 +%patch468 -p1 +%patch469 -p1 # python3 conversion patches %patch500 -p1 %patch501 -p1 @@ -461,8 +465,8 @@ %if %{with xen_stubdom} configure_flags=--enable-stubdom %else -# pick the default during a fresh install -sed -i~ '/^XENSTORETYPE=domain/d' tools/hotplug/Linux/init.d/sysconfig.xencommons.in +# change the/our default to daemon due to lack of stubdom +sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/' tools/hotplug/Linux/launch-xenstore.in configure_flags=--disable-stubdom %endif configure_flags="${configure_flags} --disable-qemu-traditional" ++ libxl.LIBXL_DESTROY_TIMEOUT.debug.patch ++ bsc#1035442 the default value of LIBXL_DESTROY_TIMEOUT is too low when many domUs shutdown in parallel track how much time passes between triggering XenbusStateClosing and XenbusStateClosed Index: xen-4.10.0-testing/tools/libxl/libxl_event.c === --- xen-4.10.0-testing.orig/tools/libxl/libxl_event.c +++ xen-4.10.0-testing/tools/libxl/libxl_event.c @@ -16,6 +16,7 @@ */ #include +#include #include "libxl_internal.h" @@ -846,6 +847,22 @@ void libxl__ev_evtchn_cancel(libxl__gc * evtchn_check_fd_deregister(gc); } +static void diff_timespec(const struct timespec *old, char *b, size_t s) +{ +struct timespec new, diff; + +if (old->tv_sec == 0 || clock_gettime(CLOCK_MONOTONIC, )) +new = *old; +if ((new.tv_nsec - old->tv_nsec) < 0) { +diff.tv_sec = new.tv_sec - old->tv_sec - 1; +diff.tv_nsec = new.tv_nsec - old->tv_nsec + 10; +} else { +diff.tv_sec = new.tv_sec - old->tv_sec; +diff.tv_nsec = new.tv_nsec - old->tv_nsec; +} +snprintf(b, s, "bug#1035442: %ld.%09lds", (long)diff.tv_sec, diff.tv_nsec); +} + /* * waiting for device state */ @@ -855,27 +872,29 @@ static void devstate_callback(libxl__egc { EGC_GC; libxl__ev_devstate *ds = CONTAINER_OF(xsw, *ds, w); +char b[64]; +diff_timespec(>w.start, b, sizeof(b)); if (rc) { if (rc == ERROR_TIMEDOUT) -LOG(DEBUG, "backend %s wanted state %d "" timed out", ds->w.path, -ds->wanted); +LOG(DEBUG, "backend %s wanted state %d "" timed out (%s)", ds->w.path, +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-11-30 12:41:28 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Nov 30 12:41:28 2017 rev:237 rq:545274 version:4.10.0_03 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-11-03 16:23:00.656227202 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-11-30 12:41:33.874266405 +0100 @@ -1,0 +2,55 @@ +Fri Nov 24 17:28:59 UTC 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 + +--- +Fri Nov 24 13:25:07 UTC 2017 - oher...@suse.de + +- Since xen switched to Kconfig, building a debug hypervisor + was done by default. Adjust make logic to build a non-debug + hypervisor by default, and continue to provide one as xen-dbg.gz + +--- +Fri Nov 24 11:26:45 UTC 2017 - oher...@suse.de + +- fate#316614: set migration constraints from cmdline + fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10 + +--- +Thu Nov 23 15:06:44 UTC 2017 - oher...@suse.de + +- Document the suse-diskcache-disable-flush option in + xl-disk-configuration(5) (bsc#879425,bsc#1067317) + +--- +Thu Nov 23 13:47:42 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- +Thu Nov 16 08:48:07 MST 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- fate#323663 - Run Xenstore in stubdomain + xenstore-run-in-studomain.patch + +--- +Thu Nov 9 15:11:57 MST 2017 - carn...@suse.com + +- bsc#1067224 - xen-tools have hard dependency on Python 2 + pygrub-python3-conversion.patch + xenmon-python3-conversion.patch + migration-python3-conversion.patch + xnloader.py + xen2libvirt.py + +--- +Wed Nov 8 10:47:24 UTC 2017 - oher...@suse.de + +- Remove xendriverdomain.service (bsc#1065185) + Driver domains must be configured manually with custom .service file + +--- @@ -24,2 +78,0 @@ -- Drop until further notice - libxl.set-migration-constraints-from-cmdline.patch New: libxl.set-migration-constraints-from-cmdline.patch migration-python3-conversion.patch pygrub-python3-conversion.patch xenmon-python3-conversion.patch xenstore-run-in-studomain.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.JSV8D9/_old 2017-11-30 12:41:36.366175804 +0100 +++ /var/tmp/diff_new_pack.JSV8D9/_new 2017-11-30 12:41:36.374175513 +0100 @@ -18,6 +18,11 @@ # needssslcertforbuild +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + Name: xen ExclusiveArch: %ix86 x86_64 %arm aarch64 %define changeset 35349 @@ -126,7 +131,7 @@ BuildRequires: pesign-obs-integration %endif -Version:4.10.0_01 +Version:4.10.0_03 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -190,6 +195,12 @@ Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch Patch464: libxl.pvscsi.patch Patch465: xen.libxl.dmmd.patch +Patch466: libxl.set-migration-constraints-from-cmdline.patch +Patch467: xenstore-run-in-studomain.patch +# python3 conversion patches +Patch500: pygrub-python3-conversion.patch +Patch501: xenmon-python3-conversion.patch +Patch502: migration-python3-conversion.patch # Hypervisor and PV driver Patches Patch601: x86-ioapic-ack-default.patch Patch602: x86-cpufreq-report.patch @@ -371,6 +382,12 @@ %patch463 -p1 %patch464 -p1 %patch465 -p1 +%patch466 -p1 +%patch467 -p1 +# python3 conversion patches +%patch500 -p1 +%patch501 -p1 +%patch502 -p1 # Hypervisor and PV driver Patches %patch601 -p1 %patch602 -p1 @@ -444,6 +461,8 @@ %if %{with xen_stubdom} configure_flags=--enable-stubdom %else +# pick the default during a fresh install +sed -i~ '/^XENSTORETYPE=domain/d' tools/hotplug/Linux/init.d/sysconfig.xencommons.in configure_flags=--disable-stubdom %endif configure_flags="${configure_flags}
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-11-03 16:22:52 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Nov 3 16:22:52 2017 rev:236 rq:538517 version:4.10.0_01 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-10-17 01:49:56.645669334 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-11-03 16:23:00.656227202 +0100 @@ -1,0 +2,103 @@ +Thu Nov 2 14:14:02 MDT 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch + +--- +Thu Nov 2 11:36:27 UTC 2017 - oher...@suse.de + +- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187) + +--- +Fri Oct 27 07:48:55 MDT 2017 - carn...@suse.com + +- fate#324052 Support migration of Xen HVM domains larger than 1TB + 59f31268-libxc-remove-stale-error-check-for-domain-size.patch + +--- +Wed Oct 25 16:26:33 MDT 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop until further notice + libxl.set-migration-constraints-from-cmdline.patch + +--- +Mon Oct 16 09:34:23 MDT 2017 - carn...@suse.com + +- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) + xen-4.10.0-testing-src.tar.bz2 +- Drop patches included in new tarball + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch + 59958ebf-gnttab-fix-transitive-grant-handling.patch + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch + gcc7-arm.patch + gcc7-mini-os.patch + +--- +Tue Oct 3 09:03:57 MDT 2017 - carn...@suse.com + +- bsc#1061084 - VUL-0: xen: page type reference leak on x86 + (XSA-242) + xsa242.patch +- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear + shadow mappings with translated guests (XSA-243) + xsa243.patch +- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings + during CPU hotplug (XSA-244) + xsa244.patch + +--- +Mon Oct 2 13:26:08 MDT 2017 - carn...@suse.com + +- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks + (XSA-238) + xsa238.patch +- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O + intercept code (XSA-239) + xsa239.patch +- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable + de-typing (XSA-240) + xsa240-1.patch + xsa240-2.patch +- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type + release race (XSA-241) + xsa241.patch + +--- +Fri Sep 29 10:57:35 MDT 2017 - carn...@suse.com + +- bsc#1061075 - VUL-0: xen: pin count / page reference race in + grant table code (XSA-236) + xsa236.patch +- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 + (XSA-237) + xsa237-1.patch + xsa237-2.patch + xsa237-3.patch + xsa237-4.patch + xsa237-5.patch + +--- Old: 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-10-17 01:49:50 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Tue Oct 17 01:49:50 2017 rev:235 rq:533118 version:4.9.0_50 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-09-22 21:31:58.884976319 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-10-17 01:49:56.645669334 +0200 @@ -1,0 +2,28 @@ +Tue Sep 26 08:44:03 MDT 2017 - carn...@suse.com + +- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter + verification (XSA-231) + 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch +- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) + 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch +- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup + (XSA-233) + 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch +- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for + x86 PV guests (XSA-234) + 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch +- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to + release lock on ARM (XSA-235) + 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch +- Upstream patches from Jan (bsc#1027519) + 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch + 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch + 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch + 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch + 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch + 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch + 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch + 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch +- Dropped gcc7-xen.patch + +--- Old: gcc7-xen.patch New: 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.G7mzgF/_old 2017-10-17 01:49:59.241547713 +0200 +++ /var/tmp/diff_new_pack.G7mzgF/_new 2017-10-17 01:49:59.245547525 +0200 @@ -172,6 +172,19 @@ Patch9: 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch Patch10:59958ebf-gnttab-fix-transitive-grant-handling.patch Patch11: 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch +Patch12:599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch +Patch13: 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch +Patch14: 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch +Patch15:59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch +Patch16: 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch +Patch17:59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch +Patch18:59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch +Patch19:59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch +Patch20:59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch +Patch21:59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch +Patch22:59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch +Patch23:59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch +Patch24: 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -186,8 +199,7 @@ Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch Patch424: gcc7-mini-os.patch -Patch425: gcc7-xen.patch -Patch426: gcc7-arm.patch +Patch425: gcc7-arm.patch # Other bug fixes or features Patch451:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-09-22 21:31:52 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Sep 22 21:31:52 2017 rev:234 rq:527360 version:4.9.0_50 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-08-24 18:21:48.419959788 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-09-22 21:31:58.884976319 +0200 @@ -1,0 +2,56 @@ +Thu Sep 7 04:58:12 MDT 2017 - carn...@suse.com + +- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when + Secure Boot is Enabled + xen.spec + +--- +Tue Sep 5 12:00:59 UTC 2017 - oher...@suse.de + +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + update from v6 to v9 to cover more cases for ballooned domUs + libxc.sr.superpage.patch + +--- +Mon Aug 28 14:51:54 UTC 2017 - oher...@suse.de + +- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen + drop the patch because it is not upstream acceptable + remove xen.suse_vtsc_tolerance.patch + +--- +Sat Aug 26 10:52:46 UTC 2017 - oher...@suse.de + +- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored + after the save using xl stack + libxc.sr.superpage.patch + +--- +Tue Aug 22 13:25:33 UTC 2017 - oher...@suse.de + +- Unignore gcc-PIE + the toolstack disables PIE for firmware builds as needed + +--- +Mon Aug 21 10:42:46 MDT 2017 - carn...@suse.com + +- Upstream patches from Jan (bsc#1027519) + 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch + 596f257e-x86-fix-hvmemul_insn_fetch.patch + 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch + 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch + 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch + 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) + 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) + 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) + 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) + 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) + 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch + +--- +Wed Aug 16 15:03:46 MDT 2017 - carn...@suse.com + +- bsc#1044974 - xen-tools require python-pam + xen.spec + +--- @@ -27,0 +84,7 @@ +Tue Aug 8 08:20:41 MDT 2017 - carn...@suse.com + +- bsc#1052686 - VUL-0: xen: grant_table: possibly premature + clearing of GTF_writing / GTF_reading (XSA-230) + xsa230.patch + +--- @@ -32,0 +96,14 @@ + +--- +Thu Aug 3 11:51:11 MDT 2017 - carn...@suse.com + +- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded + recursion in grant table code (XSA-226) + xsa226-1.patch + xsa226-2.patch +- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege + escalation via map_grant_ref (XSA-227) + xsa227.patch +- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race + conditions with maptrack free list handling (XSA-228) + xsa228.patch Old: xen.suse_vtsc_tolerance.patch New: 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch 59958ebf-gnttab-fix-transitive-grant-handling.patch 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.QNfxlD/_old 2017-09-22 21:32:00.788708337 +0200 +++ /var/tmp/diff_new_pack.QNfxlD/_new 2017-09-22 21:32:00.792707775 +0200 @@ -16,6 +16,8 @@ # +# needssslcertforbuild + Name: xen ExclusiveArch: %ix86 x86_64 %arm aarch64 %define changeset 35349 @@ -68,14 +70,15
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-08-24 18:21:39 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Aug 24 18:21:39 2017 rev:233 rq:516579 version:4.9.0_50 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-07-07 10:15:34.926339844 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-08-24 18:21:48.419959788 +0200 @@ -1,0 +2,143 @@ +Fri Aug 11 16:37:44 MDT 2017 - carn...@suse.com + +- Clean up spec file errors and a few warnings. (bsc#1027519) +- Removed conditional 'with_systemd' and some old deprecated + 'sles_version' checks. + xen.spec + +--- +Thu Aug 10 19:45:31 UTC 2017 - jfeh...@suse.com + +- Remove use of brctl utiltiy from supportconfig plugin + FATE#323639 + +--- +Thu Aug 10 07:50:47 UTC 2017 - oher...@suse.de + +- Use upstream variant of mini-os __udivmoddi4 change + gcc7-mini-os.patch + +--- +Wed Aug 9 13:14:56 MDT 2017 - carn...@suse.com + +- fate#323639 Move bridge-utils to legacy + replace-obsolete-network-configuration-commands-in-s.patch + +--- +Mon Aug 7 12:53:44 UTC 2017 - oher...@suse.de + +- bsc#1035231 - migration of HVM domU does not use superpages + on destination dom0 + libxc.sr.superpage.patch + +--- +Tue Aug 1 20:02:58 UTC 2017 - jfeh...@suse.com + +- Add a supportconfig plugin + xen-supportconfig + FATE#323661 + +--- +Tue Jul 25 14:48:02 UTC 2017 - oher...@suse.de + +- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen + To avoid emulation of TSC access from a domU after live migration + add a global tolerance for the measured host kHz + xen.suse_vtsc_tolerance.patch + +--- +Thu Jul 20 10:46:43 MDT 2017 - carn...@suse.com + +- fate#323662 Drop qemu-dm from xen-tools package + The following tarball and patches have been removed + qemu-xen-traditional-dir-remote.tar.bz2 + VNC-Support-for-ExtendedKeyEvent-client-message.patch + 0001-net-move-the-tap-buffer-into-TAPState.patch + 0002-net-increase-tap-buffer-size.patch + 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch + 0004-e1000-secrc-support.patch + 0005-e1000-multi-buffer-packet-support.patch + 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch + 0007-e1000-verify-we-have-buffers-upfront.patch + 0008-e1000-check-buffer-availability.patch + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch + CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch + CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch + CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch + CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch + CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch + CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch + CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch + CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-07-07 10:15:25 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Jul 7 10:15:25 2017 rev:232 rq:508267 version:4.9.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-06-23 09:15:00.454897458 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-07-07 10:15:34.926339844 +0200 @@ -1,0 +2,6 @@ +Wed Jun 28 01:40:43 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- Other differences: -- ++ ipxe.tar.bz2 ++ ++ qemu-xen-traditional-dir-remote.tar.bz2 ++ ++ stubdom.tar.bz2 ++ /work/SRC/openSUSE:Factory/xen/stubdom.tar.bz2 /work/SRC/openSUSE:Factory/.xen.new/stubdom.tar.bz2 differ: char 11, line 1 ++ xen-4.9.0-testing-src.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/ChangeLog new/xen-4.9.0-testing/ChangeLog --- old/xen-4.9.0-testing/ChangeLog 2017-06-21 22:20:18.0 +0200 +++ new/xen-4.9.0-testing/ChangeLog 2017-06-28 09:31:20.0 +0200 @@ -1,46 +1,7 @@ -commit b38b1479a532f08fedd7f3b761673bc78b66739d +commit c30bf55594a53fae8aae08aabf16fc192faad7da Author: Ian Jackson-Date: Mon Jun 19 15:04:08 2017 +0100 +Date: Tue Jun 27 19:13:19 2017 +0100 -xen/test/Makefile: Fix clean target, broken by pattern rule +Xen 4.9.0 release: Adjust README and xen/Makefile -In "xen/test/livepatch: Regularise Makefiles" we reworked -xen/test/Makefile to use a pattern rule. However, there are two -problems with this. Both are related to the way that xen/Rules.mk is -implicitly part of this Makefile because of the way that Makefiles -under xen/ are invoked by their parent directory Makefiles. - -Firstly, the Rules.mk `clean' target overrides the pattern rule in -xen/test/Makefile. The result is that `make -C xen clean' does not -actually run the livepatch clean target. - -The Rules.mk clean target does have provision for recursing into -subdirectories, but that feature is tangled up with complex object -file iteration machinery which is not desirable here. However, we can -extend the Rules.mk clean target since it is a double-colon rule. - -Sadly this involves duplicating the SUBDIR iteration boilerplate. (A -make function could be used but the cure would be worse than the -disease.) - -Secondly, Rules.mk has a number of -include directives. make likes to -try to (re)build files mentioned in includes. With the % pattern -rule, this applies to those files too. - -As a result, make -C xen clean would try to build `.*.d' (for example) -in xen/test. This would fail with an error message. The error would -be ignored because of the `-', but it's annoying and ugly. - -Solve this by limiting the % pattern rule to the targets we expect it -to handle. These are those listed in the top-level Makefile help -message, apart from: those which are subdir- or component-qualified; -clean targets (which are handled specially, even distclean); and dist, -src-tarball-*, etc. (which are converted to install by an earlier -Makefile). - -Reported-by: Andrew Cooper Signed-off-by: Ian Jackson -Tested-by: Konrad Rzeszutek Wilk -Acked-by: Konrad Rzeszutek Wilk -Release-acked-by: Julien Grall -(cherry picked from commit 592e834522086009975bd48d59386094771bd06b) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/Config.mk new/xen-4.9.0-testing/Config.mk --- old/xen-4.9.0-testing/Config.mk 2017-06-21 22:20:18.0 +0200 +++ new/xen-4.9.0-testing/Config.mk 2017-06-28 09:31:20.0 +0200 @@ -268,10 +268,10 @@ MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git endif OVMF_UPSTREAM_REVISION ?= 5920a9d16b1ab887c2858224316a98e961d71b05 -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.9.0-rc1 -MINIOS_UPSTREAM_REVISION ?= xen-4.9.0-rc1.2 -# Tue Dec 13 15:02:02 2016 + -# build: prepend OBJ_DIR to linker script +QEMU_UPSTREAM_REVISION ?= qemu-xen-4.9.0 +MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.9.0 +# Wed Feb 22 11:03:37 2017 + +# Include libxendevicemodel with libxc SEABIOS_UPSTREAM_REVISION ?= rel-1.10.0 # Wed Jun 22 14:53:24 2016
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-06-23 09:14:58 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Fri Jun 23 09:14:58 2017 rev:231 rq:505582 version:4.9.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-06-17 10:18:09.900583236 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-06-23 09:15:00.454897458 +0200 @@ -1,0 +2,14 @@ +Wed Jun 21 14:03:40 MDT 2017 - carn...@suse.com + +- Update block-dmmd script (bsc#1002573) + block-dmmd + +--- +Tue Jun 20 15:18:25 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + gcc7-arm.patch +- Drop gcc7-error-xenpmd.patch + +--- Old: gcc7-error-xenpmd.patch New: gcc7-arm.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.qXUB07/_old 2017-06-23 09:15:05.126237418 +0200 +++ /var/tmp/diff_new_pack.qXUB07/_new 2017-06-23 09:15:05.126237418 +0200 @@ -278,9 +278,9 @@ Patch421: xenpaging.doc.patch Patch422: stubdom-have-iovec.patch Patch423: vif-route.patch -Patch424: gcc7-error-xenpmd.patch -Patch425: gcc7-mini-os.patch -Patch426: gcc7-xen.patch +Patch424: gcc7-mini-os.patch +Patch425: gcc7-xen.patch +Patch426: gcc7-arm.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch ++ block-dmmd ++ --- /var/tmp/diff_new_pack.qXUB07/_old 2017-06-23 09:15:05.334208033 +0200 +++ /var/tmp/diff_new_pack.qXUB07/_new 2017-06-23 09:15:05.334208033 +0200 @@ -2,20 +2,32 @@ # Usage: block-dmmd [add args | remove args] # -# the dmmd device syntax (in xm/xl commands/configs) is something like: -# dmmd:md;/dev/md0;md;/dev/md1;lvm;/dev/vg1/lv1 +# the dmmd device syntax (in xl commands/configs) is something like: +# script=block-dmmd,md;/dev/md0;md;/dev/md1;lvm;/dev/vg1/lv1 # or -# dmmd:lvm;/dev/vg1/lv1;lvm;/dev/vg1/lv2;md;/dev/md0 +# script=block-dmmd,lvm;/dev/vg1/lv1;lvm;/dev/vg1/lv2;md;/dev/md0 # device pairs (type;dev) are processed in order, with the last device # assigned to the VM # +# Note - When using the libxl stack, the "script=block-dmmd" option +# is required. See man xl-disk-configuration(5) for more information. +# # md devices can optionally: # specify a config file through: # md;/dev/md100(/var/xen/config/mdadm.conf) # use an array name (mdadm -N option): -# dmmd:md;My-MD-name;lvm;/dev/vg1/lv1 +# md;My-MD-name;lvm;/dev/vg1/lv1 +# +# Completely expressive syntax should be similar to: +# "format=raw, vdev=xvdb, access=rw, script=block-dmmd, \ +#target=md;/dev/md0(/etc/mdadm.conf);lvm;/dev/vg1/lv1" # +## # History: +# 2017-06-12, mlati...@suse.com: +#Merge LVM improvements by loic.devul...@mpsa.com +#Document libxl "script=block-dmmd" syntax in examples +#Remove xm/xend references (e.g. parsed_timeout from xend-config.sxp) # 2016-05-27, mlati...@suse.com: #Merge improvements by loic.devul...@mpsa.com. Highlights include: #- Re-write and simplification to speed up the script! @@ -51,6 +63,7 @@ typeset -rx PVSCAN_BIN=/sbin/pvscan typeset -rx VGSCAN_BIN=/sbin/vgscan typeset -rx VGCHANGE_BIN=/sbin/vgchange +typeset -rx CLVMD_BIN=/usr/sbin/clvmd typeset -rx DATE_LOG="date +%F_%T.%N" typeset -rx DATE_SEC="date +%s" @@ -61,6 +74,21 @@ # We check for errors ourselves set +e +function reload_clvm() +{ +# If we are in cluster mode +if ps -e | grep -q [c]lvmd 2>/dev/null; then +# Logging message +log err "Synchronizing cLVM..." + +# Synchronize cLVM +${CLVMD_BIN} -R > /dev/null 2>&1 \ + || return 1 +fi + +return 0 +} + function run_mdadm() { local mdadm_cmd=$1 @@ -118,21 +146,22 @@ # Is MD device already active? # We need to use full path name, aliase is not possible... -if [ -e $dev_path/${dev##*/} ]; then -${MDADM_BIN} -Q -D $dev_path/${dev##*/} 2>/dev/null \ +if [ -e ${dev_path}/${dev##*/} ]; then +${MDADM_BIN} -Q -D ${dev_path}/${dev##*/} 2>/dev/null \ | grep -iq state.*\:.*inactive || return 0 fi # Activate MD device run_mdadm "-A ${mdadm_opts} ${dev} ${cfg}" rc=$? + # A return code of 2 can indicate the array configuration was incorrect if [[ ${rc} == 2 ]]; then # Logging message echo "[$(${DATE_LOG})] verifying MD device
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-06-17 10:18:08 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Sat Jun 17 10:18:08 2017 rev:230 rq:503267 version:4.9.0_08 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-06-04 01:50:28.259526615 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-06-17 10:18:09.900583236 +0200 @@ -1,0 +2,6 @@ +Mon Jun 5 10:49:34 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.I4MSy8/_old 2017-06-17 10:18:12.296245300 +0200 +++ /var/tmp/diff_new_pack.I4MSy8/_new 2017-06-17 10:18:12.296245300 +0200 @@ -159,7 +159,7 @@ %endif %endif -Version:4.9.0_07 +Version:4.9.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 ++ libxl.pvscsi.patch ++ --- /var/tmp/diff_new_pack.I4MSy8/_old 2017-06-17 10:18:12.728184370 +0200 +++ /var/tmp/diff_new_pack.I4MSy8/_new 2017-06-17 10:18:12.732183806 +0200 @@ -105,7 +105,7 @@ === --- xen-4.9.0-testing.orig/docs/man/xl.pod.1.in +++ xen-4.9.0-testing/docs/man/xl.pod.1.in -@@ -1451,6 +1451,24 @@ List virtual trusted platform modules fo +@@ -1429,6 +1429,24 @@ List virtual Trusted Platform Modules fo =back ++ libxl.set-migration-constraints-from-cmdline.patch ++ --- /var/tmp/diff_new_pack.I4MSy8/_old 2017-06-17 10:18:12.744182114 +0200 +++ /var/tmp/diff_new_pack.I4MSy8/_new 2017-06-17 10:18:12.744182114 +0200 @@ -93,7 +93,7 @@ === --- xen-4.9.0-testing.orig/docs/man/xl.pod.1.in +++ xen-4.9.0-testing/docs/man/xl.pod.1.in -@@ -457,6 +457,26 @@ Print huge (!) amount of debug during th +@@ -459,6 +459,26 @@ Display huge (!) amount of debug informa Leave the domain on the receive side paused after migration. ++ xen-4.9.0-testing-src.tar.bz2 ++ 1650 lines of diff (skipped)
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-06-04 01:49:50 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Sun Jun 4 01:49:50 2017 rev:229 rq:500486 version:4.9.0_07 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-05-27 13:09:39.973294867 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-06-04 01:50:28.259526615 +0200 @@ -1,0 +2,26 @@ +Thu Jun 1 13:24:26 MDT 2017 - carn...@suse.com + +- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop + due to incorrect return value + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch + +--- +Tue May 30 11:24:41 MDT 2017 - carn...@suse.com + +- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory + leakage via capture buffer + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch + +--- +Fri May 26 12:58:06 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- +Mon May 22 14:43:01 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- New: CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.uB4tUt/_old 2017-06-04 01:50:31.191112417 +0200 +++ /var/tmp/diff_new_pack.uB4tUt/_new 2017-06-04 01:50:31.195111852 +0200 @@ -159,7 +159,7 @@ %endif %endif -Version:4.9.0_04 +Version:4.9.0_07 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -237,6 +237,8 @@ Patch286: CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch Patch287: CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch Patch288: CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch +Patch289: CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch +Patch290: CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch # qemu-traditional patches that are not upstream Patch350: blktap.patch Patch351: cdrom-removable.patch @@ -557,6 +559,8 @@ %patch286 -p1 %patch287 -p1 %patch288 -p1 +%patch289 -p1 +%patch290 -p1 # Qemu traditional %patch350 -p1 %patch351 -p1 ++ CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch ++ References: bsc#1037243 CVE-2017-8309 Subject: audio: release capture buffers From: Gerd Hoffmann kra...@redhat.com Fri Apr 28 09:56:12 2017 +0200 Date: Thu May 4 08:31:48 2017 +0200: Git: 3268a845f41253fb55852a8429c32b50f36f349a AUD_add_capture() allocates two buffers which are never released. Add the missing calls to AUD_del_capture(). Impact: Allows vnc clients to exhaust host memory by repeatedly starting and stopping audio capture. Fixes: CVE-2017-8309 Cc: P J PCc: Huawei PSIRT Reported-by: "Jiangxin (hunter, SCC)" Signed-off-by: Gerd Hoffmann Reviewed-by: Prasad J Pandit Message-id: 20170428075612.9997-1-kra...@redhat.com Index: xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c === --- xen-4.9.0-testing.orig/tools/qemu-xen-traditional-dir-remote/audio/audio.c +++ xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c @@ -1937,6 +1937,8 @@ void AUD_del_capture (CaptureVoiceOut *c sw = sw1; } LIST_REMOVE (cap, entries); +qemu_free (cap->hw.mix_buf); +qemu_free (cap->buf); qemu_free (cap); } return; ++ CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch ++ References: bsc#1042160 CVE-2017-9330 Index: xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c === --- xen-4.9.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c +++ xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c @@ -583,7 +583,7 @@
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-05-27 13:09:02 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Sat May 27 13:09:02 2017 rev:228 rq:496467 version:4.9.0_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-04-11 12:39:50.315734414 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-05-27 13:09:39.973294867 +0200 @@ -1,0 +2,133 @@ +Thu May 18 16:22:53 MDT 2017 - carn...@suse.com + +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-mini-os.patch + gcc7-xen.patch + +--- +Wed May 17 08:28:37 MDT 2017 - carn...@suse.com + +- bsc#1031343 - xen fails to build with GCC 7 + gcc7-error-xenpmd.patch + +--- +Tue May 16 09:04:19 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 +- Drop xen-tools-pkgconfig-xenlight.patch + +--- +Wed May 10 15:26:38 MDT 2017 - carn...@suse.com + +- bsc#1037779 - xen breaks kexec-tools build + xen-tools-pkgconfig-xenlight.patch + +--- +Tue May 9 08:40:58 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- +Tue May 2 09:18:24 MDT 2017 - carn...@suse.com + +- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path + xen.spec + +--- +Fri Apr 28 09:03:56 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + aarch64-maybe-uninitialized.patch + +--- +Fri Apr 21 16:26:31 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +--- +Wed Apr 19 07:54:58 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + ioemu-devicemodel-include.patch +- Dropped patches contained in new tarball + xen-4.8.0-testing-src.tar.bz2 + 0001-xenstore-let-write_node-and-some-callers-return-errn.patch + 0002-xenstore-undo-function-rename.patch + 0003-xenstore-rework-of-transaction-handling.patch + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch + 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + 58a44771-IOMMU-always-call-teardown-callback.patch + 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch + 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch + 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch + 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch + 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch + 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch + 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch + 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch + 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch + 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch + 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-03-09 01:35:29 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Thu Mar 9 01:35:29 2017 rev:226 rq:461996 version:4.8.0_04 Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-02-03 20:05:39.761672482 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-03-09 01:35:31.444041826 +0100 @@ -1,0 +2,48 @@ +Thu Mar 2 15:21:25 MST 2017 - carn...@suse.com + +- bsc#1027654 - XEN fails to build against glibc 2.25 + glibc-2.25-compatibility-fix.patch + libxl.pvscsi.patch + +--- +Thu Feb 16 11:42:23 UTC 2017 - oher...@suse.de + +- fate#316613: Refresh and enable libxl.pvscsi.patch + +--- +Fri Feb 10 11:22:01 MST 2017 - carn...@suse.com + +- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo + does not check if memory region is safe (XSA-209) + CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch + +--- +Wed Feb 8 10:19:24 MST 2017 - carn...@suse.com + +- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault + happened when adding usbctrl devices via xl + 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch + +--- +Thu Feb 2 09:57:01 MST 2017 - carn...@suse.com + +- Upstream patches from Jan (bsc#1027519) + 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch + 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch + 5882129d-x86emul-LOCK-check-adjustments.patch + 58821300-x86-segment-attribute-handling.patch + 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch + 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch + 5887888f-credit2-use-the-correct-scratch-cpumask.patch + 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch + 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch + 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch + +--- +Wed Feb 1 09:36:25 MST 2017 - carn...@suse.com + +- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob + access while doing bitblt copy backward mode + CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch + +--- @@ -4,4 +52,3 @@ -- Xen 4.8 requires the acpica package (iasl) to build. - fate#322313 and fate#322150 require the acpica package to be - ported to aarch64 which is now down. Enable aarch64 in the spec - for building Xen on aarch64. +- fate#322313 and fate#322150 require the acpica package ported to + aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 + until these fates are complete. @@ -45,0 +93,7 @@ +Wed Jan 4 14:59:04 MST 2017 - carn...@suse.com + +- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: + display: cirrus_vga: a divide by zero in cirrus_do_copy + CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch + +--- @@ -62,2 +116,2 @@ -- bsc#1014298 - VUL-0: xen: x86 PV guests may be able to mask - interrupts (XSA-202) +- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be + able to mask interrupts (XSA-202) @@ -65,2 +119,2 @@ -- bsc#1014300 - VUL-0: xen: x86: missing NULL pointer check in - VMFUNC emulation (XSA-203) +- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL + pointer check in VMFUNC emulation (XSA-203) New: 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch glibc-2.25-compatibility-fix.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-01-31 12:27:17 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-09-17 14:34:17.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-02-03 20:05:39.761672482 +0100 @@ -1,0 +2,274 @@ +Thu Jan 26 10:30:19 MST 2017 - carn...@suse.com + +- Xen 4.8 requires the acpica package (iasl) to build. + fate#322313 and fate#322150 require the acpica package to be + ported to aarch64 which is now down. Enable aarch64 in the spec + for building Xen on aarch64. + xen.spec + +--- +Wed Jan 25 15:39:26 MST 2017 - carn...@suse.com + +- bsc#1021952 - Virutalization/xen: Bug xen-tools missing + /usr/bin/domu-xenstore; guests fail to launch + tmp_build.patch + xen.spec + +--- +Wed Jan 18 10:50:52 UTC 2017 - oher...@suse.de + +- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842) + +--- +Thu Jan 12 11:34:06 MST 2017 - carn...@suse.com + +- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ + xen.spec + +--- +Mon Jan 9 10:54:19 MST 2017 - carn...@suse.com + +- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch + Replaces xsa202.patch (bsc#1014298) +- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch + Replaces xsa203.patch (bsc#1014300) +- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch + Replaces xsa204.patch (bsc#1016340) +- Upstream patches from Jan + 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch + 5853ed37-VT-d-correct-dma_msi_set_affinity.patch + 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch + 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch + 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch + +--- +Mon Dec 19 10:32:51 MST 2016 - carn...@suse.com + +- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of + SYSCALL singlestep during emulation (XSA-204) + xsa204.patch + +--- +Thu Dec 15 09:08:18 MST 2016 - carn...@suse.com + +- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation + fails to ignore operand size override (XSA-200) + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + +--- +Wed Dec 14 08:24:41 MST 2016 - carn...@suse.com + +- bsc#1014298 - VUL-0: xen: x86 PV guests may be able to mask + interrupts (XSA-202) + xsa202.patch +- bsc#1014300 - VUL-0: xen: x86: missing NULL pointer check in + VMFUNC emulation (XSA-203) + xsa203.patch +- Upstream patches from Jan + 584806ce-x86emul-correct-PUSHF-POPF.patch + 584fc649-fix-determining-when-domain-creation-is-complete.patch + 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch + 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch + +--- +Mon Dec 5 15:32:00 MST 2016 - carn...@suse.com + +- Update to Xen 4.8 FCS + xen-4.8.0-testing-src.tar.bz2 +- Dropped + xen-4.7.1-testing-src.tar.bz2 + 0001-libxc-Rework-extra-module-initialisation.patch + 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch + 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch + 0004-firmware-makefile-install-BIOS-blob.patch + 0005-libxl-Load-guest-BIOS-from-file.patch + 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch + 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch + 0008-hvmloader-Locate-the-BIOS-blob.patch + 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch + 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch + 0011-hvmloader-Load-OVMF-from-modules.patch + 0012-hvmloader-Specific-bios_load-function-required.patch + 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch + 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch + 57a30261-x86-support-newer-Intel-CPU-models.patch + 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-09-17 14:34:14 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-08-26 23:14:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-09-17 14:34:17.0 +0200 @@ -1,0 +2,45 @@ +Mon Sep 12 08:44:11 MDT 2016 - carn...@suse.com + +- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 + recursive pagetable for 32-bit PV guests (XSA-185) + 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch +- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of + instruction pointer truncation during emulation (XSA-186) + 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch + 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch +- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of + sh_ctxt->seg_reg[] (XSA-187) + 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch + 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch +- Upstream patches from Jan + 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch + 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch + 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch + 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch + 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch + 57c82be2-x86-32on64-adjust-call-gate-emulation.patch + 57c96e2c-x86-correct-PT_NOTE-file-position.patch + 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch + +--- +Mon Sep 12 13:10:21 UTC 2016 - oher...@suse.de + +- bsc#979002 - add 60-persistent-xvd.rules and helper script + also to initrd, add the relevant dracut helper + +--- +Mon Sep 5 11:39:21 UTC 2016 - oher...@suse.de + +- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for + upstream unplug protocol + +--- +Fri Sep 2 08:32:44 MDT 2016 - carn...@suse.com + +- bsc#989679 - [pvusb feature] USB device not found when + 'virsh detach-device guest usb.xml' + 57c93e52-fix-error-in-libxl_device_usbdev_list.patch + +--- New: 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c93e52-fix-error-in-libxl_device_usbdev_list.patch 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.3aw7sj/_old 2016-09-17 14:34:20.0 +0200 +++ /var/tmp/diff_new_pack.3aw7sj/_new 2016-09-17 14:34:20.0 +0200 @@ -165,7 +165,7 @@ %endif %endif -Version:4.7.0_10 +Version:4.7.0_12 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -219,6 +219,21 @@ Patch14:57ac6316-don-t-restrict-DMA-heap-to-node-0.patch Patch15: 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch Patch16: 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch +Patch17:57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch +Patch18: 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch +Patch19: 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch +Patch20:57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch +Patch21: 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch +Patch22:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-08-26 23:14:40 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-08-10 19:54:54.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-08-26 23:14:41.0 +0200 @@ -1,0 +2,19 @@ +Tue Aug 23 08:07:46 MDT 2016 - carn...@suse.com + +- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to + get contiguous memory for DMA from Xen + 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch +- bsc#978755 - xen uefi systems fail to boot +- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot + 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch +- Upstream patch from Jan + 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch + +--- +Mon Aug 8 18:27:23 UTC 2016 - jfeh...@suse.com + +- spec: to stay compatible with the in-tree qemu-xen binary, use + /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 + bsc#986164 + +--- New: 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.aceELi/_old 2016-08-26 23:14:44.0 +0200 +++ /var/tmp/diff_new_pack.aceELi/_new 2016-08-26 23:14:44.0 +0200 @@ -216,6 +216,9 @@ Patch11:57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch Patch12:57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch Patch13:57a30261-x86-support-newer-Intel-CPU-models.patch +Patch14:57ac6316-don-t-restrict-DMA-heap-to-node-0.patch +Patch15: 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch +Patch16: 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch # Upstream qemu-traditional patches Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -550,6 +553,9 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -762,7 +768,7 @@ %endif --with-system-ovmf=%{_datadir}/qemu/ovmf-x86_64-ms.bin \ --with-system-seabios=%{_datadir}/qemu/bios-256k.bin \ - --with-system-qemu=%{_bindir}/qemu-system-%{_arch} \ + --with-system-qemu=%{_bindir}/qemu-system-i386 \ ${configure_flags} make -C tools/include/xen-foreign %{?_smp_mflags} make %{?_smp_mflags} @@ -909,12 +915,13 @@ # and advertised as the in libvirt capabilities. Tool such as # virt-install include in domXML they produce, so we need to # preserve the path. For x86_64, create a simple wrapper that invokes -# /usr/bin/qemu-system-x86_64 +# /usr/bin/qemu-system-i386 +# Using qemu-system-x86_64 will result in an incompatible VM %ifarch x86_64 cat > $RPM_BUILD_ROOT/usr/lib/xen/bin/qemu-system-i386 << 'EOF' #!/bin/sh -exec %{_bindir}/qemu-system-x86_64 "$@" +exec %{_bindir}/qemu-system-i386 "$@" EOF chmod 0755 $RPM_BUILD_ROOT/usr/lib/xen/bin/qemu-system-i386 %endif ++ 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch ++ --- /var/tmp/diff_new_pack.aceELi/_old 2016-08-26 23:14:44.0 +0200 +++ /var/tmp/diff_new_pack.aceELi/_new 2016-08-26 23:14:44.0 +0200 @@ -17,6 +17,18 @@ Reviewed-by: Andrew CooperTested-by: Joao Martins +# Commit 7fb0a87d97201f9c3639f85615eacd93110dc1c5 +# Date 2016-08-05 18:00:45 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/time: also use rdtsc_ordered() in check_tsc_warp() + +This really was meant to be added in a v2 of what became commit +fa74e70500 ("x86/time: introduce and use rdtsc_ordered()"). + +Signed-off-by: Jan Beulich +Reviewed-by: Andrew Cooper + --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1137,7 +1137,7 @@ static int __init calibrate_APIC_clock(v @@ -108,7 +120,36 @@ t->local_tsc_stamp = curr_tsc; set_time_scale(>tsc_scale, freq); local_irq_enable(); -@@ -1248,7 +1248,7 @@ static void time_calibration_tsc_rendezv +@@ -1124,16 +1124,13 @@ static void local_time_calibration(void) + */ + static void check_tsc_warp(unsigned long tsc_khz, unsigned long *max_warp) + { +-#define rdtsc_barrier() mb() + static
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-08-10 19:54:53 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-07-01 09:55:47.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-08-10 19:54:54.0 +0200 @@ -1,0 +2,42 @@ +Thu Aug 4 09:12:34 MDT 2016 - carn...@suse.com + +- bsc#970135 - new virtualization project clock test randomly fails + on Xen + 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch + 5769106e-x86-generate-assembler-equates-for-synthesized.patch + 57a1e603-x86-time-adjust-local-system-time-initialization.patch + 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch + 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch +- bsc#991934 - xen hypervisor crash in csched_acct + 57973099-have-schedulers-revise-initial-placement.patch + 579730e6-remove-buggy-initial-placement-algorithm.patch +- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation + in PV guests (XSA-182) + 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch +- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP + whitelisting in 32-bit exception / event delivery (XSA-183) + 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch +- Upstream patches from Jan + 57a30261-x86-support-newer-Intel-CPU-models.patch + +--- +Mon Aug 1 11:46:22 MDT 2016 - carn...@suse.com + +- bsc#985503 - vif-route broken + vif-route.patch + +--- +Thu Jul 28 05:23:12 MDT 2016 - carn...@suse.com + +- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 + failed on sles11sp4 xen host. + pygrub-handle-one-line-menu-entries.patch + +--- +Wed Jul 27 14:09:06 MDT 2016 - carn...@suse.com + +- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB + write access in esp_do_dma + CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch + +--- New: 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch 57a30261-x86-support-newer-Intel-CPU-models.patch CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch pygrub-handle-one-line-menu-entries.patch vif-route.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.04sqRm/_old 2016-08-10 19:54:56.0 +0200 +++ /var/tmp/diff_new_pack.04sqRm/_new 2016-08-10 19:54:56.0 +0200 @@ -165,7 +165,7 @@ %endif %endif -Version:4.7.0_08 +Version:4.7.0_10 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -205,7 +205,17 @@ # Upstream patches Patch1: 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch Patch2: 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch -Patch3: 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch +Patch3: 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch +Patch4: 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch +Patch5: 5769106e-x86-generate-assembler-equates-for-synthesized.patch +Patch6: 57973099-have-schedulers-revise-initial-placement.patch +Patch7: 579730e6-remove-buggy-initial-placement-algorithm.patch +Patch8: 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch +Patch9: 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch +Patch10:57a1e603-x86-time-adjust-local-system-time-initialization.patch +Patch11:57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch +Patch12:57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch +Patch13:57a30261-x86-support-newer-Intel-CPU-models.patch # Upstream qemu-traditional patches Patch250:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-07-01 09:55:45 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-06-14 23:05:52.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-07-01 09:55:47.0 +0200 @@ -1,0 +2,43 @@ +Thu Jun 23 09:45:38 MDT 2016 - carn...@suse.com + +- bsc#900418 - Dump cannot be performed on SLES12 XEN + 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +- Upstream patches from Jan + 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch + 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch + +--- +Tue Jun 21 08:26:51 MDT 2016 - carn...@suse.com + +- fate#319989 - Update to Xen 4.7 FCS + xen-4.7.0-testing-src.tar.bz2 +- Drop CVE-2014-3672-qemut-xsa180.patch + +--- +Thu Jun 16 16:27:25 MDT 2016 - carn...@suse.com + +- bsc#954872 - script block-dmmd not working as expected - libxl: + error: libxl_dm.c (Additional fixes) + block-dmmd + +--- +Fri Jun 10 14:23:51 UTC 2016 - oher...@suse.de + +- Convert with_stubdom into build_conditional to allow adjusting + via prjconf +- Convert with_debug into build_conditional to allow adjusting + via prjconf + +--- +Fri Jun 10 13:36:32 UTC 2016 - oher...@suse.de + +- bsc#979002 - add 60-persistent-xvd.rules and helper script to + xen-tools-domU to simplify transition to pvops based kernels + +--- +Fri Jun 10 13:18:13 UTC 2016 - oher...@suse.de + +- Convert with_oxenstored into build_conditional to allow + adjusting via prjconf (fate#320836) + +--- @@ -112 +155 @@ -- Update to the latest Xen 4.7 pre-release c2994f86 (fate#319989) +- Update to the latest Xen 4.7 pre-release c2994f86 Old: CVE-2014-3672-qemut-xsa180.patch New: 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.l6yEkQ/_old 2016-07-01 09:55:50.0 +0200 +++ /var/tmp/diff_new_pack.l6yEkQ/_new 2016-07-01 09:55:50.0 +0200 @@ -24,17 +24,20 @@ %define xen_build_dir xen-4.7.0-testing # %define with_kmp 0 -%define with_debug 0 -%define with_stubdom 0 %define with_gdbsx 0 %define with_dom0_support 0 %define with_qemu_traditional 0 -%define with_oxenstored 0 +%bcond_withxen_oxenstored +%ifarch x86_64 +%bcond_without xen_debug +%bcond_without xen_stubdom +%else +%bcond_withxen_debug +%bcond_withxen_stubdom +%endif # %ifarch x86_64 %define with_kmp 0 -%define with_debug 1 -%define with_stubdom 1 %define with_gdbsx 1 %define with_dom0_support 1 %define with_qemu_traditional 1 @@ -108,7 +111,7 @@ BuildRequires: SDL-devel BuildRequires: pciutils-devel %endif -%if %{?with_stubdom}0 +%if %{with xen_stubdom} %if 0%{?suse_version} < 1230 BuildRequires: texinfo %else @@ -116,13 +119,15 @@ %endif %endif BuildRequires: ncurses-devel -%if %{?with_oxenstored}0 +%if %{?with_dom0_support}0 +%if %{with xen_oxenstored} BuildRequires: ocaml BuildRequires: ocaml-compiler-libs BuildRequires: ocaml-findlib BuildRequires: ocaml-ocamldoc BuildRequires: ocaml-runtime %endif +%endif BuildRequires: openssl-devel BuildRequires: python-devel %if %{?with_systemd}0 @@ -160,7 +165,7 @@ %endif %endif -Version:4.7.0_06 +Version:4.7.0_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -198,6 +203,9 @@ # For xen-libs Source99: baselibs.conf # Upstream patches +Patch1: 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch +Patch2: 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch +Patch3: 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch # Upstream qemu-traditional patches Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -228,9 +236,8 @@ Patch276: CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch Patch277:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-03-07 13:22:56 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-03-02 14:21:07.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-03-07 13:22:58.0 +0100 @@ -1,0 +2,54 @@ +Fri Mar 4 16:11:02 MST 2016 - carn...@suse.com + +- bsc#969377 - xen does not build with GCC 6 + ipxe-use-rpm-opt-flags.patch + gcc6-warnings-as-errors.patch + +--- +Thu Mar 3 10:27:55 MST 2016 - carn...@suse.com + +- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite + loop in ne2000_receive + CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch +- Drop xsa154-fix.patch + +--- +Wed Mar 2 16:53:51 UTC 2016 - jfeh...@suse.com + +- Use system qemu instead of building/installing yet another qemu + FATE#320638 +- Dropped files + qemu-xen-dir-remote.tar.bz2 + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch + qemu-xen-enable-spice-support.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch + tigervnc-long-press.patch + xsa162-qemuu.patch + +--- +Mon Feb 29 09:40:43 MST 2016 - carn...@suse.com + +- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer + dereference in vapic_write() + CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch + +--- @@ -22,0 +77 @@ + CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch @@ -70 +124,0 @@ - xsa154-fix.patch @@ -86,0 +141,3 @@ +- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref + in sosendto() + CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch @@ -115,0 +173,3 @@ +- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun + on incoming migration + CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch @@ -453 +512,0 @@ - CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch @@ -456 +514,0 @@ - CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch Old: CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-03-02 14:20:57 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-02-25 22:02:13.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-03-02 14:21:07.0 +0100 @@ -1,0 +2,26 @@ +Wed Feb 24 08:05:02 MST 2016 - carn...@suse.com + +- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in + remote NDIS control message handling + CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch + +--- +Thu Feb 18 10:39:00 MST 2016 - carn...@suse.com + +- bsc#954872 - L3: script block-dmmd not working as expected - + libxl: error: libxl_dm.c + block-dmmd +- Update libxl to recognize dmmd and npiv prefix in disk spec + xen.libxl.dmmd.patch + +--- +Wed Feb 17 08:30:35 MST 2016 - carn...@suse.com + +- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers + in ohci module leads to null pointer dereference + CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch +- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer + dereference in remote NDIS control message handling + CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch + +--- @@ -36,0 +63,11 @@ + +--- +Fri Feb 5 13:07:53 MST 2016 - carn...@suse.com + +- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent + cachability flags on guest mappings (XSA-154) + xsa154.patch + xsa154-fix.patch +- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may + crash guest with non-canonical RIP (XSA-170) + xsa170.patch New: CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch xen.libxl.dmmd.patch xsa154-fix.patch xsa154.patch xsa170.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.DdfhB8/_old 2016-03-02 14:21:10.0 +0100 +++ /var/tmp/diff_new_pack.DdfhB8/_new 2016-03-02 14:21:10.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -207,11 +206,14 @@ Patch2: 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch Patch3: 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch Patch4: 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch +Patch15401: xsa154.patch +Patch15402: xsa154-fix.patch Patch15501: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch Patch15502: xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch Patch15503: xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch Patch162: xsa162-qemuu.patch Patch164: xsa164.patch +Patch170: xsa170.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -254,6 +256,9 @@ Patch289: CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch Patch290: CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch Patch291: CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch +Patch292: CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch +Patch293: CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch +Patch294: CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch # Our platform specific patches Patch321: xen-destdir.patch Patch322: vif-bridge-no-iptables.patch @@ -309,6 +314,7 @@ Patch472: tigervnc-long-press.patch Patch473: xendomains-libvirtd-conflict.patch Patch474: CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch +Patch475: xen.libxl.dmmd.patch # Hypervisor and PV driver Patches Patch501: x86-ioapic-ack-default.patch Patch502:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-02-25 21:55:47 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-02-07 09:22:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-02-25 22:02:13.0 +0100 @@ -1,0 +2,79 @@ +Thu Feb 11 09:29:01 MST 2016 - carn...@suse.com + +- Update to Xen Version 4.6.1 + xen-4.6.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball or unnecessary + xen-4.6.0-testing-src.tar.bz2 + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch + 56549f24-x86-vPMU-document-as-unsupported.patch + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemut-xenfb.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa159.patch + xsa160.patch + xsa162-qemut.patch + xsa165.patch + xsa166.patch + xsa167.patch + xsa168.patch + +--- +Fri Feb 5 08:51:16 MST 2016 - carn...@suse.com + +- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in + hmp_sendkey routine + CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch + +--- +Thu Feb 4 09:26:34 MST 2016 - carn...@suse.com + +- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue + CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch + +--- +Wed Feb 3 10:47:41 MST 2016 - carn...@suse.com + +- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in + ne2000_receive() function + CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch + +--- +Tue Feb 2 08:45:07 MST 2016 - carn...@suse.com + +- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on + incoming migration + CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch +- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch +- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + +--- +Mon Feb 1 13:29:55 MST 2016 - carn...@suse.com + +- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer + dereference in ehci_caps_write + CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch + +--- Old: 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-02-07 09:22:39 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-01-08 15:21:58.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-02-07 09:22:41.0 +0100 @@ -1,0 +2,87 @@ +Wed Jan 27 08:23:26 MST 2016 - carn...@suse.com + +- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop + in start_xmit and e1000_receive_iov routines + CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch + +--- +Wed Jan 20 08:21:42 MST 2016 - carn...@suse.com + +- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun + on invalid state load + CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch + +--- +Tue Jan 19 09:23:56 MST 2016 - carn...@suse.com + +- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient + resource limiting in VNC websockets decoder + CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch + CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch +- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on + invalid state load + CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch +- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient + bits_per_pixel from the client sanitization + CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch + +--- +Mon Jan 18 09:04:10 MST 2016 - carn...@suse.com + +- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer + overun on invalid state + CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch +- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer + overflow in non-loopback mode + CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch + +--- +Wed Jan 13 09:56:52 MST 2016 - carn...@suse.com + +- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in + processing firmware configurations + CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch + CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch + +--- +Mon Jan 11 11:51:45 MST 2016 - carn...@suse.com + +- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based + buffer overflow in megasas_ctrl_get_info + CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch +- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci + use-after-free vulnerability in aio port commands + CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch + +--- +Thu Jan 7 10:38:20 MST 2016 - carn...@suse.com + +- bsc#959695 - missing docs for xen + xen.spec + +--- +Wed Jan 6 10:38:36 MST 2016 - carn...@suse.com + +- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with + INVLPG on non-canonical address (XSA-168) + xsa168.patch +- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage + functionality missing sanity checks (XSA-167) + xsa167.patch +- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect + l2 header validation leads to a crash via assert(2) call + CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch + +--- +Tue Jan 5 13:56:08 MST 2016 - carn...@suse.com + +- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers + leads to a crash via assert(2) call + CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch +- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access + in ioport r/w functions + CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch + +--- New: CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-01-08 15:21:56 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2016-01-01 19:47:04.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-01-08 15:21:58.0 +0100 @@ -1,0 +2,7 @@ +Mon Jan 4 11:32:10 MST 2016 - carn...@suse.com + +- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional + logging upon guest changing callback method (XSA-169) + 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch + +--- @@ -6,0 +14,73 @@ + +--- +Wed Dec 16 12:16:21 MST 2015 - carn...@suse.com + +- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: + vmxnet3: host memory leakage + CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch + +--- +Mon Dec 14 10:12:05 MST 2015 - carn...@suse.com + +- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers + incautious about shared memory contents (XSA-155) + xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch + xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch + xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch + xsa155-qemuu-qdisk-double-access.patch + xsa155-qemut-qdisk-double-access.patch + xsa155-qemuu-xenfb.patch + xsa155-qemut-xenfb.patch +- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop + in ehci_advance_state results in DoS + CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch +- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer + dereference issue + CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch +- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid + floating point exception + CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch + CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch +- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in + MSI-X handling (XSA-164) + xsa164.patch +- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in + legacy x86 FPU/XMM initialization (XSA-165) + xsa165.patch +- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to + multiple read issue (XSA-166) + xsa166.patch + +--- +Fri Nov 27 10:39:38 MST 2015 - carn...@suse.com + +- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: + infinite loop in processing command block list + CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch + CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch +- Upstream patches from Jan + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch + 56544a57-VMX-fix-adjust-trap-injection.patch + 56546ab2-sched-fix-insert_vcpu-locking.patch + +--- +Wed Nov 25 10:06:30 MST 2015 - carn...@suse.com + +- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) + 56549f24-x86-vPMU-document-as-unsupported.patch +- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: + XENMEM_exchange error handling issues (XSA-159) + xsa159.patch +- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel + and initrd on error (XSA-160) + xsa160.patch +- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow + vulnerability in pcnet emulator (XSA-162) + xsa162-qemuu.patch + xsa162-qemut.patch +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch + 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch New: 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch 56549f24-x86-vPMU-document-as-unsupported.patch 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2016-01-01 19:46:52 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-12-18 21:53:28.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2016-01-01 19:47:04.0 +0100 @@ -1,0 +2,7 @@ +Mon Dec 21 09:09:55 UTC 2015 - oher...@suse.de + +- Adjust xen-dom0-modules.service to run Before xenstored.service + instead of proc-xen.mount to workaround a bug in systemd "design" + (bnc#959845) + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.cDQ6JD/_old 2016-01-01 19:47:07.0 +0100 +++ /var/tmp/diff_new_pack.cDQ6JD/_new 2016-01-01 19:47:07.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen ++ xen-dom0-modules.service ++ --- /var/tmp/diff_new_pack.cDQ6JD/_old 2016-01-01 19:47:08.0 +0100 +++ /var/tmp/diff_new_pack.cDQ6JD/_new 2016-01-01 19:47:08.0 +0100 @@ -1,7 +1,7 @@ [Unit] Description=Load dom0 backend drivers ConditionPathExists=/proc/xen -Before=proc-xen.mount +Before=xenstored.service xen-watchdog.service [Install] WantedBy=multi-user.target
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-12-18 21:53:23 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-11-02 12:54:43.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-12-18 21:53:28.0 +0100 @@ -1,0 +2,176 @@ +Tue Nov 24 08:44:57 MST 2015 - carn...@suse.com + +- fate#315712: XEN: Use the PVOPS kernel + Turn off building the KMPs now that we are using the pvops kernel + xen.spec + +--- +Thu Nov 19 11:18:03 MST 2015 - carn...@suse.com + +- Upstream patches from Jan + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch + 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch + 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch + 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch + 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch + 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) + 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch + 563212e4-xenoprof-free-domain-s-vcpu-array.patch + 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch + 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch + 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch + 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) + 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch +- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch + +--- +Thu Nov 19 07:47:47 UTC 2015 - oher...@suse.de + +- Use upstream variants of block-iscsi and block-nbd + +--- +Thu Nov 19 07:38:06 UTC 2015 - oher...@suse.de + +- Remove xenalyze.hg, its part of xen-4.6 + +--- +Wed Nov 10 16:16:24 MDT 2015 - carn...@suse.com + +- Update to Xen Version 4.6.0 + xen-4.6.0-testing-src.tar.bz2 + mini-os.tar.bz2 + blktap2-no-uninit.patch + stubdom-have-iovec.patch +- Renamed + xsa149.patch to CVE-2015-7969-xsa149.patch +- Dropped patches now contained in tarball or unnecessary + xen-4.5.2-testing-src.tar.bz2 + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch + 54f4985f-libxl-fix-libvirtd-double-free.patch + 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch + 551ac326-xentop-add-support-for-qdisk.patch + 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch + 552d0fe8-x86-mtrr-include-asm-atomic.h.patch + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch + 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch + 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch + 554c7aee-x86-provide-arch_fetch_and_add.patch + 554c7b00-arm-provide-arch_fetch_and_add.patch + 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch + 55534b25-arm-provide-add_sized.patch + a4f8-use-ticket-locks-for-spin-locks.patch + a5b9-x86-arm-remove-asm-spinlock-h.patch + a8ec-introduce-non-contiguous-allocation.patch + 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 557eb55f-gnttab-per-active-entry-locking.patch + 557eb5b6-gnttab-introduce-maptrack-lock.patch + 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch + 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch + 5582bf43-evtchn-simplify-port_is_valid.patch + 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch + 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch + 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch + 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch + 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch + 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-11-02 12:54:41 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-10-14 16:43:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-11-02 12:54:43.0 +0100 @@ -1,0 +2,52 @@ +Wed Oct 28 09:47:38 MDT 2015 - carn...@suse.com + +- Upstream patches from Jan + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch + 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch + 561d20a0-x86-hide-MWAITX-from-PV-domains.patch + 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch + +--- +Fri Oct 23 13:35:59 MDT 2015 - carn...@suse.com + +- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand + balloon size inaccuracy can crash guests (XSA-153) + xsa153-libxl.patch + +--- +Fri Oct 16 08:40:31 MDT 2015 - carn...@suse.com + +- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain + vcpu pointer array (DoS) (XSA-149) + xsa149.patch +- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain + profiling-related vcpu pointer array (DoS) (XSA-151) + xsa151.patch +- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and + profiling hypercalls log without rate limiting (XSA-152) + xsa152.patch +- Dropped + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + +--- +Thu Oct 15 11:43:23 MDT 2015 - carn...@suse.com + +- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure + temporary file use in /net/slirp.c + CVE-2015-4037-qemuu-smb-config-dir-name.patch + CVE-2015-4037-qemut-smb-config-dir-name.patch +- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table + size to avoid integer overflows + CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch + CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch + +--- +Wed Oct 14 10:24:15 MDT 2015 - carn...@suse.com + +- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled + creation of large page mappings by PV guests (XSA-148) + CVE-2015-7835-xsa148.patch + +--- Old: 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch New: 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-4037-qemut-smb-config-dir-name.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7835-xsa148.patch xsa149.patch xsa151.patch xsa152.patch xsa153-libxl.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.0 +0100 +++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.0 +0100 @@ -158,7 +158,7 @@ %endif %endif -Version:4.5.1_10 +Version:4.5.1_13 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -205,41 +205,55 @@ Patch2: 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch Patch3: 551ac326-xentop-add-support-for-qdisk.patch Patch4: 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch -Patch5: 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch -Patch6: 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch -Patch7: 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch -Patch8: 554cc211-libxl-add-qxl.patch -Patch9: 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch -Patch10:5576f178-kexec-add-more-pages-to-v1-environment.patch -Patch11: 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch -Patch12:558bfaa0-x86-traps-avoid-using-current-too-early.patch -Patch13:5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch -Patch14:559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch -Patch15:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-10-14 16:43:18 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-09-24 07:16:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-10-14 16:43:21.0 +0200 @@ -1,0 +2,45 @@ +Tue Oct 6 14:52:30 MDT 2015 - jfeh...@suse.com + +- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd + abort + 54f4985f-libxl-fix-libvirtd-double-free.patch + +--- +Tue Oct 6 09:04:17 MDT 2015 - carn...@suse.com + +- bsc#949046 - Increase %suse_version in SP1 to 1316 + xen.spec +- Update README.SUSE detailing dom0 ballooning recommendations + +--- +Mon Oct 5 09:12:45 MDT 2015 - carn...@suse.com + +- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ + secondly show errors + 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch +- Upstream patches from Jan + 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch + 55f9345b-x86-MSI-fail-if-no-hardware-support.patch + 5604f239-x86-PV-properly-populate-descriptor-tables.patch + 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch + 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch + 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch + 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch + 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch + 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch + +--- +Fri Oct 2 11:31:34 MDT 2015 - mlati...@suse.com + +- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. + Hotplug scripts not working. + hotplug-Linux-block-performance-fix.patch + +--- +Wed Sep 23 14:56:47 MDT 2015 - carn...@suse.com + +- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour + readonly flag on disks with qemu-xen (xsa-142) + CVE-2015-7311-xsa142.patch + +--- New: 54f4985f-libxl-fix-libvirtd-double-free.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch CVE-2015-7311-xsa142.patch hotplug-Linux-block-performance-fix.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.6TTrYH/_old 2015-10-14 16:43:25.0 +0200 +++ /var/tmp/diff_new_pack.6TTrYH/_new 2015-10-14 16:43:25.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -46,7 +45,7 @@ # %define max_cpus 4 %ifarch x86_64 -%if %suse_version == 1315 +%if %suse_version >= 1315 %define max_cpus 1024 %else %define max_cpus 512 @@ -159,7 +158,7 @@ %endif %endif -Version:4.5.1_08 +Version:4.5.1_10 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -202,34 +201,45 @@ # http://xenbits.xensource.com/ext/xenalyze Source2:xenalyze.hg.tar.bz2 # Upstream patches -Patch1: 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch -Patch2: 551ac326-xentop-add-support-for-qdisk.patch -Patch3: 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch -Patch4: 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch -Patch5: 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-09-24 07:16:58 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-08-31 22:57:44.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-09-24 07:16:59.0 +0200 @@ -1,0 +2,38 @@ +Mon Sep 16 07:17:00 UTC 2015 - cy...@suse.com + +- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 + pci-attach-fix.patch + +--- +Tue Sep 15 14:48:27 MDT 2015 - jfeh...@suse.com + +- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 + 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch + +--- +Wed Sep 9 08:55:29 MDT 2015 - carn...@suse.com + +- Upstream patches from Jan + 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch + 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch + 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch + 55e43fd8-x86-NUMA-fix-setup_node.patch + 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch + 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch + 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch + 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch + 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch + +--- +Tue Sep 8 11:26:45 MDT 2015 - carn...@suse.com + +- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in + vnc_client_read() and protocol_client_msg() + CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch + CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch +- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite + loop issue + CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch + CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch + +--- New: 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch pci-attach-fix.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.mHwCXF/_old 2015-09-24 07:17:03.0 +0200 +++ /var/tmp/diff_new_pack.mHwCXF/_new 2015-09-24 07:17:03.0 +0200 @@ -159,7 +159,7 @@ %endif %endif -Version:4.5.1_07 +Version:4.5.1_08 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -223,6 +223,13 @@ Patch19:55a77e4f-dmar-device-scope-mem-leak-fix.patch Patch20:55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch Patch21:55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch +Patch22:55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch +Patch23: 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch +Patch24: 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch +Patch25:55e43fd8-x86-NUMA-fix-setup_node.patch +Patch26:55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch +Patch27: 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch +Patch28:5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch Patch131: CVE-2015-4106-xsa131-9.patch Patch137: CVE-2015-3259-xsa137.patch Patch139: xsa139-qemuu.patch @@ -256,6 +263,10 @@ Patch262: CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch Patch263: CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch Patch264: CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch +Patch265:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-08-31 22:57:42 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is "xen" Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-08-21 08:24:25.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-08-31 22:57:44.0 +0200 @@ -1,0 +2,47 @@ +Wed Aug 26 16:18:58 MDT 2015 - carn...@suse.com + +- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line + config handling stack overflow + 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch + +--- +Tue Aug 18 10:18:20 MDT 2015 - carn...@suse.com + +- bsc#907514 - Bus fatal error & sles12 sudden reboot has been + observed +- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after + shutdown of guest with VT-d NIC +- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been + observed +- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden + reboot has been observed + 552d293b-x86-vMSI-X-honor-all-mask-requests.patch + 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch + 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch + 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch + 5583d9c5-x86-MSI-X-cleanup.patch + 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch + 55b0a218-x86-PCI-CFG-write-intercept.patch + 55b0a255-x86-MSI-X-maskall.patch + 55b0a283-x86-MSI-X-teardown.patch + 55b0a2ab-x86-MSI-X-enable.patch + 55b0a2db-x86-MSI-track-guest-masking.patch +- Upstream patches from Jan + 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch + 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch + 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch + 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch + 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch + 55a77e4f-dmar-device-scope-mem-leak-fix.patch + 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch + 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch +- Dropped for upstream version + x86-MSI-mask.patch + x86-MSI-pv-unmask.patch + x86-MSI-X-enable.patch + x86-MSI-X-maskall.patch + x86-MSI-X-teardown.patch + x86-pci_cfg_okay.patch + x86-PCI-CFG-write-intercept.patch + +--- @@ -94,4 +140,0 @@ -- Dropped - qemu-MSI-X-enable-maskall.patch - qemu-MSI-X-latch-writes.patch - x86-MSI-X-guest-mask.patch @@ -130,0 +174,3 @@ + qemu-MSI-X-enable-maskall.patch + qemu-MSI-X-latch-writes.patch + x86-MSI-X-guest-mask.patch Old: x86-MSI-X-enable.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-MSI-mask.patch x86-MSI-pv-unmask.patch x86-PCI-CFG-write-intercept.patch x86-pci_cfg_okay.patch New: 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch 55b0a2db-x86-MSI-track-guest-masking.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.wPkcl5/_old 2015-08-31 22:57:48.0 +0200 +++ /var/tmp/diff_new_pack.wPkcl5/_new 2015-08-31 22:57:48.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -158,7 +159,7 @@ %endif %endif -Version:4.5.1_02 +Version:4.5.1_07 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -203,16 +204,25 @@ # Upstream patches Patch1:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-08-21 08:24:24 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-07-16 17:15:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-08-21 08:24:25.0 +0200 @@ -1,0 +2,48 @@ +Tue Jul 28 09:04:13 MDT 2015 - carn...@suse.com + +- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap + memory in rtl8139 device model + xsa140-qemuu-1.patch + xsa140-qemuu-2.patch + xsa140-qemuu-3.patch + xsa140-qemuu-4.patch + xsa140-qemuu-5.patch + xsa140-qemuu-6.patch + xsa140-qemuu-7.patch + xsa140-qemut-1.patch + xsa140-qemut-2.patch + xsa140-qemut-3.patch + xsa140-qemut-4.patch + xsa140-qemut-5.patch + xsa140-qemut-6.patch + xsa140-qemut-7.patch +- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen + block unplug protocol + xsa139-qemuu.patch + +--- +Tue Jul 21 10:03:24 UTC 2015 - oher...@suse.de + +- bsc#937371 - xen vm's running after reboot + xendomains-libvirtd-conflict.patch + +--- +Thu Jul 16 10:14:12 MDT 2015 - carn...@suse.com + +- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code + execution via IDE subsystem CD-ROM + CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch + CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch + CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch + CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch + +--- +Wed Jul 15 08:28:23 UTC 2015 - oher...@suse.de + +- Remove xendomains.service from systemd preset file because it + conflicts with libvirt-guests.service (bnc#937371) + Its up to the admin to run systemctl enable xendomains.service + +--- @@ -49,0 +98,5 @@ + +--- +Tue Jul 7 13:35:34 UTC 2015 - oher...@suse.de + +- Adjust more places to use br0 instead of xenbr0 New: CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch xendomains-libvirtd-conflict.patch xsa139-qemuu.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.qbU3ym/_old 2015-08-21 08:24:28.0 +0200 +++ /var/tmp/diff_new_pack.qbU3ym/_new 2015-08-21 08:24:28.0 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -216,6 +215,21 @@ Patch12:559bdde5-pull-in-latest-linux-earlycpio.patch Patch131: CVE-2015-4106-xsa131-9.patch Patch137: CVE-2015-3259-xsa137.patch +Patch139: xsa139-qemuu.patch +Patch14001: xsa140-qemuu-1.patch +Patch14002: xsa140-qemuu-2.patch +Patch14003: xsa140-qemuu-3.patch +Patch14004: xsa140-qemuu-4.patch +Patch14005: xsa140-qemuu-5.patch +Patch14006: xsa140-qemuu-6.patch +Patch14007: xsa140-qemuu-7.patch +Patch14011: xsa140-qemut-1.patch +Patch14012: xsa140-qemut-2.patch +Patch14013: xsa140-qemut-3.patch +Patch14014: xsa140-qemut-4.patch +Patch14015: xsa140-qemut-5.patch +Patch14016: xsa140-qemut-6.patch +Patch14017: xsa140-qemut-7.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -226,6 +240,12 @@ Patch256: 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch Patch257: 0007-e1000-verify-we-have-buffers-upfront.patch Patch258: 0008-e1000-check-buffer-availability.patch
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-05-16 07:12:45 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-05-06 11:17:22.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-05-16 07:12:47.0 +0200 @@ -1,0 +2,15 @@ +Mon May 11 15:07:30 MDT 2015 - carn...@suse.com + +- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through + XEN_DOMCTL_gettscinfo (XSA-132) + 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch + +--- +Thu May 7 06:53:15 MDT 2015 - carn...@suse.com + +- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu + floppy driver host code execution + CVE-2015-3456-xsa133-qemuu.patch + CVE-2015-3456-xsa133-qemut.patch + +--- New: 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch CVE-2015-3456-xsa133-qemut.patch CVE-2015-3456-xsa133-qemuu.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.MqyynZ/_old 2015-05-16 07:12:50.0 +0200 +++ /var/tmp/diff_new_pack.MqyynZ/_new 2015-05-16 07:12:50.0 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -157,7 +158,7 @@ %endif %endif -Version:4.5.0_03 +Version:4.5.0_04 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -204,6 +205,7 @@ Patch2: 551ac326-xentop-add-support-for-qdisk.patch Patch3: 5513b458-allow-reboot-overrides-when-running-under-EFI.patch Patch4: 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch +Patch5: 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -214,6 +216,8 @@ Patch256: 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch Patch257: 0007-e1000-verify-we-have-buffers-upfront.patch Patch258: 0008-e1000-check-buffer-availability.patch +Patch260: CVE-2015-3456-xsa133-qemuu.patch +Patch261: CVE-2015-3456-xsa133-qemut.patch # Our platform specific patches Patch301: xen-destdir.patch Patch302: vif-bridge-no-iptables.patch @@ -507,6 +511,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -517,6 +522,8 @@ %patch256 -p1 %patch257 -p1 %patch258 -p1 +%patch260 -p1 +%patch261 -p1 # Our platform specific patches %patch301 -p1 %patch302 -p1 ++ 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch ++ Subject: domctl/sysctl: don't leak hypervisor stack to toolstacks From: Andrew Cooper andrew.coop...@citrix.com Tue Apr 21 09:03:15 2015 +0200 Date: Tue Apr 21 09:03:15 2015 +0200: Git: 4ff3449f0e9d175ceb9551d3f2aecb59273f639d This is CVE-2015-3340 / XSA-132. Signed-off-by: Andrew Cooper andrew.coop...@citrix.com Reviewed-by: Jan Beulich jbeul...@suse.com Acked-by: Ian Campbell ian.campb...@citrix.com Index: xen-4.5.0-testing/xen/arch/x86/domctl.c === --- xen-4.5.0-testing.orig/xen/arch/x86/domctl.c +++ xen-4.5.0-testing/xen/arch/x86/domctl.c @@ -886,7 +886,7 @@ long arch_do_domctl( case XEN_DOMCTL_gettscinfo: { -xen_guest_tsc_info_t info; +xen_guest_tsc_info_t info = { 0 }; domain_pause(d); tsc_get_info(d, info.tsc_mode, Index: xen-4.5.0-testing/xen/common/sysctl.c === --- xen-4.5.0-testing.orig/xen/common/sysctl.c +++ xen-4.5.0-testing/xen/common/sysctl.c @@ -76,7 +76,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe case XEN_SYSCTL_getdomaininfolist: { struct domain *d; -struct xen_domctl_getdomaininfo info; +struct xen_domctl_getdomaininfo info = { 0 }; u32 num_domains = 0; rcu_read_lock(domlist_read_lock); ++ CVE-2015-3456-xsa133-qemut.patch ++ From ac7ddbe342d7aa2303c39ca731cc6229dbbd739b Mon Sep 17 00:00:00 2001 From: Petr Matousek pmato...@redhat.com Date: Wed, 6 May 2015 09:48:59 +0200 Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-05-06 11:17:21 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-04-12 00:08:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-05-06 11:17:22.0 +0200 @@ -1,0 +2,13 @@ +Mon Apr 27 09:55:01 MDT 2015 - carn...@suse.com + +- bsc#928783 - Reboot failure; Request backport of upstream Xen + patch to 4.5.0, or update pkgs to 4.5.1 + 5513b458-allow-reboot-overrides-when-running-under-EFI.patch + 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch + +--- +Tue Apr 21 12:21:05 UTC 2015 - oher...@suse.de + +- bnc#927750 - Avoid errors reported by system-modules-load.service + +--- New: 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch xen-dom0-modules.service Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.wUw97J/_old 2015-05-06 11:17:26.0 +0200 +++ /var/tmp/diff_new_pack.wUw97J/_new 2015-05-06 11:17:26.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -194,6 +193,7 @@ Source37: xen2libvirt.py # Systemd service files Source41: xencommons.service +Source42: xen-dom0-modules.service Source57: xen-utils-0.1.tar.bz2 # For xen-libs Source99: baselibs.conf @@ -202,6 +202,8 @@ # Upstream patches Patch1: 5124efbe-add-qxl-support.patch Patch2: 551ac326-xentop-add-support-for-qdisk.patch +Patch3: 5513b458-allow-reboot-overrides-when-running-under-EFI.patch +Patch4: 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -503,6 +505,8 @@ # Upstream patches %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -868,6 +872,19 @@ EOF %endif cp -bavL %{S:41} $RPM_BUILD_ROOT%{_unitdir} +bn=`basename %{S:42}` +cp -bavL %{S:42} $RPM_BUILD_ROOT%{_unitdir}/${bn} +mods=` +for conf in $(ls $RPM_BUILD_ROOT%{with_systemd_modules_load}/*.conf) +do + grep -v ^# $conf + echo -n $conf +done +` +for mod in $mods +do + echo ExecStart=-/usr/bin/env modprobe $mod $RPM_BUILD_ROOT%{_unitdir}/${bn} +done rm -rfv $RPM_BUILD_ROOT%{_initddir} %else # Init scripts ++ 5513b458-allow-reboot-overrides-when-running-under-EFI.patch ++ Subject: x86/EFI: allow reboot= overrides when running under EFI From: Konrad Rzeszutek Wilk konrad.w...@oracle.com Thu Mar 26 08:25:12 2015 +0100 Date: Thu Mar 26 08:25:12 2015 +0100: Git: 89bdb85c5cf5d71683a4eddd6143ee15cc298655 By default we will always use EFI reboot mechanism when running under EFI platforms. However some EFI platforms are buggy and need to use the ACPI mechanism to reboot (such as Lenovo ThinkCentre M57). As such respect the 'reboot=' override and DMI overrides for EFI platforms. Signed-off-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com - BOOT_INVALID is just zero - also consider acpi_disabled in BOOT_INVALID resolution - duplicate BOOT_INVALID resolution in machine_restart() - don't fall back from BOOT_ACPI to BOOT_EFI (if it was overridden, it surely was for a reason) - adjust doc change formatting Signed-off-by: Jan Beulich jbeul...@suse.com Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com Reviewed-by: Andrew Cooper andrew.coop...@citrix.com x86/EFI: fix reboot after c643fb110a acpi_disabled needs to be moved out of .init.data. Reported-by: Ross Lagerwall ross.lagerw...@citrix.com From: Konrad Rzeszutek Wilk konrad.w...@oracle.com Signed-off-by: Jan Beulich jbeul...@suse.com Tested-by: Ross Lagerwall ross.lagerw...@citrix.com master commit: c643fb110a51693e82a36ca9178d54f0b9744024 master date: 2015-03-13 11:25:52 +0100 master commit: 8ff330ec11e471919621bce97c069b83b0319d15 master date: 2015-03-23 18:01:51 +0100 diff --git a/docs/misc/xen-command-line.markdown
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-04-12 00:08:41 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-03-30 19:31:26.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-04-12 00:08:42.0 +0200 @@ -1,0 +2,22 @@ +Wed Apr 8 10:17:41 UTC 2015 - rguent...@suse.com + +- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively + turn errors back to warnings to fix build with GCC 5. +- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to + avoid implicit-fortify-decl rpmlint error. +- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch. + +--- +Fri Apr 3 10:54:05 MDT 2015 - carn...@suse.com + +- xentop: Fix memory leak on read failure + 551ac326-xentop-add-support-for-qdisk.patch + +--- +Tue Mar 31 16:03:54 MDT 2015 - carn...@suse.com + +- Dropped xentop-add-support-for-qdisk.patch in favor of upstream + version + 551ac326-xentop-add-support-for-qdisk.patch + +--- @@ -6,0 +29,10 @@ + +--- +Thu Mar 12 12:33:45 UTC 2015 - rguent...@suse.com + +- Add xen-c99-fix.patch to remove pointless inline specifier on + function declarations which break build with a C99 compiler which + GCC 5 is by default. (bsc#921994) +- Add ipxe-no-error-logical-not-parentheses.patch to supply + -Wno-logical-not-parentheses to the ipxe build to fix + breakage with GCC 5. (bsc#921994) Old: xentop-add-support-for-qdisk.patch New: 551ac326-xentop-add-support-for-qdisk.patch blktap-no-uninit.patch ipxe-no-error-logical-not-parentheses.patch xen-c99-fix.patch xen-no-array-bounds.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.uiz1Sj/_old 2015-04-12 00:08:45.0 +0200 +++ /var/tmp/diff_new_pack.uiz1Sj/_new 2015-04-12 00:08:45.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -201,6 +201,7 @@ Source2:xenalyze.hg.tar.bz2 # Upstream patches Patch1: 5124efbe-add-qxl-support.patch +Patch2: 551ac326-xentop-add-support-for-qdisk.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -222,7 +223,7 @@ Patch330: suspend_evtchn_lock.patch Patch331: xenpaging.doc.patch Patch332: local_attach_support_for_phy.patch -Patch333: xentop-add-support-for-qdisk.patch +Patch333: xen-c99-fix.patch # Qemu traditional Patch350: blktap.patch Patch351: cdrom-removable.patch @@ -261,6 +262,7 @@ Patch387: libxl.set-migration-constraints-from-cmdline.patch Patch389: qemu-xen-upstream-megasas-buildtime.patch Patch390: libxl.pvscsi.patch +Patch391: blktap-no-uninit.patch # Other bug fixes or features Patch451: xenconsole-no-multiple-connections.patch Patch452: hibernate.patch @@ -291,9 +293,11 @@ Patch605: xen.build-compare.vgabios.patch Patch606: xen.build-compare.seabios.patch Patch607: xen.build-compare.man.patch +Patch608: ipxe-no-error-logical-not-parentheses.patch # Build patches Patch6: xen.stubdom.newlib.patch Patch8: tmp_build.patch +Patch9: xen-no-array-bounds.patch Url:http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define pyver %(python -c import sys; print sys.version[:3]) @@ -498,6 +502,7 @@ %setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 57 -a 2 # Upstream patches %patch1 -p1 +%patch2 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -557,6 +562,7 @@ %patch387 -p1 %patch389 -p1 %patch390 -p1 +%patch391 -p1 # Other bug fixes or features %patch451 -p1 %patch452 -p1 @@ -587,9 +593,11 @@ %patch605 -p1 %patch606 -p1 %patch607 -p1 +%patch608 -p1 # Build patches %patch6 -p1 %patch8 -p1 +%patch9 -p1 %build # we control the version info of this package ++ 551ac326-xentop-add-support-for-qdisk.patch ++ 609 lines (skipped) ++
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-03-30 19:31:25 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-03-09 10:00:12.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-03-30 19:31:26.0 +0200 @@ -1,0 +2,14 @@ +Mon Mar 16 10:14:15 MDT 2015 - carn...@suse.com + +- Enable spice support in qemu for x86_64 + 5124efbe-add-qxl-support.patch + qemu-xen-enable-spice-support.patch + +--- +Wed Mar 11 13:15:07 MDT 2015 - carn...@suse.com + +- bnc#921842 - Xentop doesn't display disk statistics for VMs using + qdisks + xentop-add-support-for-qdisk.patch + +--- New: 5124efbe-add-qxl-support.patch qemu-xen-enable-spice-support.patch xentop-add-support-for-qdisk.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.PCEqP5/_old 2015-03-30 19:31:29.0 +0200 +++ /var/tmp/diff_new_pack.PCEqP5/_new 2015-03-30 19:31:29.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -98,6 +98,13 @@ BuildRequires: libuuid-devel BuildRequires: libxml2-devel BuildRequires: libyajl-devel +%ifarch x86_64 +%if 0%{?suse_version} 1230 +BuildRequires: libspice-server-devel +BuildRequires: spice-protocol-devel +BuildRequires: usbredir-devel +%endif +%endif %if %{?with_qemu_traditional}0 BuildRequires: SDL-devel BuildRequires: pciutils-devel @@ -193,6 +200,7 @@ # http://xenbits.xensource.com/ext/xenalyze Source2:xenalyze.hg.tar.bz2 # Upstream patches +Patch1: 5124efbe-add-qxl-support.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -214,6 +222,7 @@ Patch330: suspend_evtchn_lock.patch Patch331: xenpaging.doc.patch Patch332: local_attach_support_for_phy.patch +Patch333: xentop-add-support-for-qdisk.patch # Qemu traditional Patch350: blktap.patch Patch351: cdrom-removable.patch @@ -267,6 +276,7 @@ Patch466: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch Patch467: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch Patch470: qemu-xen-upstream-qdisk-cache-unsafe.patch +Patch471: qemu-xen-enable-spice-support.patch Patch472: tigervnc-long-press.patch # Hypervisor and PV driver Patches Patch501: x86-ioapic-ack-default.patch @@ -487,6 +497,7 @@ %prep %setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 57 -a 2 # Upstream patches +%patch1 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -507,6 +518,7 @@ %patch330 -p1 %patch331 -p1 %patch332 -p1 +%patch333 -p1 # Qemu traditional %patch350 -p1 %patch351 -p1 @@ -560,6 +572,7 @@ %patch466 -p1 %patch467 -p1 %patch470 -p1 +%patch471 -p1 %patch472 -p1 # Hypervisor and PV driver Patches %patch501 -p1 @@ -636,6 +649,11 @@ then : no changes? fi +%ifarch x86_64 +%if 0%{?suse_version} 1230 +export QEMU_XEN_ENABLE_SPICE=--enable-spice --enable-usb-redir +%endif +%endif configure_flags= %if %{?with_stubdom}0 configure_flags=--enable-stubdom ++ 5124efbe-add-qxl-support.patch ++ Usage: vga=qxl Qxl vga support many resolutions that not supported by stdvga, mainly the 16:9 ones and other high up to 2560x1600. With QXL you can get improved performance and smooth video also with high resolutions and high quality. Require their drivers installed in the domU and spice used otherwise act as a simple stdvga. Signed-off-by: Fabio Fantoni fabio.fantoni@xxx Signed-off-by: Zhou Peng zpengxen@x Acked-by: Stefano Stabellini stefano.stabellini@x Acked-by: Ian Jackson ian.jackson@x Acked-by: George Dunlap george.dunlap@x --- Changes in v16: - refresh - improved commit description Changes in v15: - refresh - small code improvements in libxl_dm.c Changes in v14: - refresh - update qemu parameters (from -vga to -device) NOTES: Works correctly with windows domUs, tested on windows 7 64 bit with qxl driver from spice guest tools 0.74. I tested some resolution not supported by stdvga (1366x768, 1600x900 and 1920x1080) with 32 bit color and all works
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-03-09 10:00:11 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-02-18 20:36:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-03-09 10:00:12.0 +0100 @@ -1,0 +2,7 @@ +Tue Feb 24 16:22:45 UTC 2015 - meiss...@suse.com + +- Disable the PIE enablement done for Factory, as the XEN code + is not buildable with PIE and it does not make much sense + to build the hypervisor code with it. + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.jmiiRC/_old 2015-03-09 10:00:15.0 +0100 +++ /var/tmp/diff_new_pack.jmiiRC/_new 2015-03-09 10:00:15.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -86,6 +87,7 @@ %ifarch %ix86 x86_64 BuildRequires: dev86 %endif +#!BuildIgnore: gcc-PIE BuildRequires: bison BuildRequires: fdupes BuildRequires: flex -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-02-18 20:36:09 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-02-16 17:49:50.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-02-18 20:36:20.0 +0100 @@ -1,0 +2,11 @@ +Tue Feb 17 10:48:56 MST 2015 - carn...@suse.com + +- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 + xen.spec + +--- +Tue Feb 10 16:06:40 UTC 2015 - oher...@suse.de + +- Package xen.changes because its referenced in xen.spec + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.WqeSFa/_old 2015-02-18 20:36:23.0 +0100 +++ /var/tmp/diff_new_pack.WqeSFa/_new 2015-02-18 20:36:24.0 +0100 @@ -149,7 +149,7 @@ %endif %endif -Version:4.5.0_02 +Version:4.5.0_03 Release:0 Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License:GPL-2.0 @@ -160,6 +160,7 @@ Source3:qemu-xen-dir-remote.tar.bz2 Source4:seabios-dir-remote.tar.bz2 Source5:ipxe.tar.bz2 +Source9:xen.changes Source10: README.SUSE Source11: boot.xen Source12: boot.local.xenU @@ -285,7 +286,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define pyver %(python -c import sys; print sys.version[:3]) %if %{?with_kmp}0 -%suse_kernel_module_package -n xen um xen -f kmp_filelist +%suse_kernel_module_package -n xen um pv xen -f kmp_filelist %endif %description @@ -594,13 +595,13 @@ SMBIOS_DATE=`date -u -d '1970-01-01' +%%m/%%d/%%Y` RELDATE=`date -u -d '1970-01-01' '+%%d %%b %%Y'` SEABIOS_DATE=`date -u -d '1970-01-01' '+?-%%Y%%m%%d_%%H%%M%%S-buildhost'` -if test -r $RPM_SOURCE_DIR/xen.changes +if test -r %{S:9} then - XEN_BUILD_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' $RPM_SOURCE_DIR/xen.changes)\ ` - XEN_BUILD_TIME=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' $RPM_SOURCE_DIR/xen.changes)\ +%%T` - SMBIOS_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' $RPM_SOURCE_DIR/xen.changes)\ +%%m/%%d/%%Y` - RELDATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' $RPM_SOURCE_DIR/xen.changes)\ '+%%d %%b %%Y'` - SEABIOS_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' $RPM_SOURCE_DIR/xen.changes)\ '+?-%%Y%%m%%d_%%H%%M%%S-buildhost'` + XEN_BUILD_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\ ` + XEN_BUILD_TIME=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\ +%%T` + SMBIOS_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\ +%%m/%%d/%%Y` + RELDATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\ '+%%d %%b %%Y'` + SEABIOS_DATE=` date -u -d \$(sed -n '/@/{s/ - .*$//p;q}' %{S:9})\ '+?-%%Y%%m%%d_%%H%%M%%S-buildhost'` fi cat .our_xenversion _EOV_ export WGET=$(type -P false) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-02-16 15:25:00 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-02-04 09:31:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-02-16 17:49:50.0 +0100 @@ -1,0 +2,6 @@ +Wed Jan 28 08:44:32 MST 2015 - carn...@suse.com + +- Update seabios to rel-1.7.5 which is the correct version for + Xen 4.5 + +--- Other differences: -- ++ ioemu-blktap-fv-init.patch ++ --- /var/tmp/diff_new_pack.v3DgFd/_old 2015-02-16 17:49:53.0 +0100 +++ /var/tmp/diff_new_pack.v3DgFd/_new 2015-02-16 17:49:53.0 +0100 @@ -1,7 +1,5 @@ -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/hw/xen_machine_fv.c -=== xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/xen_machine_fv.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/hw/xen_machine_fv.c +--- a/tools/qemu-xen-traditional-dir-remote/hw/xen_machine_fv.c b/tools/qemu-xen-traditional-dir-remote/hw/xen_machine_fv.c @@ -270,6 +270,7 @@ void qemu_invalidate_entry(uint8_t *buff #endif /* defined(MAPCACHE) */ @@ -14,7 +12,7 @@ } #endif -+#ifndef CONFIG_STUBDOM ++#if defined(CONFIG_BLKTAP1) !defined(CONFIG_STUBDOM) !defined(__NetBSD__) +/* Initialize tapdisk client */ +init_blktap(); +#endif ++ seabios-dir-remote.tar.bz2 ++ 113301 lines of diff (skipped) ++ xen.build-compare.seabios.patch ++ --- /var/tmp/diff_new_pack.v3DgFd/_old 2015-02-16 17:49:54.0 +0100 +++ /var/tmp/diff_new_pack.v3DgFd/_new 2015-02-16 17:49:54.0 +0100 @@ -3,10 +3,10 @@ tools/firmware/seabios-dir-remote/tools/buildversion.sh |5 + 1 file changed, 5 insertions(+) -Index: xen-4.5.0-testing/tools/firmware/seabios-dir-remote/tools/buildversion.sh +Index: xen-4.5.0-testing/tools/firmware/seabios-dir-remote/scripts/buildversion.sh === xen-4.5.0-testing.orig/tools/firmware/seabios-dir-remote/tools/buildversion.sh -+++ xen-4.5.0-testing/tools/firmware/seabios-dir-remote/tools/buildversion.sh +--- xen-4.5.0-testing.orig/tools/firmware/seabios-dir-remote/scripts/buildversion.sh xen-4.5.0-testing/tools/firmware/seabios-dir-remote/scripts/buildversion.sh @@ -11,7 +11,12 @@ elif [ -f .version ]; then else VERSION=? -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-02-04 09:31:06 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-10-14 13:24:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-02-04 09:31:32.0 +0100 @@ -1,0 +2,197 @@ +Wed Jan 14 10:47:43 MST 2015 - carn...@suse.com + +- Update to Xen 4.5.0 FCS + +--- +Wed Jan 14 16:54:24 UTC 2015 - oher...@suse.de + +- Include systemd presets in 13.2 and older + +--- +Mon Jan 12 14:49:23 UTC 2015 - oher...@suse.de + +- bnc#897352 - Enable xencommons/xendomains only during fresh install +- disable restart on upgrade because the toolstack is not restartable + +--- +Tue Dec 16 11:42:30 UTC 2014 - oher...@suse.de + +- adjust seabios, vgabios, stubdom and hvmloader build to reduce + build-compare noise + xen.build-compare.mini-os.patch + xen.build-compare.smbiosdate.patch + xen.build-compare.ipxe.patch + xen.build-compare.vgabios.patch + xen.build-compare.seabios.patch + xen.build-compare.man.patch + +--- +Mon Dec 15 11:36:42 MST 2014 - carn...@suse.com + +- Update to Xen 4.5.0 RC4 + +--- +Wed Dec 10 08:54:22 UTC 2014 - oher...@suse.de + +- Remove xend specific if-up scripts + Recording bridge slaves is a generic task which should be handled + by generic network code + +--- +Tue Dec 9 18:33:51 UTC 2014 - oher...@suse.de + +- Use systemd features from upstream + requires updated systemd-presets-branding package + +--- +Thu Dec 4 11:59:29 MST 2014 - carn...@suse.com + +- Update to Xen 4.5.0 RC3 + +--- +Thu Dec 4 11:44:24 UTC 2014 - oher...@suse.de + +- Set GIT, WGET and FTP to /bin/false + +--- +Wed Dec 3 12:14:27 UTC 2014 - oher...@suse.de + +- Use new configure features instead of make variables + xen.stubdom.newlib.patch + +--- +Wed Nov 19 17:10:51 UTC 2014 - oher...@suse.de + +- adjust docs and xen build to reduce build-compare noise + xen.build-compare.doc_html.patch + xen.build-compare.xen_compile_h.patch + +--- +Mon Nov 17 16:28:13 UTC 2014 - oher...@suse.de + +- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise + +--- +Tue Nov 11 11:15:30 MST 2014 - carn...@suse.com + +- Update to Xen 4.5.0 RC2 + +--- +Thu Oct 23 18:34:55 MDT 2014 - carn...@suse.com + +- Update to Xen 4.5.0 RC1 + xen-4.5.0-testing-src.tar.bz2 +- Remove all patches now contained in the new tarball + xen-4.4.1-testing-src.tar.bz2 + 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch + 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc00-0x-should-be-UC.patch + 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch + 53d124e7-fix-list_domain_details-check-config-data-length-0.patch + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-10-14 13:24:34 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-10-05 20:30:37.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-10-14 13:24:38.0 +0200 @@ -1,0 +2,5 @@ +Sat Oct 11 08:38:36 UTC 2014 - dmuel...@suse.com + +- restrict requires on grub2-x86_64-xen to x86_64 hosts + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.zNPmxy/_old 2014-10-14 13:24:41.0 +0200 +++ /var/tmp/diff_new_pack.zNPmxy/_new 2014-10-14 13:24:41.0 +0200 @@ -466,8 +466,10 @@ Group: System/Kernel Requires: bridge-utils %if %suse_version = 1315 +%ifarch x86_64 Requires: grub2-x86_64-xen %endif +%endif Requires: multipath-tools Requires: python Requires: python-curses -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-10-05 20:30:33 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-09-25 09:33:43.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-10-05 20:30:37.0 +0200 @@ -1,0 +2,7 @@ +Tue Sep 30 09:01:16 MDT 2014 - carn...@suse.com + +- bnc#897657 - VUL-0: CVE-2014-7188: xen: XSA-108 Improper MSR + range used for x2APIC emulation + xsa108.patch + +--- @@ -27,2 +34,2 @@ -- bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks - in x86 emulation of software interrupts +- bnc#895802 - VUL-0: CVE-2014-7156: xen: XSA-106: Missing + privilege level checks in x86 emulation of software interrupts @@ -30,2 +37,2 @@ -- bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks - in x86 HLT, LGDT, LIDT, and LMSW emulation +- bnc#895799 - VUL-0: CVE-2014-7155: xen: XSA-105: Missing + privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation @@ -33,2 +40,2 @@ -- bnc#895798 - VUL-0: xen: XSA-104: Race condition in - HVMOP_track_dirty_vram +- bnc#895798 - VUL-0: CVE-2014-7154: xen: XSA-104: Race condition + in HVMOP_track_dirty_vram New: xsa108.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.rBfrIa/_old 2014-10-05 20:30:41.0 +0200 +++ /var/tmp/diff_new_pack.rBfrIa/_new 2014-10-05 20:30:41.0 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -240,6 +241,7 @@ Patch105: xsa105.patch Patch106: xsa106.patch Patch107: xsa107.patch +Patch108: xsa108.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -636,6 +638,7 @@ %patch105 -p1 %patch106 -p1 %patch107 -p1 +%patch108 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 ++ xsa108.patch ++ x86/HVM: properly bound x2APIC MSR range While the write path change appears to be purely cosmetic (but still gets done here for consistency), the read side mistake permitted accesses beyond the virtual APIC page. This is XSA-108. Signed-off-by: Jan Beulich jbeul...@suse.com --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3101,7 +3101,7 @@ int hvm_msr_read_intercept(unsigned int *msr_content = vcpu_vlapic(v)-hw.apic_base_msr; break; -case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: +case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: if ( hvm_x2apic_msr_read(v, msr, msr_content) ) goto gp_fault; break; @@ -3227,7 +3227,7 @@ int hvm_msr_write_intercept(unsigned int vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); break; -case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: +case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: if ( hvm_x2apic_msr_write(v, msr, msr_content) ) goto gp_fault; break; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-09-25 09:33:42 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-09-06 12:17:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-09-25 09:33:43.0 +0200 @@ -1,0 +2,36 @@ +Mon Sep 22 09:55:35 MDT 2014 - carn...@suse.com + +- bnc#897614 - Virtualization/xen: Bug `xen-tools` uninstallable; + grub2-x86_64-xen dependency not available + xen.spec + +--- +Wed Sep 17 16:21:22 MDT 2014 - jfeh...@suse.com + +- More cleanup of README.SUSE + +--- +Fri Sep 15 09:37:10 CST 2014 - cy...@suse.com + +- Update xen patch with upstream patch so that latest libvirt + patch can work. (bnc#896044) + + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch + - xen-pass-kernel-initrd-to-qemu.patch + +--- +Wed Sep 10 09:15:39 MDT 2014 - carn...@suse.com + +- bnc#895804 - VUL-0: CVE-2014-6268: xen: XSA-107: Mishandling of + uninitialised FIFO-based event channel control blocks + xsa107.patch +- bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks + in x86 emulation of software interrupts + xsa106.patch +- bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks + in x86 HLT, LGDT, LIDT, and LMSW emulation + xsa105.patch +- bnc#895798 - VUL-0: xen: XSA-104: Race condition in + HVMOP_track_dirty_vram + xsa104.patch + +--- Old: xen-pass-kernel-initrd-to-qemu.patch New: 53fcebab-xen-pass-kernel-initrd-to-qemu.patch xsa104.patch xsa105.patch xsa106.patch xsa107.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.M0pMmJ/_old 2014-09-25 09:33:47.0 +0200 +++ /var/tmp/diff_new_pack.M0pMmJ/_new 2014-09-25 09:33:47.0 +0200 @@ -153,7 +153,7 @@ %endif %endif -Version:4.4.1_04 +Version:4.4.1_06 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -229,12 +229,17 @@ Patch15:53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch Patch16:53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch Patch17:53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch -Patch18:53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch -Patch19: 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch -Patch20: 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch -Patch21: 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch -Patch22: 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch -Patch23: 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch +Patch18:53fcebab-xen-pass-kernel-initrd-to-qemu.patch +Patch19:53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch +Patch20: 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch +Patch21: 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch +Patch22: 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch +Patch23: 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch +Patch24: 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch +Patch104: xsa104.patch +Patch105: xsa105.patch +Patch106: xsa106.patch +Patch107: xsa107.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -362,9 +367,8 @@ Patch468: libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch Patch469: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch Patch470: qemu-xen-upstream-qdisk-cache-unsafe.patch -Patch471: xen-pass-kernel-initrd-to-qemu.patch -Patch472: qemu-support-xen-hvm-direct-kernel-boot.patch -Patch473: tigervnc-long-press.patch +Patch471: qemu-support-xen-hvm-direct-kernel-boot.patch +Patch472: tigervnc-long-press.patch # Hypervisor and PV driver Patches Patch501: x86-ioapic-ack-default.patch Patch502: x86-cpufreq-report.patch @@ -459,7 +463,9 @@ Summary:Xen Virtualization: Control tools for domain 0 Group: System/Kernel Requires:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-09-06 12:17:45 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-08-20 17:53:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-09-06 12:17:50.0 +0200 @@ -1,0 +2,41 @@ +Thu Sep 4 17:01:24 CST 2014 - cy...@suse.com + +- bnc#882405 - Only one key-press event was generated while holding + a key before key-release in pv guests through xl vncviewer + tigervnc-long-press.patch + +--- +Tue Sep 2 09:01:24 MDT 2014 - carn...@suse.com + +- Update to Xen Version 4.4.1 FCS + xen-4.4.1-testing-src.tar.bz2 +- Dropped patches now contained in tarball + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch + +--- +Mon Sep 1 15:20:20 MDT 2014 - carn...@suse.com + +- bnc#882089 - Windows 2012 R2 fails to boot up with greater than + 60 vcpus + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch + 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch + 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch + 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch + 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch +- Upstream patches from Jan + 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch + 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch + 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch + 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch + +--- +Fri Aug 29 09:25:47 MDT 2014 - carn...@suse.com + +- bnc#864801 - VUL-0: CVE-2013-4540: qemu: zaurus: buffer overrun + on invalid state load + CVE-2013-4540-qemu.patch + +--- Old: 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch 53df71c7-lz4-check-for-underruns.patch 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch New: 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch CVE-2013-4540-qemu.patch tigervnc-long-press.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.SmKn8C/_old 2014-09-06 12:17:53.0 +0200 +++ /var/tmp/diff_new_pack.SmKn8C/_new 2014-09-06 12:17:53.0 +0200 @@ -21,7 +21,7 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64 %define xvers 4.4 %define xvermaj 4 -%define changeset 28531 +%define changeset 28541 %define xen_build_dir xen-4.4.1-testing # %define with_kmp 0 @@ -153,7 +153,7 @@ %endif %endif -Version:4.4.1_02 +Version:4.4.1_04 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -224,11 +224,17 @@ Patch10: 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch Patch11: 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch Patch12: 53d124e7-fix-list_domain_details-check-config-data-length-0.patch -Patch13:53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch -Patch14: 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch -Patch15:53df71c7-lz4-check-for-underruns.patch -Patch16: 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch -Patch17: 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch +Patch13: 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch +Patch14: 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch +Patch15:53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch +Patch16:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-08-20 17:52:54 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-07-26 11:27:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-08-20 17:53:00.0 +0200 @@ -1,0 +2,106 @@ +Fri Aug 15 15:09:27 MDT 2014 - carn...@suse.com + +- Update README.SUSE with additional debug help + +--- +Fri Aug 8 07:34:38 MDT 2014 - carn...@suse.com + +- bnc#883112 - Xen Panic during boot System without CMOS RTC must + be booted from EFI + 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch +- Upstream patches from Jan + 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch + 53df71c7-lz4-check-for-underruns.patch + 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch + 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch + +--- +Thu Aug 7 11:26:15 UTC 2014 - carn...@suse.com + +- Update to Xen Version 4.4.1-rc2 + xen-4.4.1-testing-src.tar.bz2 +- Dropped the following upstream patches and xen-4.4.0-testing-src.tar.bz2 + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch + 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53a040c6-page-alloc-scrub-pages-used-by-hypervisor-upon-freeing.patch + 53a1990a-IOMMU-prevent-VT-d-device-IOTLB-operations-on-wrong-IOMMU.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch + 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.patch + 538ee637-ACPI-Prevent-acpi_table_entries-from-falling-into-a-infinite-loop.patch + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53859956-timers-set-the-deadline-more-accurately.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch + 530c54c3-x86-mce-Reduce-boot-time-logspam.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5390927f-x86-fix-reboot-shutdown-with-running-HVM-guests.patch + 530b27fd-x86-MCE-Fix-race-condition-in-mctelem_reserve.patch + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 5396d818-avoid-crash-on-HVM-domain-destroy-with-PCI-passthrough.patch + 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 539ec004-x86-mce-don-t-spam-the-console-with-CPUx-Temperature-z.patch + 53909259-x86-domctl-two-functional-fixes-to-XEN_DOMCTL_-gs-etvcpuextstate.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch + 53271880-VT-d-fix-RMRR-handling.patch + 5390917a-VT-d-honor-APEI-firmware-first-mode-in-XSA-59-workaround-code.patch + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 53a199d7-x86-EFI-allow-FPU-XMM-use-in-runtime-service-functions.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch + 53356c1e-x86-HVM-correct-CPUID-leaf-8008-handling.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 530b28c5-x86-MSI-don-t-risk-division-by-zero.patch + 5396e805-x86-HVM-refine-SMEP-test-in-HVM_CR4_GUEST_RESERVED_BITS.patch +
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-07-26 11:27:52 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-07-08 16:59:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-07-26 11:27:56.0 +0200 @@ -1,0 +2,55 @@ +Thu Jul 24 07:54:34 MDT 2014 - carn...@suse.com + +- Upstream patches from Jan + 5347b524-evtchn-eliminate-64k-ports-limitation.patch + 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch + 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch + 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch + 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch + 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch + 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch + +--- +Mon Jul 21 03:05:48 UTC 2014 - cy...@suse.com + +- bnc#886801 - xl vncviewer: The first domu can be accessed by any id + 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch + +--- +Mon Jul 14 11:14:38 MDT 2014 - carn...@suse.com + +- Upstream pygrub bug fix + 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch + +--- +Wed Jul 9 16:45:58 MDT 2014 - carn...@suse.com + +- Fix pygrub to handle old 32 bit VMs + pygrub-boot-legacy-sles.patch (Mike Latimer) + +--- +Mon Jul 7 17:54:58 MDT 2014 - jfeh...@suse.com + +- Remove xen-vmresync utility. It is an old Platespin Orchestrate + utility that should have never been included in the Xen package. + Updated xen.spec + +--- +Mon Jul 7 17:01:59 MDT 2014 - jfeh...@suse.com + +- Rework xen-destroy utility included in xen-utils + bnc#885292 and bnc#886063 + Updated xen-utils-0.1.tar.bz2 + +--- +Mon Jul 07 11:40:32 MDT 2014 - carn...@suse.com + +- bnc#886063 - Xen monitor fails (xl list --long output different + from xm list --long output) +- bnc#885292 - VirtualDomain: pid_status does not know how to check + status on SLE12 + Re-enable building xen-utils for sle12 and include xen-list and + xen-destroy in the xen-tools package for HA. + xen.spec + +--- New: 5347b524-evtchn-eliminate-64k-ports-limitation.patch 5370e03b-pygrub-fix-error-handling-if-no-valid-partitions-are-found.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53b16cd4-VT-d-ATS-correct-and-clean-up-dev_invalidate_iotlb.patch 53b56de1-properly-reference-count-DOMCTL_-un-pausedomain-hypercalls.patch 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch 53cfdcc7-avoid-crash-when-doing-shutdown-with-active-cpupools.patch 53cfddaf-x86-mem_event-validate-the-response-vcpu_id-before-acting-on-it.patch 53cfdde4-x86-mem_event-prevent-underflow-of-vcpu-pause-counts.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.rZuEbq/_old 2014-07-26 11:27:59.0 +0200 +++ /var/tmp/diff_new_pack.rZuEbq/_new 2014-07-26 11:27:59.0 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -154,7 +153,7 @@ %endif %endif -Version:4.4.0_24 +Version:4.4.0_26 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -239,42 +238,51 @@ Patch24:533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch Patch25:53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch Patch26:5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch -Patch27:534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch -Patch28: 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch -Patch29: 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch -Patch30:5357baff-x86-add-missing-break-in-dom0_pit_access.patch -Patch31:535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch -Patch32:535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch -Patch33:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-06-19 13:19:47 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-06-01 18:58:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-06-19 13:19:50.0 +0200 @@ -1,0 +2,21 @@ +Thu Jun 6 15:50:19 MDT 2014 - carn...@suse.com + +- Modify how we check for libvirt managed domains + xl-check-for-libvirt-managed-domain.patch + +--- +Thu Jun 5 08:56:13 MDT 2014 - carn...@suse.com + +- bnc#878841 - VUL-0: XSA-96: Xen: Vulnerabilities in HVM MSI + injection + 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch +- Upstream patches from Jan + 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch + 537cd0cc-hvmloader-PA-range-0xfc00-0x-should-be-UC.patch + 5383167d-ACPI-ERST-fix-table-mapping.patch + 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch + 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch + 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch + 53859956-timers-set-the-deadline-more-accurately.patch + +--- New: 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch 537cd0cc-hvmloader-PA-range-0xfc00-0x-should-be-UC.patch 5383167d-ACPI-ERST-fix-table-mapping.patch 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch 53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch 53859956-timers-set-the-deadline-more-accurately.patch 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.cfX6MD/_old 2014-06-19 13:19:53.0 +0200 +++ /var/tmp/diff_new_pack.cfX6MD/_new 2014-06-19 13:19:53.0 +0200 @@ -154,7 +154,7 @@ %endif %endif -Version:4.4.0_20 +Version:4.4.0_22 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -255,6 +255,14 @@ Patch40: 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch Patch41: 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch Patch42:537b5ede-move-domain-to-cpupool0-before-destroying-it.patch +Patch43: 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch +Patch44: 537cd0cc-hvmloader-PA-range-0xfc00-0x-should-be-UC.patch +Patch45:5383167d-ACPI-ERST-fix-table-mapping.patch +Patch46: 5383175e-VT-d-fix-mask-applied-to-DMIBAR-in-desktop-chipset-XSA-59-workaround.patch +Patch47:53859549-AMD-IOMMU-don-t-free-page-table-prematurely.patch +Patch48: 5385956b-x86-don-t-use-VA-for-cache-flush-when-also-flushing-TLB.patch +Patch49:53859956-timers-set-the-deadline-more-accurately.patch +Patch50: 538dcada-x86-HVM-eliminate-vulnerabilities-from-hvm_inject_msi.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -660,6 +668,14 @@ %patch40 -p1 %patch41 -p1 %patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch46 -p1 +%patch47 -p1 +%patch48 -p1 +%patch49 -p1 +%patch50 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 ++ 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch ++ # Commit d06886694328a31369addc1f614cf326728d65a6 # Date 2014-05-21 18:13:36 +0200 # Author Jan Beulich jbeul...@suse.com # Committer Jan Beulich jbeul...@suse.com hvmloader: also cover PCI MMIO ranges above 4G with UC MTRR ranges When adding support for BAR assignments to addresses above 4G, the MTRR side of things was left out. Additionally the MMIO ranges in the DSDT's \_SB.PCI0._CRS were having memory types not matching the ones put into MTRRs: The legacy VGA range is supposed to be WC, and the other ones should be UC. Signed-off-by: Jan Beulich jbeul...@suse.com Acked-by: Ian Campbell ian.campb...@citrix.com # Commit 119d8a42d3bfe6ebc1785720e1a7260e5c698632 # Date 2014-05-22 14:20:19 +0200 # Author Jan Beulich jbeul...@suse.com # Committer Jan Beulich jbeul...@suse.com hvmloader: fix build with certain iasl versions While most of them support what we have
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-06-01 18:58:23 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-05-15 21:31:30.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-06-01 18:58:38.0 +0200 @@ -1,0 +2,44 @@ +Tue May 27 16:54:13 CEST 2014 - oher...@suse.de + +- bnc#879425: handle cache=unsafe from libvirt to disable flush in qdisk + libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch + qemu-xen-upstream-qdisk-cache-unsafe.patch + +--- +Tue May 27 16:50:22 CEST 2014 - oher...@suse.de + +- libxl: introduce an option for disabling the non-O_DIRECT workaround + recognize direct-io-safe in domU.cfg diskspec + libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch + +--- +Tue May 27 16:44:06 CEST 2014 - oher...@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + update patch to allow more values in overloaded -readwrite member + +--- +Tue May 27 08:03:51 MDT 2014 - carn...@suse.com + +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch + 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch +- Upstream patches from Jan + 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch + 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch + 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch + +--- +Tue May 20 16:34:37 MDT 2014 - carn...@suse.com + +- Update README.SuSE with information on the toolstack change + +--- +Fri May 16 10:27:04 CEST 2014 - oher...@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + update to recognize option discard/no-discard instead of discard=0,1 + to match upstream change + +--- New: 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch qemu-xen-upstream-qdisk-cache-unsafe.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.JjJzfv/_old 2014-06-01 18:58:40.0 +0200 +++ /var/tmp/diff_new_pack.JjJzfv/_new 2014-06-01 18:58:40.0 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -153,7 +154,7 @@ %endif %endif -Version:4.4.0_18 +Version:4.4.0_20 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -249,6 +250,11 @@ Patch35:535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch Patch36: 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch Patch37:53636ebf-x86-fix-guest-CPUID-handling.patch +Patch38:53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch +Patch39: 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch +Patch40: 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch +Patch41: 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch +Patch42:537b5ede-move-domain-to-cpupool0-before-destroying-it.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -372,6 +378,9 @@ Patch465: libxl.add-option-for-discard-support-to-xl-disk-conf.patch Patch466: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch Patch467: xl-check-for-libvirt-managed-domain.patch +Patch468: libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch +Patch469:
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-05-15 21:31:28 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-05-02 19:21:29.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-05-15 21:31:30.0 +0200 @@ -1,0 +2,29 @@ +Mon May 12 18:00:14 CEST 2014 - oher...@suse.de + +- fate#316613: Implement pvscsi in xl/libxl + libxl.pvscsi.patch + +--- +Fri May 9 08:07:34 MDT 2014 - carn...@suse.com + +- bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92: + HVMOP_set_mem_type allows invalid P2M entries to be created + 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch) +- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d + Interrupt Remapping engines can be evaded by native NMI interrupts + 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch + 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch +- Upstream patches from Jan + 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch + 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch + 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch + 53636ebf-x86-fix-guest-CPUID-handling.patch + +--- +Tue May 6 13:24:14 MDT 2014 - carn...@suse.com + +- Fix pygrub to handle VM with no grub/menu.lst file. +- Don't use /var/run/xend/boot for temporary boot directory + pygrub-boot-legacy-sles.patch + +--- Old: xsa92.patch New: 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch 53636ebf-x86-fix-guest-CPUID-handling.patch libxl.pvscsi.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Vl5xWb/_old 2014-05-15 21:31:34.0 +0200 +++ /var/tmp/diff_new_pack.Vl5xWb/_new 2014-05-15 21:31:34.0 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # needssslcertforbuild Name: xen @@ -154,7 +153,7 @@ %endif %endif -Version:4.4.0_16 +Version:4.4.0_18 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -243,7 +242,13 @@ Patch28: 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch Patch29: 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch Patch30:5357baff-x86-add-missing-break-in-dom0_pit_access.patch -Patch92:xsa92.patch +Patch31:535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch +Patch32:535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch +Patch33: 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch +Patch34: 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch +Patch35:535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch +Patch36: 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch +Patch37:53636ebf-x86-fix-guest-CPUID-handling.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -311,6 +316,7 @@ Patch387: libxl.set-migration-constraints-from-cmdline.patch Patch388: libxl.honor-more-top-level-vfb-options.patch Patch389: qemu-xen-upstream-megasas-buildtime.patch +Patch390: libxl.pvscsi.patch # Xend Patch400: xend-set-migration-constraints-from-cmdline.patch Patch402: xen.migrate.tools-xend_move_assert_to_exception_block.patch @@ -633,7 +639,13 @@ %patch28 -p1 %patch29 -p1 %patch30 -p1 -%patch92 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -700,6 +712,7 @@ %patch387 -p1 %patch388 -p1 %patch389 -p1 +%patch390 -p1 # Xend %patch400 -p1 %patch402 -p1 ++ 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch ++ References: bnc#826717 CVE-2013-3495 XSA-59 # Commit
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-05-02 19:21:27 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-04-16 07:44:25.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-05-02 19:21:29.0 +0200 @@ -1,0 +2,26 @@ +Sat Apr 26 09:56:36 MDT 2014 - carn...@suse.com + +- When the xl command is used, check to see if the domain being + modified is managed by libvirt and print warning if it is. + xl-check-for-libvirt-managed-domain.patch + +--- +Thu Apr 24 08:17:36 MDT 2014 - carn...@suse.com + +- Upstream patches from Jan + 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch + 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch + 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch + 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch + 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch + 5357baff-x86-add-missing-break-in-dom0_pit_access.patch +- XSA-92 + xsa92.patch + +--- +Sat Apr 12 20:48:21 UTC 2014 - mma...@suse.cz + +- Add # needssslcertforbuild to use the project's certificate when + building in a home project. (bnc#872354) + +--- New: 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch 534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch 5357baff-x86-add-missing-break-in-dom0_pit_access.patch xl-check-for-libvirt-managed-domain.patch xsa92.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.FnTEMX/_old 2014-05-02 19:21:32.0 +0200 +++ /var/tmp/diff_new_pack.FnTEMX/_new 2014-05-02 19:21:32.0 +0200 @@ -16,6 +16,8 @@ # +# needssslcertforbuild + Name: xen ExclusiveArch: %ix86 x86_64 %arm aarch64 %define xvers 4.4 @@ -152,7 +154,7 @@ %endif %endif -Version:4.4.0_14 +Version:4.4.0_16 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -235,6 +237,13 @@ Patch22:53356c1e-x86-HVM-correct-CPUID-leaf-8008-handling.patch Patch23:533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch Patch24:533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch +Patch25:53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch +Patch26:5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch +Patch27:534bbd90-x86-nested-HAP-don-t-BUG-on-legitimate-error.patch +Patch28: 534bdf47-x86-HAP-also-flush-TLB-when-altering-a-present-1G-or-intermediate-entry.patch +Patch29: 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch +Patch30:5357baff-x86-add-missing-break-in-dom0_pit_access.patch +Patch92:xsa92.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -356,6 +365,7 @@ Patch464: set-mtu-from-bridge-for-tap-interface.patch Patch465: libxl.add-option-for-discard-support-to-xl-disk-conf.patch Patch466: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch +Patch467: xl-check-for-libvirt-managed-domain.patch # Hypervisor and PV driver Patches Patch501: x86-ioapic-ack-default.patch Patch502: x86-cpufreq-report.patch @@ -617,6 +627,13 @@ %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch92 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -737,6 +754,7 @@ %patch464 -p1 %patch465 -p1 %patch466 -p1 +%patch467 -p1 # Hypervisor and PV driver Patches %patch501 -p1 %patch502 -p1 ++ 53455585-x86-AMD-feature-masking-is-unavailable-on-Fam11.patch ++ # Commit 70e79fad6dc6f533ff83ee23b8d13de5a696d896 # Date 2014-04-09 16:13:25 +0200 # Author Jan Beulich jbeul...@suse.com # Committer Jan Beulich jbeul...@suse.com x86/AMD: feature masking is unavailable on Fam11 Reported-by: Aravind Gopalakrishnanaravind.gopalakrish...@amd.com Signed-off-by: Jan Beulich jbeul...@suse.com Reviewed-by: Andrew Cooper andrew.coop...@citrix.com ---
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-02-02 18:46:59 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-01-07 17:25:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-02-02 18:47:01.0 +0100 @@ -1,0 +2,42 @@ +Thu Jan 23 16:11:39 MST 2014 - carn...@suse.com + +- Dropped xen-changeset.patch. It is no longer needed. + +--- +Sun Jan 19 00:13:06 CET 2014 - oher...@suse.de + +- BuildRequire libfdt1-devel on ARM + +--- +Sat Jan 18 00:35:46 CET 2014 - oher...@suse.de + +- fate#311487: remove modprobe.conf files for autoloading of + pv-on-hvm files. + Rely on core kernel to skip initialization of emulated hardware + Handle xen_emul_unplug= from xenlinux based core kernel-default + +--- +Wed Jan 16 13:11:32 MST 2014 - carn...@suse.com + +- Fix the spec file to build for old distros + The xm/xend toolstack will continue to be contained in xen-tools + for older openSUSE and sles distros but it will be contained in + xend-tools for os13.x + +--- +Wed Jan 15 19:55:32 CET 2014 - oher...@suse.de + +- fate#316071: add discard support for file backed storage (qdisk) + to qemu-upstream, enabled unconditionally + +--- +Tue Jan 14 12:13:45 MST 2014 - carn...@suse.com + +- Update to Xen 4.4.0 RC2 c/s 28287 + +--- +Tue Jan 9 11:44:11 MST 2014 - carn...@suse.com + +- Restore 32bit ix86 support in spec file for kmps and domU tools + +--- Old: xen-changeset.patch xen_pvdrivers.conf New: qemu-xen-upstream-blkif-discard.patch xen_pvonhvm.xen_emul_unplug.patch xend-config-enable-dump-comment.patch xend-tools-watchdog-support.patch xend-vif-route-ifup.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.lfjQxN/_old 2014-02-02 18:47:03.0 +0100 +++ /var/tmp/diff_new_pack.lfjQxN/_new 2014-02-02 18:47:03.0 +0100 @@ -15,24 +15,36 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: xen -ExclusiveArch: x86_64 %arm aarch64 +ExclusiveArch: %ix86 x86_64 %arm aarch64 %define xvers 4.4 %define xvermaj 4 -%define changeset 28233 +%define changeset 28287 %define xen_build_dir xen-4.4.0-testing %ifarch %arm aarch64 %define with_kmp 0 +%define with_xend 0 %define with_debug 0 %define with_stubdom 0 -%define with_xend 0 +%define with_dom0_support 1 %else +%ifarch x86_64 %define with_kmp 1 %define with_debug 1 %define with_stubdom 1 +%define with_dom0_support 1 %define with_qemu_traditional 1 +%if %suse_version 1230 +%define with_xend 1 +%else +%define with_xend 1 +%endif +%else %define with_xend 0 +%define with_stubdom 0 +%define with_dom0_support 0 +%define with_qemu_traditional 0 +%endif %endif # EFI requires gcc46 or newer # its available in 12.1 or = sles11sp2 @@ -47,34 +59,45 @@ %else %define with_systemd 0 %endif -%ifnarch %arm aarch64 +%ifarch %arm aarch64 +BuildRequires: libfdt1-devel +%endif +%ifarch %ix86 x86_64 BuildRequires: dev86 %endif BuildRequires: fdupes BuildRequires: glib2-devel BuildRequires: libaio-devel BuildRequires: libbz2-devel -BuildRequires: libpixman-1-0-devel BuildRequires: libuuid-devel BuildRequires: libxml2-devel BuildRequires: libyajl-devel +BuildRequires: libpixman-1-0-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: python-devel +BuildRequires: transfig +%if %suse_version = 1030 BuildRequires: texinfo BuildRequires: texlive +%if %suse_version 1220 +BuildRequires: texlive-latex BuildRequires: texlive-courier BuildRequires: texlive-dvips BuildRequires: texlive-helvetic -BuildRequires: texlive-latex BuildRequires: texlive-psnfss BuildRequires: texlive-times -BuildRequires: transfig BuildRequires: tex(a4.sty) BuildRequires: tex(a4wide.sty) BuildRequires: tex(fancyhdr.sty) BuildRequires: tex(parskip.sty) BuildRequires: tex(setspace.sty) +%endif +%else +BuildRequires: te_ams +BuildRequires: te_latex +BuildRequires: tetex +%endif %if %suse_version = 1230 BuildRequires: systemd %endif @@ -84,7 +107,7 @@ %if %suse_version = 1110 BuildRequires: pmtools %else -%ifnarch %arm aarch64
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2013-08-01 16:10:17 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2013-07-04 09:14:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2013-08-01 16:10:24.0 +0200 @@ -1,0 +2,45 @@ +Wed Jul 31 11:34:14 MDT 2013 - carn...@suse.com + +- Spec file cleanups + xen.spec +- Renamed xend-sysconfig.patch to xencommons-sysconfig.patch + +--- +Mon Jul 29 16:46:33 MDT 2013 - carn...@suse.com + +- Added support for systemd with the following service files + xenstored.service + blktapctrl.service + xend.service + xenconsoled.service + xen-watchdog.service + xendomains.service + xencommons.service + +--- +Fri Jul 12 11:05:11 MDT 2013 - carn...@suse.com + +- Upstream patches from Jan + 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.patch + 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch + 51d27841-iommu-amd-Workaround-for-erratum-787.patch + 51daa074-Revert-hvmloader-always-include-HPET-table.patch + +--- +Fri Jul 12 09:31:01 MDT 2013 - carn...@suse.com + +- Dropped deprecated or unnecessary patches + pvdrv-import-shared-info.patch + minios-fixups.patch + +--- +Tue Jul 9 13:06:27 MDT 2013 - carn...@suse.com + +- Update to Xen 4.3.0 FCS + +--- +Fri Jul 5 14:31:51 UTC 2013 - ag...@suse.com + +- Enable ARM targets for Xen + +--- Old: minios-fixups.patch pvdrv-import-shared-info.patch xend-sysconfig.patch New: 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.patch 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch 51d27841-iommu-amd-Workaround-for-erratum-787.patch 51daa074-Revert-hvmloader-always-include-HPET-table.patch blktapctrl.service xen-watchdog.service xencommons-sysconfig.patch xencommons.service xenconsoled.service xend.service xendomains.service xenstored.service Other differences: -- ++ xen.spec ++ 940 lines (skipped) between /work/SRC/openSUSE:Factory/xen/xen.spec and /work/SRC/openSUSE:Factory/.xen.new/xen.spec ++ 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.patch ++ # Commit 5ad914bc867c5a6a4957869c89918f4e1f9dd9c4 # Date 2013-07-02 08:48:03 +0200 # Author Jan Beulich jbeul...@suse.com # Committer Jan Beulich jbeul...@suse.com x86: don't pass negative time to gtime_to_gtsc() (try 2) This mostly reverts commit eb60be3d (x86: don't pass negative time to gtime_to_gtsc()) and instead corrects __update_vcpu_system_time()'s handling of this_cpu(cpu_time).stime_local_stamp dating back before the start of a HVM guest (which would otherwise lead to a negative value getting passed to gtime_to_gtsc(), causing scale_delta() to produce meaningless output). Flushing the value to zero was wrong, and printing a message for something that can validly happen wasn't very useful either. Signed-off-by: Jan Beulich jbeul...@suse.com Acked-by: Keir Fraser k...@xen.org --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -823,16 +823,13 @@ static void __update_vcpu_system_time(st struct pl_time *pl = v-domain-arch.hvm_domain.pl_time; stime += pl-stime_offset + v-arch.hvm_vcpu.stime_offset; -if ( (s64)stime 0 ) -{ -printk(XENLOG_G_WARNING d%dv%d: bogus time % PRId64 -(offsets % PRId64 /% PRId64 )\n, - d-domain_id, v-vcpu_id, stime, - pl-stime_offset, v-arch.hvm_vcpu.stime_offset); -stime = 0; -} +if ( stime = 0 ) +tsc_stamp = gtime_to_gtsc(d, stime); +else +tsc_stamp = -gtime_to_gtsc(d, -stime); } -tsc_stamp = gtime_to_gtsc(d, stime); +else +tsc_stamp = gtime_to_gtsc(d, stime); } else { ++ 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch ++ # Commit 2823a0c7dfc979db316787e1dd42a8845e5825c0 # Date 2013-07-02 08:49:43 +0200 # Author Suravee Suthikulpanit suravee.suthikulpa...@amd.com # Committer Jan Beulich jbeul...@suse.com iommu/amd: Fix logic for clearing the IOMMU interrupt
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2013-07-04 09:14:03 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2013-06-20 17:06:25.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2013-07-04 09:14:04.0 +0200 @@ -1,0 +2,15 @@ +Thu Jun 27 16:57:08 MDT 2013 - carn...@suse.com + +- Update to Xen 4.3.0-rc6 + +--- +Wed Jun 19 14:34:20 MDT 2013 - carn...@suse.com + +- Update to Xen 4.3.0-rc5 + +--- +Wed Jun 14 11:06:23 MDT 2013 - carn...@suse.com + +- Update to Xen 4.3.0-rc4 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.Z362Hq/_old 2013-07-04 09:14:07.0 +0200 +++ /var/tmp/diff_new_pack.Z362Hq/_new 2013-07-04 09:14:07.0 +0200 @@ -20,7 +20,7 @@ ExclusiveArch: %ix86 x86_64 %define xvers 4.3 %define xvermaj 4 -%define changeset 27093 +%define changeset 27190 %define xen_build_dir xen-4.3.0-testing %define with_kmp 1 %define with_stubdom 1 @@ -120,7 +120,7 @@ BuildRequires: lndir %endif %endif -Version:4.3.0_03 +Version:4.3.0_06 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -887,6 +887,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/xen rm -rf $RPM_BUILD_ROOT/%{_libdir}/python* rm -rf $RPM_BUILD_ROOT/usr/sbin +rm -f $RPM_BUILD_ROOT/usr/bin/xencov_split rm -rf $RPM_BUILD_ROOT/etc/bash_completion.d rm -rf $RPM_BUILD_ROOT/etc/init.d rm -rf $RPM_BUILD_ROOT/etc/logrotate.d @@ -945,6 +946,7 @@ /usr/bin/pygrub /usr/bin/tapdisk-ioemu /usr/bin/remus +/usr/bin/xencov_split /usr/sbin/blktapctrl /usr/sbin/flask-* /usr/sbin/tap* ++ blktap-pv-cdrom.patch ++ --- /var/tmp/diff_new_pack.Z362Hq/_old 2013-07-04 09:14:07.0 +0200 +++ /var/tmp/diff_new_pack.Z362Hq/_new 2013-07-04 09:14:07.0 +0200 @@ -696,7 +696,7 @@ === --- xen-4.3.0-testing.orig/xen/include/public/io/blkif.h +++ xen-4.3.0-testing/xen/include/public/io/blkif.h -@@ -439,7 +439,7 @@ +@@ -444,7 +444,7 @@ * Used in SLES sources for device specific command packet * contained within the request. Reserved for that purpose. */ ++ disable-wget-check.patch ++ --- /var/tmp/diff_new_pack.Z362Hq/_old 2013-07-04 09:14:07.0 +0200 +++ /var/tmp/diff_new_pack.Z362Hq/_new 2013-07-04 09:14:07.0 +0200 @@ -219,32 +219,17 @@ === --- xen-4.3.0-testing.orig/stubdom/configure +++ xen-4.3.0-testing/stubdom/configure -@@ -593,7 +593,6 @@ CPPFLAGS - LDFLAGS +@@ -594,8 +594,6 @@ LDFLAGS CFLAGS CC + FETCHER +-FTP -WGET CMAKE extfiles debug -@@ -657,7 +656,6 @@ enable_extfiles - host_alias - target_alias - CMAKE --WGET - CC - CFLAGS - LDFLAGS -@@ -1299,7 +1297,6 @@ Optional Features: +@@ -2165,104 +2163,104 @@ extfiles=$ax_cv_extfiles - Some influential environment variables: - CMAKE Path to the cmake program -- WGETPath to wget program - CC C compiler command - CFLAGS C compiler flags - LDFLAGS linker flags, e.g. -Llib dir if you have libraries in a -@@ -3079,50 +3076,50 @@ test -z $INSTALL_SCRIPT INSTALL_SCR - test -z $INSTALL_DATA INSTALL_DATA='${INSTALL} -m 644' # Extract the first word of wget, so it can be a program name with args. -set dummy wget; ac_word=$2 @@ -287,9 +272,63 @@ -fi - - --if test x${WGET} = xno --then --as_fn_error $? Unable to find wget, please install wget $LINENO 5 +-if test x$WGET != xno; then : +- +-FETCHER=$WGET -c -O +- +-else +- +-# Extract the first word of ftp, so it can be a program name with args. +-set dummy ftp; ac_word=$2 +-{ $as_echo $as_me:${as_lineno-$LINENO}: checking for $ac_word 5 +-$as_echo_n checking for $ac_word... 6; } +-if test ${ac_cv_path_FTP+set} = set; then : +- $as_echo_n (cached) 6 +-else +- case $FTP in +- [\\/]* | ?:[\\/]*) +- ac_cv_path_FTP=$FTP # Let the user override the test with a path. +- ;; +- *) +- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-for as_dir in $PATH +-do +- IFS=$as_save_IFS +- test -z $as_dir as_dir=. +-for ac_exec_ext in '' $ac_executable_extensions; do +- if { test -f $as_dir/$ac_word$ac_exec_ext $as_test_x $as_dir/$ac_word$ac_exec_ext; }; then +-ac_cv_path_FTP=$as_dir/$ac_word$ac_exec_ext +-$as_echo
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2013-06-20 15:01:13 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2013-06-11 09:38:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2013-06-20 17:06:25.0 +0200 @@ -1,0 +2,6 @@ +Mon Jun 10 18:36:38 MDT 2013 - carn...@suse.com + +- Fix xen-utils compiler time warnings + xen-utils-0.1.tar.bz2 + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.2FRRVk/_old 2013-06-20 17:06:27.0 +0200 +++ /var/tmp/diff_new_pack.2FRRVk/_new 2013-06-20 17:06:27.0 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.3 @@ -153,8 +154,8 @@ Source27: xen_pvdrivers.conf Source28: kmp_filelist %endif -# Xen API remote authentication sources Source29: block-dmmd +# Xen API remote authentication sources Source30: etc_pam.d_xen-api Source31: xenapiusers # sysconfig hook script for Xen @@ -576,8 +577,7 @@ %endif %prep -%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 2 -tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools +%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 2 # Upstream patches # Qemu # Our patches @@ -762,8 +762,6 @@ export EXTRA_CFLAGS_QEMU_TRADITIONAL=$RPM_OPT_FLAGS export EXTRA_CFLAGS_QEMU_XEN=$RPM_OPT_FLAGS %endif -# Qemu -#make -C tools/qemu-xen-dir-remote install # Docs make -C docs install \ DESTDIR=$RPM_BUILD_ROOT MANDIR=%{_mandir} \ @@ -838,7 +836,8 @@ rm -f $RPM_BUILD_ROOT/%{_datadir}/doc/qemu/qemu-* rm -f $RPM_BUILD_ROOT/%{_datadir}/doc/packages/xen/html/hypercall/.deps rm -rf $RPM_BUILD_ROOT/%{_defaultdocdir}/xen/ps -rm -rf $RPM_BUILD_ROOT/usr/share/xen/man/man1/qemu/qemu* +rm -rf $RPM_BUILD_ROOT/usr/share/xen/man/man1/qemu* +rm -rf $RPM_BUILD_ROOT/usr/share/xen/man/man8/qemu* rm -f $RPM_BUILD_ROOT/usr/share/xen/qemu/openbios-ppc rm -f $RPM_BUILD_ROOT/usr/share/qemu-xen/openbios-ppc rm -f $RPM_BUILD_ROOT/usr/share/qemu-xen/qemu/openbios-ppc @@ -947,37 +946,67 @@ /usr/bin/tapdisk-ioemu /usr/bin/remus /usr/sbin/blktapctrl -/usr/sbin/flask-loadpolicy -/usr/sbin/flask-getenforce -/usr/sbin/flask-setenforce -/usr/sbin/flask-get-bool -/usr/sbin/flask-label-pci -/usr/sbin/flask-set-bool +/usr/sbin/flask-* +/usr/sbin/tap* /usr/sbin/rcpciback -/usr/sbin/tapdisk -/usr/sbin/xen* +/usr/sbin/xenbaked +/usr/sbin/xenconsoled +/usr/sbin/xencov +/usr/sbin/xen-destroy +/usr/sbin/xen-hptool +/usr/sbin/xen-hvmcrash +/usr/sbin/xen-hvmctx +/usr/sbin/xen-list +/usr/sbin/xenlockprof +/usr/sbin/xen-lowmemd +/usr/sbin/xenmon.py +/usr/sbin/xenperf +/usr/sbin/xenpm +/usr/sbin/xenpmd +/usr/sbin/xen-ringwatch +/usr/sbin/xenstored +/usr/sbin/xen-tmem-list-parse +/usr/sbin/xentop +/usr/sbin/xentrace_setmask +/usr/sbin/xen-vmresync +/usr/sbin/xenwatchdogd /usr/sbin/xsview /usr/sbin/gtracestat /usr/sbin/gtraceview /usr/sbin/lock-util -/usr/sbin/tapdisk-client -/usr/sbin/tapdisk-diff -/usr/sbin/tapdisk-stream -/usr/sbin/tapdisk2 /usr/sbin/td-util /usr/sbin/vhd-update /usr/sbin/vhd-util /usr/sbin/gdbsx /usr/sbin/xl /usr/sbin/kdd -/usr/sbin/tap-ctl +%dir %attr(700,root,root) /etc/xen +%dir /etc/xen/scripts +/etc/xen/scripts/blktap +/etc/xen/scripts/block* +/etc/xen/scripts/domain-lock* +/etc/xen/scripts/external-device-migrate +/etc/xen/scripts/hotplugpath.sh +/etc/xen/scripts/locking.sh +/etc/xen/scripts/logging.sh +/etc/xen/scripts/network-* +/etc/xen/scripts/qemu-ifup +/etc/xen/scripts/set-lock +/etc/xen/scripts/vif2 +/etc/xen/scripts/vif-* +/etc/xen/scripts/vm-monitor +/etc/xen/scripts/vscsi +/etc/xen/scripts/xen-hotplug-* +/etc/xen/scripts/xen-network-common.sh +/etc/xen/scripts/xen-script-common.sh +/etc/xen/scripts/xmclone.sh %{_libdir}/xen %ifarch x86_64 /usr/lib/xen %endif -%{_mandir}/man1/*.1.gz -%{_mandir}/man8/*.8.gz -/var/adm/fillup-templates/* +%dir /var/adm/fillup-templates +/var/adm/fillup-templates/sysconfig.pciback +/var/adm/fillup-templates/sysconfig.xencommons %dir /var/lib/xen %dir %attr(700,root,root) /var/lib/xen/images %dir %attr(700,root,root) /var/lib/xen/save @@ -986,13 +1015,10 @@ %dir /var/lib/xenstored %dir /var/log/xen %dir /var/log/xen/console -%config /etc/init.d/* %config /etc/logrotate.d/xen -%dir %attr(700,root,root) /etc/xen /etc/xen/auto %config /etc/xen/examples /etc/xen/images -/etc/xen/scripts %config /etc/xen/cpupool /etc/xen/README* %config /etc/xen/vm @@
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2013-06-11 06:40:23 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2013-06-07 10:19:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2013-06-11 09:38:35.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 7 08:45:56 MDT 2013 - carn...@suse.com + +- Enable building the KMPs + xen.spec + +--- Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.yV6Ni5/_old 2013-06-11 09:38:37.0 +0200 +++ /var/tmp/diff_new_pack.yV6Ni5/_new 2013-06-11 09:38:37.0 +0200 @@ -21,7 +21,7 @@ %define xvermaj 4 %define changeset 27093 %define xen_build_dir xen-4.3.0-testing -%define with_kmp 0 +%define with_kmp 1 %define with_stubdom 1 # EFI requires gcc46 or newer # its available in 12.1 or = sles11sp2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit xen for openSUSE:Factory
Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2013-02-05 11:22:17 Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) Package is xen, Maintainer is carn...@suse.com Changes: --- /work/SRC/openSUSE:Factory/xen/xen.changes 2013-01-24 10:42:19.0 +0100 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2013-02-05 11:22:19.0 +0100 @@ -1,0 +2,15 @@ +Fri Jan 25 14:57:30 MST 2013 - jfeh...@suse.com + +- bnc#798188 - Add $network to xend initscript dependencies + +--- +Thu Jan 24 15:57:12 MST 2013 - jfeh...@suse.com + +- Add upstream patches to fix libxl bugs. These patches have + already been posted for inclusion in xen-4.2-testing. + 25912-partial-libxl.patch + 26372-tools-paths.patch + 26468-libxl-race.patch + 26469-libxl-race.patch + +--- @@ -21 +36 @@ -Wed Jan 16 11:26:29 MST 2013 +Wed Jan 16 11:26:29 MST 2013 - carn...@novell.com New: 25912-partial-libxl.patch 26372-tools-paths.patch 26468-libxl-race.patch 26469-libxl-race.patch Other differences: -- ++ xen.spec ++ --- /var/tmp/diff_new_pack.MxlOd7/_old 2013-02-05 11:22:24.0 +0100 +++ /var/tmp/diff_new_pack.MxlOd7/_new 2013-02-05 11:22:24.0 +0100 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -115,7 +114,7 @@ BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version:4.2.1_03 +Version:4.2.1_04 Release:0 PreReq: %insserv_prereq %fillup_prereq Summary:Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -173,6 +172,7 @@ Patch25867: 25867-sercon-ns16550-parse.patch Patch25874: 25874-x86-EFI-chain-cfg.patch Patch25909: 25909-xenpm-consistent.patch +Patch25912: 25912-partial-libxl.patch Patch25920: 25920-x86-APICV-enable.patch Patch25921: 25921-x86-APICV-delivery.patch Patch25922: 25922-x86-APICV-x2APIC.patch @@ -222,6 +222,9 @@ Patch26342: 26342-hvm-firmware-passthrough.patch Patch26343: 26343-hvm-firmware-passthrough.patch Patch26344: 26344-hvm-firmware-passthrough.patch +Patch26372: 26372-tools-paths.patch +Patch26468: 26468-libxl-race.patch +Patch26469: 26469-libxl-race.patch Patch33:CVE-2012-5634-xsa33.patch Patch34:CVE-2013-0151-xsa34.patch Patch35:CVE-2013-0152-xsa35.patch @@ -689,6 +692,7 @@ %patch25867 -p1 %patch25874 -p1 %patch25909 -p1 +%patch25912 -p1 %patch25920 -p1 %patch25921 -p1 %patch25922 -p1 @@ -738,6 +742,9 @@ %patch26342 -p1 %patch26343 -p1 %patch26344 -p1 +%patch26372 -p1 +%patch26468 -p1 +%patch26469 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 ++ 25912-partial-libxl.patch ++ No functional change. The purpose is to make it easier to backport patches from Xen 4.3's libxl, as Xen 4.3's libxl has had this done: libxl: Enable -Wshadow. It was convenient to invent $(CFLAGS_LIBXL) to do this. Various renamings to avoid shadowing standard functions: - index(3) - listen(2) - link(2) - abort(3) - abs(3) Signed-off-by: Ian Campbell ian.campb...@citrix.com In this patch we do not change the others, and we do not enable -Wshadow. We're just trying to bring 4.2's libxl textually closer to 4.3's. Signed-off-by: Ian Jackson ian.jack...@eu.citrix.com --- tools/libxl/libxl_event.c | 34 +- 1 files changed, 17 insertions(+), 17 deletions(-) Index: xen-4.2.1-testing/tools/libxl/libxl_event.c === --- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c +++ xen-4.2.1-testing/tools/libxl/libxl_event.c @@ -167,15 +167,15 @@ static void time_insert_finite(libxl__gc } static int time_register_finite(libxl__gc *gc, libxl__ev_time *ev, -struct timeval abs) +struct timeval absolute) { int rc; -rc = OSEVENT_HOOK(timeout_register, ev-for_app_reg, abs, ev); +rc = OSEVENT_HOOK(timeout_register, ev-for_app_reg, absolute, ev); if (rc) return rc; ev-infinite = 0; -ev-abs = abs; +ev-abs = absolute; time_insert_finite(gc, ev); return 0; @@ -202,16 +202,16 @@ static void time_done_debug(libxl__gc *g int libxl__ev_time_register_abs(libxl__gc *gc, libxl__ev_time *ev, libxl__ev_time_callback *func, -struct timeval abs) +