xen (4.18.1-1~ng12u3.1) bookworm; urgency=medium * HEAD @ ea82c8cdbfe5a6e3bb60 update Xen version to 4.18.1-Mon 18 Mar 2024 01:27 * 4.18.1 initial release * qemuu: v8.0.4+1-1~ng12u3.1 * XSA-452 0060-x86-vmx-Perform-VERW-flushing-later-in-the-VMExit-pat.diff:This is part of XSA-452 / CVE-2023-28746. 0061-x86-spec-ctrl-Perform-VERW-flushing-later-in-exit-pat.diff:This is part of XSA-452 / CVE-2023-28746. 0062-x86-spec-ctrl-Rename-VERW-related-options.diff:This is part of XSA-452 / CVE-2023-28746. 0063-x86-spec-ctrl-VERW-handling-adjustments.diff:This is part of XSA-452 / CVE-2023-28746. 0064-x86-spec-ctrl-Mitigation-Register-File-Data-Sampling.diff:This is part of XSA-452 / CVE-2023-28746. * XSA-453 0066-x86-spinlock-introduce-support-for-blocking-speculati.diff:This is part of XSA-453 / CVE-2024-2193 0067-rwlock-introduce-support-for-blocking-speculation-int.diff:This is part of XSA-453 / CVE-2024-2193 0068-percpu-rwlock-introduce-support-for-blocking-speculat.diff:This is part of XSA-453 / CVE-2024-2193 0069-locking-attempt-to-ensure-lock-wrappers-are-always-in.diff:This is part of XSA-453 / CVE-2024-2193 0070-x86-mm-add-speculation-barriers-to-open-coded-locks.diff:This is part of XSA-453 / CVE-2024-2193 0071-x86-protect-conditional-lock-taking-from-speculative-.diff:This is part of XSA-453 / CVE-2024-2193 -- Mark Pryor Wed, 20 Mar 2024 16:58:49 -0700 xen (4.18.0-1~ng12u3.6) bookworm; urgency=medium * Non-maintainer upload. * ng (next generation) packaging, preparing for time64 transition * split libs out xen-utils- into a new pkg, libxenfsutl4.18 * rename libxen- as libxenmisc4.18 -- Mark Pryor Fri, 08 Mar 2024 14:11:41 -0800 xen (4.18.0-1+deb12u3.5) bookworm; urgency=medium * Non-maintainer upload. * fd7cb7a1d0433049d8fc594 x86/cpu-policy: Allow for levelling of VERW side effects-Tue 5 Mar 2024 02:55 * XSA-451 0042-x86-account-for-shadow-stack-in-exception-from-stub-r.diff:This is CVE-2023-46841 / XSA-451. -- Mark Pryor Tue, 05 Mar 2024 14:52:04 -0800 xen (4.18.0-1+deb12u3.4) bookworm; urgency=medium * Non-maintainer upload. * hypervisor: new xenperf hypervisor applet, sed edit: d/xen_perf_fix d/rules.real new flag, DEBUG_XENPERF -- Mark Pryor Sun, 04 Feb 2024 13:17:57 -0800 xen (4.18.0-1+deb12u3.3) bookworm; urgency=medium * Non-maintainer upload. * HEAD @ b1fdd7d0e47e0831ac x86/ucode: Fix stability of the raw CPU Policy rescan-Thu 1 Feb 2024 09:02 * XSA-450 0020-VT-d-Fix-else-vs-endif-misplacement.diff:This is XSA-450 / CVE-2023-46840. * XSA-449 0019-pci-fail-device-assignment-if-phantom-functions-canno.diff:This is XSA-449 / CVE-2023-46839 -- Mark Pryor Sat, 03 Feb 2024 11:24:29 -0800 xen (4.18.0-1+deb12u3.2) bookworm; urgency=medium * Non-maintainer upload. * HEAD @ 1792d1723b7fb45a x86/x2apic: introduce a mixed physical/cluster mode-Tue 12 Dec 2023 05:45 * XSA-447 0017-xen-arm-page-Avoid-pointer-overflow-on-cache-clean-in.diff:This is XSA-447 / CVE-2023-46837. * xen kconfig (d/xen_4.18_amd64.config): rebase as 7b120ef0b9ab3866059d0afc2d112 -- Mark Pryor Fri, 22 Dec 2023 10:03:01 -0800 xen (4.18.0-1+deb12u3.1) bookworm; urgency=medium * HEAD @ d75f1e9b74314cea91ce SUPPORT.md: Update release notes URL-Thu 16 Nov 2023 13:44 - initial build of 4.18.0 release - XSA-445 iommu-amd-vi-use-correct-level-for-quarantine-domain-.diff:This is XSA-445 / CVE-2023-46835 - XSA-446 x86-spec-ctrl-Remove-conditional-IRQs-on-ness-for-INT.diff:This is XSA-446 / CVE-2023-46836 -- Mark Pryor Thu, 16 Nov 2023 15:00:47 -0800 xen (4.18~rc3-1+deb12u3.2) bookworm; urgency=medium * Non-maintainer upload. * HEAD @ 7c3616e6f1aa54188 x86/microcode: Disable microcode update handler if DIS_MCU_UPDATE is set-Wed 18 Oct 2023 08:03 * d/libxenstore4.0.symbols: minver=4.16.0 -- Mark Pryor Mon, 23 Oct 2023 14:12:31 -0700 xen (4.18~rc3-1+deb12u3.1) bookworm; urgency=medium * HEAD @ 0ce2ee7a16f2886c3 xenalyze: Reduce warnings about leaving a vcpu in INIT-Mon 16 Oct 2023 07:01 * 4.18~rc3 initial build -- Mark Pryor Mon, 16 Oct 2023 14:20:26 -0700 xen (4.18~rc2-1+deb12u3.2) bookworm; urgency=medium * Non-maintainer upload. * reorder patches ahead of the next release: pygrub,libfsimage,order-dependent same patches in rh & debian, except for qemuu build mods: misc-0403* * no functional change -- Mark Pryor Fri, 13 Oct 2023 16:55:38 -0700 xen (4.18~rc2-1+deb12u3.1) bookworm; urgency=medium * HEAD @ dc9d9aa62ddeb14abd5 x86/pv: Correct the auditing of guest breakpoint addresses-Tue 10 Oct 2023 22:36 * XSA-442 0026-iommu-amd-vi-flush-IOMMU-TLB-when-flushing-the-DTE.diff:This is XSA-442 / CVE-2023-34326 * XSA-443 0027-libfsimage-xfs-Remove-dead-code.diff:This is part of XSA-443 / CVE-2023-34325 0028-libfsimage-xfs-Amend-mask32lo-to-allow-the-value-32.diff:This is part of XSA-443 / CVE-2023-34325 0029-libfsimage-xfs-Sanity-check-the-superblock-during-mou.diff:This is part of XSA-443 / CVE-2023-34325 0030-libfsimage-xfs-Add-compile-time-check-to-libfsimage.diff:This is part of XSA-443 / CVE-2023-34325 0031-tools-pygrub-Remove-unnecessary-hypercall.diff:This is part of XSA-443 / CVE-2023-34325 0032-tools-pygrub-Small-refactors.diff:This is part of XSA-443 / CVE-2023-34325 0033-tools-pygrub-Open-the-output-files-earlier.diff:This is part of XSA-443 / CVE-2023-34325 0034-tools-libfsimage-Export-a-new-function-to-preload-all.diff:This is part of XSA-443 / CVE-2023-34325 0035-tools-pygrub-Deprivilege-pygrub.diff:This is part of XSA-443 / CVE-2023-34325 0036-libxl-add-support-for-running-bootloader-in-restricte.diff:This is part of XSA-443 / CVE-2023-34325 0037-libxl-limit-bootloader-execution-in-restricted-mode.diff:This is part of XSA-443 / CVE-2023-34325 * XSA-444 0038-x86-svm-Fix-asymmetry-with-AMD-DR-MASK-context-switch.diff:This is part of XSA-444 / CVE-2023-34327 0039-x86-pv-Correct-the-auditing-of-guest-breakpoint-addre.diff:This is part of XSA-444 / CVE-2023-34328. -- Mark Pryor Thu, 12 Oct 2023 13:01:06 -0700 xen (4.18~rc1-1+deb12u3.1) bookworm; urgency=medium * HEAD @ a8ab67cae01eca7bba Update Xen version to 4.18-rc-Fri 29 Sep 2023 01:09 * initial build of rc1 * d/control: add sphinx depends * qemuu: support pam -- Mark Pryor Tue, 03 Oct 2023 13:01:12 -0700 xen (4.18~rc0-1+deb12u3.4) bookworm; urgency=medium * Non-maintainer upload. * HEAD @ 88a9501a848aade858a xen/pdx: Reorder pdx.[ch]-Fri 22 Sep 2023 10:26 -- Mark Pryor Fri, 22 Sep 2023 15:41:09 -0700 xen (4.18~rc0-1+deb12u3.3) bookworm; urgency=medium * Non-maintainer upload. * HEAD @ fb0ff49fe9f784bfe x86/shadow: defer releasing of PVs top-level shadow reference-Wed 20 Sep 2023 02:31 * XSA-438 0001-x86-shadow-defer-releasing-of-PV-s-top-level-shadow-r.diff: This is CVE-2023-34322 / XSA-438. * qemuu: pre-cache the subprojects into the tarball -- Mark Pryor Wed, 20 Sep 2023 08:04:54 -0700 xen (4.18~rc0-1+deb12u3.2) bookworm; urgency=medium * Non-maintainer upload. * qemuu: v8.1.0 (stable) known to support IGD passthrough -- Mark Pryor Mon, 18 Sep 2023 06:56:27 -0700 xen (4.18~rc0-1+deb12u3.1) bookworm; urgency=medium * HEAD @ 21ec0c42267be169be60 xen/arm: Handle empty grant table region in find_unallocated_memory()-Tue 12 Sep 2023 06:29 * proto build of 4.18~rc * qemuu: v8.0.50 (qemu-xen-staging, 8.0.4 had FTBFS) * firmware: patch, turn off debug during rc misc-0302-firmware-turn-off-debug-in-make.patch -- Mark Pryor Sat, 16 Sep 2023 09:52:13 -0700 xen (4.17.2-1+deb12u3.1) bookworm; urgency=medium * HEAD @ d31e5b2a9c39816a9 xen/arm: page: Handle cache flush of an element at the top of the address space-Tue 5 Sep 2023 05:33 * initial build of 4.17.2, qemu-xen-8.0.5 * XSA-437 0029-xen-arm-page-Handle-cache-flush-of-an-element-at-the-.diff:This is CVE-2023-34321 / XSA-437. -- Mark Pryor Mon, 11 Sep 2023 10:46:32 -0700 xen (4.17.1-1+deb12u3.1) bookworm; urgency=medium * initial build of 4.17.1, qemu-xen-8.0.5 * d/control: new python3-venv depends -- Mark Pryor Sat, 20 May 2023 19:01:33 -0700 xen (4.17.1-1+deb12u2.1) bookworm; urgency=medium * HEAD @ 0880df6f5f905bffc update Xen version to 4.17.1-Thu 27 Apr 2023 05:53 * initial build of 4.17.1, qemu-xen-7.2 * forward port from bullseye -- Mark Pryor Sun, 07 May 2023 08:51:28 -0700 xen (4.17.1-1+deb11u2.1) bullseye; urgency=medium * HEAD @ 0880df6f5f905bffc update Xen version to 4.17.1-Thu 27 Apr 2023 05:53 * initial build of 4.17.1, qemu-xen-7.2 -- Mark Pryor Sat, 29 Apr 2023 10:09:33 -0700 xen (4.17.0-1+deb11u2.7) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 7758cd57e002c509 ns16550: correct name/value pair parsing for PCI port/bridge-Thu 30 Mar 2023 23:35 -- Mark Pryor Mon, 03 Apr 2023 15:16:15 -0700 xen (4.17.0-1+deb11u2.6) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 3eac216e6e60860bbc libacpi: fix PCI hotplug AML-Tue 21 Mar 2023 05:47 * XSA-427 0060-x86-shadow-account-for-log-dirty-mode-when-pre-alloca.diff:This is CVE-2022-42332 / XSA-427. * XSA-428 0061-x86-HVM-bound-number-of-pinned-cache-attribute-region.diff:This is CVE-2022-42333 / part of XSA-428. 0062-x86-HVM-serialize-pinned-cache-attribute-list-manipul.diff:This is CVE-2022-42334 / part of XSA-428. * XSA-429 0063-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_ent.diff:This is XSA-429 / CVE-2022-42331 -- Mark Pryor Tue, 21 Mar 2023 10:47:39 -0700 xen (4.17.0-1+deb11u2.5) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ ec5b058d2a6436a2e180 x86/ucode/AMD: late load the patch on every logical thread-Thu 2 Mar 2023 23:03 -- Mark Pryor Sat, 04 Mar 2023 12:14:31 -0800 xen (4.17.0-1+deb11u2.4) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ aaf74a532c02017998 automation: Remove clang-8 from Debian unstable container-Wed 22 Feb 2023 06:14 -- Mark Pryor Tue, 28 Feb 2023 14:55:40 -0800 xen (4.17.0-1+deb11u2.3) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 2f8851c37f88e4eb Revert "tools/xenstore: simplify loop handling connection I/O"-Thu 26 Jan 2023 02:00 * disable ddeb in d/rules.real -- Mark Pryor Sun, 05 Feb 2023 10:13:48 -0800 xen (4.17.0-1+deb11u2.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD c4972a4272690384 tools/oxenstored: Render backtraces more nicely in Syslog-Tue 20 Dec 2022 05:13 -- Mark Pryor Wed, 21 Dec 2022 16:34:09 -0800 xen (4.17.0-1+deb11u2.1) bullseye; urgency=medium * qemuu: v7.2 drop the 7.1 backports patch: rebased to qemu-7.2 misc-0402-qemu-xen-reserve-slot-2-for-intel-igd.patch * upgrade meson to 0.64 from bookworm -- Mark Pryor Fri, 16 Dec 2022 11:50:56 -0800 xen (4.17.0-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 11560248ffda3f00f20b Use EfiACPIReclaimMemory for ESRT-Thu 8 Dec 2022 10:03 * release 4.17 final, initial build -- Mark Pryor Fri, 09 Dec 2022 14:37:59 -0800 xen (4.17~rc4-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 894a7786c8eb20568aa Turn off debug by default-Thu 1 Dec 2022 05:54 * initial build rc4 * XSA-422 0010-x86-spec-ctrl-Enumeration-for-IBPB_RET.diff:This is part of XSA-422 / CVE-2022-23824. 0011-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.diff:This is part of XSA-422 / CVE-2022-23824. * XSA-409 0033-xen-Introduce-non-broken-hypercalls-for-the-paging-me.diff:This is part of XSA-409 / CVE-2022-33747. 0034-tools-tests-Unit-test-for-paging-mempool-size.diff:This is part of XSA-409 / CVE-2022-33747. 0035-xen-arm-libxl-Revert-XEN_DOMCTL_shadow_op-use-p2m-mem.diff:This is part of XSA-409 / CVE-2022-33747. 0036-xen-arm-Correct-the-p2m-pool-size-calculations.diff:This is part of XSA-409 / CVE-2022-33747. -- Mark Pryor Fri, 02 Dec 2022 08:41:09 -0800 xen (4.17~rc3-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 37f82facd62f72 xen/sched: migrate timers to correct cpus after suspend-Fri 4 Nov 2022 01:03 -- Mark Pryor Sat, 05 Nov 2022 14:31:24 -0700 xen (4.17~rc3-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 2d9b3699136d20e35 IOMMU/VT-d: wire common device reserved memory API-Thu 3 Nov 2022 01:12 * initial release, rc3 * d/patches: rebase to rc3: debxen/tools-xenstore-prefix.diff -- Mark Pryor Fri, 04 Nov 2022 14:30:11 -0700 xen (4.17~rc2-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 2dd823ca7237e7f tools/xenstore: harden transaction finalization against errors-Tue 1 Nov 2022 06:05 * XSA-412 0019-x86-vmx-Revert-VMX-use-a-single-global-APIC-access-pa.diff:This is XSA-412 / CVE-2022-42327. * XSA-414 0020-tools-xenstore-create_node-Don-t-defer-work-to-undo-a.diff:This is XSA-414 / CVE-2022-42309. * XSA-415 0021-tools-xenstore-Fail-a-transaction-if-it-is-not-possib.diff:This is XSA-415 / CVE-2022-42310. * XSA-326 0022-tools-xenstore-split-up-send_reply.diff:This is part of XSA-326. 0023-tools-xenstore-add-helpers-to-free-struct-buffered_da.diff:This is part of XSA-326. 0024-tools-xenstore-reduce-number-of-watch-events.diff:This is part of XSA-326. 0025-tools-xenstore-let-unread-watch-events-time-out.diff:This is part of XSA-326 / CVE-2022-42311. 0026-tools-xenstore-limit-outstanding-requests.diff:This is part of XSA-326 / CVE-2022-42312. 0027-tools-xenstore-don-t-buffer-multiple-identical-watch-.diff:This is part of XSA-326. 0028-tools-xenstore-fix-connection-id-usage.diff:This is part of XSA-326. 0029-tools-xenstore-simplify-and-fix-per-domain-node-accou.diff:This is part of XSA-326 / CVE-2022-42313. 0030-tools-xenstore-limit-max-number-of-nodes-accessed-in-.diff:This is part of XSA-326 / CVE-2022-42314. 0031-tools-xenstore-move-the-call-of-setup_structure-to-do.diff:This is part of XSA-326. 0032-tools-xenstore-add-infrastructure-to-keep-track-of-pe.diff:This is part of XSA-326. 0033-tools-xenstore-add-memory-accounting-for-responses.diff:This is part of XSA-326 / CVE-2022-42315. 0034-tools-xenstore-add-memory-accounting-for-watches.diff:This is part of XSA-326 / CVE-2022-42315. 0035-tools-xenstore-add-memory-accounting-for-nodes.diff:This is part of XSA-326 / CVE-2022-42315. 0036-tools-xenstore-add-exports-for-quota-variables.diff:This is part of XSA-326. 0037-tools-xenstore-add-control-command-for-setting-and-sh.diff:This is part of XSA-326. 0038-tools-ocaml-xenstored-Synchronise-defaults-with-oxens.diff:This is part of XSA-326 / CVE-2022-42316. 0039-tools-ocaml-xenstored-Check-for-maxrequests-before-pe.diff:This is part of XSA-326 / CVE-2022-42317. 0040-tools-ocaml-GC-parameter-tuning.diff:This is part of XSA-326. 0041-tools-ocaml-Change-Xb.input-to-return-Packet.t-option.diff:This is part of XSA-326. 0042-tools-ocaml-xb-Add-BoundedQueue.diff:This is part of XSA-326. 0043-tools-ocaml-Limit-maximum-in-flight-requests-outstand.diff:This is part of XSA-326 / CVE-2022-42318. 0044-SUPPORT.md-clarify-support-of-untrusted-driver-domain.diff:This is part of XSA-326. * XSA-416 0045-tools-xenstore-don-t-use-conn-in-as-context-for-tempo.diff:This is XSA-416 / CVE-2022-42319. * XSA-417 0046-tools-xenstore-fix-checking-node-permissions.diff:This is XSA-417 / CVE-2022-42320. * XSA-418 0047-tools-xenstore-remove-recursion-from-construct_node.diff:This is part of XSA-418 / CVE-2022-42321. 0048-tools-xenstore-don-t-let-remove_child_entry-call-corr.diff:This is part of XSA-418 / CVE-2022-42321. 0049-tools-xenstore-add-generic-treewalk-function.diff:This is part of XSA-418 / CVE-2022-42321. 0050-tools-xenstore-simplify-check_store.diff:This is part of XSA-418 / CVE-2022-42321. 0051-tools-xenstore-use-treewalk-for-check_store.diff:This is part of XSA-418 / CVE-2022-42321. 0052-tools-xenstore-use-treewalk-for-deleting-nodes.diff:This is part of XSA-418 / CVE-2022-42321. 0053-tools-xenstore-use-treewalk-for-creating-node-records.diff:This is part of XSA-418 / CVE-2022-42321. * XSA-419 0054-tools-xenstore-remove-nodes-owned-by-destroyed-domain.diff:This is part of XSA-419 / CVE-2022-42322. 0055-tools-xenstore-make-the-internal-memory-data-base-the.diff:This is part of XSA-419. 0056-docs-enhance-xenstore.txt-with-permissions-descriptio.diff:This is part of XSA-419. 0057-tools-ocaml-xenstored-Fix-quota-bypass-on-domain-shut.diff:This is part of XSA-419 / CVE-2022-42323. * XSA-420 0058-tools-ocaml-Ensure-packet-size-is-never-negative.diff:This is XSA-420 / CVE-2022-42324. * XSA-421 0059-tools-xenstore-fix-deleting-node-in-transaction.diff:This is part of XSA-421 / CVE-2022-42325. 0060-tools-xenstore-harden-transaction-finalization-agains.diff:This is part of XSA-421 / CVE-2022-42326. -- Mark Pryor Tue, 01 Nov 2022 07:47:09 -0700 xen (4.17~rc2-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 1d7fbc535d1d37bd x86/pv-shim: correct ballooning down for compat guests-Fri 28 Oct 2022 06:49 * vga passthrough fix to qemuu (Chuck Zmudzinski): 0401-xen-pass-through-merge-emulated-bits-correctly.diff reserve-slot-2-igd.patch -- Mark Pryor Mon, 31 Oct 2022 17:08:19 -0700 xen (4.17~rc2-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 73c62927f64ecb48f27 xen/sched: fix race in RTDS scheduler-Fri 21 Oct 2022 03:32 * initial release of rc2 -- Mark Pryor Sat, 29 Oct 2022 10:06:47 -0700 xen (4.17~rc1-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload. * add lib version prefix supports multiarch, multilib use PACKAGE_VERSION, exported from xen/configure -- Mark Pryor Fri, 21 Oct 2022 09:48:13 -0700 xen (4.17~rc1-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 448d28309f1a9 VMX: correct error handling in vmx_create_vmcs()-Wed 12 Oct 2022 08:57 * XSA-410 0001-xen-arm-p2m-Prevent-adding-mapping-when-domain-is-dyi.diff:This is part of CVE-2022-33746 / XSA-410. 0002-xen-arm-p2m-Handle-preemption-when-freeing-intermedia.diff:This is part of CVE-2022-33746 / XSA-410. 0003-x86-p2m-add-option-to-skip-root-pagetable-removal-in-.diff:This is part of CVE-2022-33746 / XSA-410. 0004-x86-HAP-adjust-monitor-table-related-error-handling.diff:This is part of CVE-2022-33746 / XSA-410. 0005-x86-shadow-tolerate-failure-of-sh_set_toplevel_shadow.diff:This is part of CVE-2022-33746 / XSA-410. 0006-x86-shadow-tolerate-failure-in-shadow_prealloc.diff:This is part of CVE-2022-33746 / XSA-410. 0007-x86-p2m-refuse-new-allocations-for-dying-domains.diff:This is part of CVE-2022-33746 / XSA-410. 0008-x86-p2m-truly-free-paging-pool-memory-for-dying-domai.diff:This is part of CVE-2022-33746 / XSA-410. 0009-x86-p2m-free-the-paging-memory-pool-preemptively.diff:This is part of CVE-2022-33746 / XSA-410. 0010-xen-x86-p2m-Add-preemption-in-p2m_teardown.diff:This is part of CVE-2022-33746 / XSA-410. * XSA-409 0011-libxl-docs-Add-per-arch-extra-default-paging-memory.diff:This is part of CVE-2022-33747 / XSA-409. 0012-xen-arm-Construct-the-P2M-pages-pool-for-guests.diff:This is part of CVE-2022-33747 / XSA-409. 0013-xen-arm-libxl-Implement-XEN_DOMCTL_shadow_op-for-Arm.diff:This is part of CVE-2022-33747 / XSA-409. 0014-xen-arm-Allocate-and-free-P2M-pages-from-the-P2M-pool.diff:This is part of CVE-2022-33747 / XSA-409. * XSA-411 0015-gnttab-correct-locking-on-transitive-grant-copy-error.diff:This is CVE-2022-33748 / XSA-411. -- Mark Pryor Thu, 13 Oct 2022 10:52:52 -0700 xen (4.17~rc1-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 9029bc265cdf2bd63 Update Xen version to 4.17-rc-Fri, 7 Oct 2022 06:30 * initial build -- Mark Pryor Mon, 10 Oct 2022 07:46:39 -0700 xen (4.16.2-1+deb11u1.1) bullseye; urgency=medium * HEAD @ cea5ed49bb5716698a update Xen version to 4.16.2-Thu 18 Aug 2022 04:47 * initial release * qemuu: v7.0.0 from qemu-xen staging -- Mark Pryor Mon, 22 Aug 2022 15:43:16 -0700 xen (4.16.1-1+deb11u1.6) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 2abe83f9d91e6411b PCI: simplify (and thus correct) pci_get_pdev{,_by_domain}()-Mon 15 Aug 2022 06:36 * new package qemuu-uncom, /usr/bin/qemu-keymap * XSA-403 0061-tools-libxl-env-variable-to-signal-whether-disk-nic-b.diff -- Mark Pryor Thu, 18 Aug 2022 08:19:42 -0700 xen (4.16.1-1+deb11u1.5) bullseye; urgency=medium * Non-maintainer upload. * qemuu: v7.0.0 from qemu-xen staging * egl-helpers.h needed for dbus_display https://gitlab.com/qemu-project/qemu/-/issues/1108 https://www.mail-archive.com/qemu-devel@nongnu.org/msg902247.html * backports from upstream to fix dbus-display FTBFS: 1106-move-opengl-to-meson.diff 1107-meson-configure-move-RDMA-options-to-meson.diff 1108-meson-configure-move-libgio-test-to-meson.diff 1109-audio-dbus-fix-building.diff 1110-ui-dbus-display-requires-CONFIG_GBM.diff -- Mark Pryor Mon, 15 Aug 2022 12:12:22 -0700 xen (4.16.1-1+deb11u1.4) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ d77bb6e5375f19c common/memory: Fix ifdefs for ptdom_max_order-Wed 27 Jul 2022 00:22 * XSA-408 0052-x86-mm-correct-TLB-flush-condition-in-_get_page_type.diff:This is CVE-2022-33745 / XSA-408 -- Mark Pryor Wed, 27 Jul 2022 08:55:16 -0700 xen (4.16.1-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload * HEAD @ 0a5387a01165b46c8 x86/spec-ctrl: Mitigate Branch Type Confusion when possible-Tue 12 Jul 2022 08:25 * XSA-401 0022-x86-pv-Clean-up-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362. 0023-x86-pv-Fix-ABAC-cmpxchg-race-in-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362. * XSA-402 0024-x86-page-Introduce-_PAGE_-constants-for-memory-types.diff:This is part of XSA-402. 0025-x86-Don-t-change-the-cacheability-of-the-directmap.diff:This is CVE-2022-26363, part of XSA-402. 0026-x86-Split-cache_flush-out-of-cache_writeback.diff:This is part of XSA-402. 0027-x86-amd-Work-around-CLFLUSH-ordering-on-older-parts.diff:This is part of XSA-402. 0028-x86-pv-Track-and-flush-non-coherent-mappings-of-RAM.diff:This is CVE-2022-26364, part of XSA-402. * XSA-404 0030-x86-spec-ctrl-Make-VERW-flushing-runtime-conditional.diff:This is part of XSA-404. 0031-x86-spec-ctrl-Enumeration-for-MMIO-Stale-Data-control.diff:This is part of XSA-404. 0032-x86-spec-ctrl-Add-spec-ctrl-unpriv-mmio.diff:This is part of XSA-404. * XSA-407 0044-x86-spec-ctrl-Rework-spec_ctrl_flags-context-switchin.diff:This is part of XSA-407. 0045-x86-spec-ctrl-Rename-SCF_ist_wrmsr-to-SCF_ist_sc_msr.diff:This is part of XSA-407. 0047-x86-spec-ctrl-Rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.diff:This is part of XSA-407. 0048-x86-spec-ctrl-Support-IBPB-on-entry.diff:This is part of XSA-407. 0049-x86-cpuid-Enumeration-for-BTC_NO.diff:This is part of XSA-407. 0050-x86-spec-ctrl-Enable-Zen2-chickenbit.diff:This is part of XSA-407. 0051-x86-spec-ctrl-Mitigate-Branch-Type-Confusion-when-pos.diff:This is part of XSA-407 / CVE-2022-23825. -- Mark Pryor Tue, 12 Jul 2022 15:40:29 -0700 xen (4.16.1-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 8e11ec8fbf6f933f PCI: dont allow "pci-phantom=" to mark real devices as phantom functions-Tue 7 Jun 2022 05:08 -- Mark Pryor Wed, 08 Jun 2022 12:28:43 -0700 xen (4.16.1-1+deb11u1.1) bullseye; urgency=medium * HEAD @ f26544492298cb82 update Xen version to 4.16.1-Tue 12 Apr 2022 05:21 * XSA-397 0090-x86-hap-do-not-switch-on-log-dirty-for-VRAM-tracking.diff:This is CVE-2022-26356 / XSA-397. * XSA-399 0091-VT-d-correct-ordering-of-operations-in-cleanup_domid_.diff:This is CVE-2022-26357 / XSA-399. * XSA-400 0092-VT-d-fix-de-assign-ordering-when-RMRRs-are-in-use.diff:This is CVE-2022-26358 / part of XSA-400. 0096-VT-d-re-assign-devices-directly.diff:This is CVE-2022-26359 / part of XSA-400. 0097-AMD-IOMMU-re-assign-devices-directly.diff:This is CVE-2022-26360 / part of XSA-400. 0103-IOMMU-x86-use-per-device-page-tables-for-quarantining.diff:This is CVE-2022-26361 / part of XSA-400 -- Mark Pryor Wed, 13 Apr 2022 17:57:12 -0700 xen (4.16.0-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 4dcddbba664cc91 livepatch: resolve old address before function verification-Mon 28 Mar 2022 04:49 * XSA-398 0052-xen-arm-Introduce-new-Arm-processors.diff:This is part of XSA-398 / CVE-2022-23960. 0053-xen-arm-move-errata-CSV2-check-earlier.diff:This is part of XSA-398 / CVE-2022-23960. 0054-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.diff:This is part of XSA-398 / CVE-2022-23960. 0055-xen-arm-Add-Spectre-BHB-handling.diff:This is part of XSA-398 / CVE-2022-23960. 0056-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKAROU.diff:This is part of XSA-398 / CVE-2022-23960. 0057-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.diff:This is part of XSA-398 / CVE-2021-26401. -- Mark Pryor Mon, 28 Mar 2022 09:39:55 -0700 xen (4.16.0-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 2d8eade97343e99c x86/spec-ctrl: Support Intel PSFD for guests-Tue 8 Feb 2022 10:01 * qemuu: v6.1.1 from staging-4.16 * XSA-393 0014-xen-arm-p2m-Always-clear-the-P2M-entry-when-the-mappi.diff:This is CVE-2022-23033 / XSA-393. * XSA-394 0015-xen-grant-table-Only-decrement-the-refcounter-when-gr.diff:This is CVE-2022-23034 / XSA-394. * XSA-395 0016-passthrough-x86-stop-pirq-iteration-immediately-in-ca.diff:This is CVE-2022-23035 / XSA-395. -- Mark Pryor Fri, 11 Feb 2022 08:40:51 -0800 xen (4.16.0-1+deb11u1.1) bullseye; urgency=medium * HEAD @ b0b4661fa3cba99 xen/Makefile: Set 4.16 version-Tue 30 Nov 2021 03:42 * final release * libxenstore4.0 is new -- Mark Pryor Wed, 01 Dec 2021 08:34:55 -0800 xen (4.16~rc4-1+deb11u1.1) bullseye; urgency=medium * HEAD @ 59505f48fabed Turn off debug by default-Tue 23 Nov 2021 08:43 * 4.16 rc4 initial build -- Mark Pryor Sun, 28 Nov 2021 18:07:05 -0800 xen (4.15.1-1+deb11u1.4) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 544e547a63175ac6 x86/P2M: deal with partial success of p2m_set_entry()-Tue 23 Nov 2021 04:26 * XSA-385 0033-xen-page_alloc-Harden-assign_pages.diff:This is CVE-2021-28706 / part of XSA-385. * XSA-388 0034-x86-PoD-deal-with-misaligned-GFNs.diff:This is CVE-2021-28704 and CVE-2021-28707 / part of XSA-388. 0035-x86-PoD-handle-intermediate-page-orders-in-p2m_pod_ca.diff:This is CVE-2021-28708 / part of XSA-388. * XSA-389 0036-x86-P2M-deal-with-partial-success-of-p2m_set_entry.diff:This is CVE-2021-28705 and CVE-2021-28709 / XSA-389. * XSA-390 VT-d-fix-reduced-page-table-levels-support-when-shari.diff:This is CVE-2021-28710 / XSA-390. -- Mark Pryor Wed, 24 Nov 2021 09:08:32 -0800 xen (4.15.1-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ f50ef17c9884c0c2d48 x86/PV32: fix physdev_op_compat handling-Fri 15 Oct 2021 02:06 * qemu-xen: upgrade to 6.1.0 from staging add build-dep: python3-sphinx-rtd-theme sphinx-rtd-theme-common * rebuild for bullseye 11.1 -- Mark Pryor Sat, 30 Oct 2021 09:33:49 -0700 xen (4.15.1-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 3b98d9f35a9edd VT-d: fix deassign of device with RMRR-Tue 5 Oct 2021 11:49 * XSA-386 VT-d: fix deassign of device with RMRR. This is CVE-2021-28702 / XSA-386 -- Mark Pryor Wed, 06 Oct 2021 13:07:32 -0700 xen (4.15.1-1+deb11u1.1) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 84fa99099b920f7b update Xen version to 4.15.1-Fri 10 Sep 2021 00:03 * qemu-xen-6* included * XSA-384 0100-gnttab-deal-with-status-frame-mapping-race.diff.This is CVE-2021-28701 / XSA-384. * initial release -- Mark Pryor Tue, 21 Sep 2021 07:52:36 -0700 xen (4.15.0-1+deb11u1.7) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 91bb9e9b0c0e2af tools/firmware/ovmf: Use OvmfXen platform file is exist-Wed 25 Aug 2021 06:29 * XSA-378 0073-AMD-IOMMU-correct-global-exclusion-range-extending.diff:This is part of XSA-378 / CVE-2021-28695. 0074-AMD-IOMMU-correct-device-unity-map-handling.diff:This is part of XSA-378 / CVE-2021-28695. 0075-IOMMU-also-pass-p2m_access_t-to-p2m_get_iommu_flags.diff:This is part of XSA-378. 0076-IOMMU-generalize-VT-d-s-tracking-of-mapped-RMRR-regio.diff:This is part of XSA-378. 0077-AMD-IOMMU-re-arrange-complete-re-assignment-handling.diff:This is CVE-2021-28696 / part of XSA-378. 0078-AMD-IOMMU-re-arrange-exclusion-range-and-unity-map-re.diff:This is part of XSA-378. 0079-x86-p2m-introduce-p2m_is_special.diff:This is part of XSA-378. 0080-x86-p2m-guard-in-particular-identity-mapping-entries.diff:This is CVE-2021-28694 / part of XSA-378. * XSA-379 0081-x86-mm-widen-locked-region-in-xenmem_add_to_physmap_o.diff:This is CVE-2021-28697 / XSA-379. * XSA-380 0082-gnttab-add-preemption-check-to-gnttab_release_mapping.diff:This is part of CVE-2021-28698 / XSA-380. 0083-gnttab-replace-mapkind.diff:This is part of CVE-2021-28698 / XSA-380. * XSA-382 0084-gnttab-fix-array-capacity-check-in-gnttab_get_status_.diff:This is CVE-2021-28699 / XSA-382. * XSA-383 0085-xen-arm-Restrict-the-amount-of-memory-that-dom0less-d.diff:This is CVE-2021-28700 / XSA-383. * qemu-xen: upgrade to v6.0.0 from staging -- Mark Pryor Sat, 28 Aug 2021 14:31:37 -0700 xen (4.15.0-1+deb11u1.6) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ 6bbdcefd205903b2181b libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl-Thu 19 Aug 2021 09:46 -- Mark Pryor Sat, 21 Aug 2021 10:18:12 -0700 xen (4.15.0-1+deb11u1.5) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ dba774896f7dd7477 xen/arm: bootfdt: Always sort memory banks-Fri 16 Jul 2021 13:08 -- Mark Pryor Tue, 27 Jul 2021 08:43:28 -0700 xen (4.15.0-1+deb11u1.4) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ ec457ac2a29279e8cd x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL-Thu 17 Jun 2021 06:36 * document XSA-370 0011-SUPPORT.md-Document-speculative-attacks-status-of-non.diff:This documents, but does not fix, XSA-370. * XSA-372 0021-xen-arm-Create-dom0less-domUs-earlier.diff:This is part of XSA-372 / CVE-2021-28693. 0022-xen-arm-Boot-modules-should-always-be-scrubbed-if-boo.diff:This is part of XSA-372 / CVE-2021-28693. * XSA-373 0023-VT-d-size-qinval-queue-dynamically.diff:This is part of XSA-373 / CVE-2021-28692. 0024-AMD-IOMMU-size-command-buffer-dynamically.diff:This is part of XSA-373 / CVE-2021-28692. 0025-VT-d-eliminate-flush-related-timeouts.diff:This is part of XSA-373 / CVE-2021-28692. 0028-AMD-IOMMU-wait-for-command-slot-to-be-available.diff:This is part of XSA-373 / CVE-2021-28692. 0029-AMD-IOMMU-drop-command-completion-timeout.diff:This is part of XSA-373 / CVE-2021-28692. * XSA-375 0026-x86-spec-ctrl-Protect-against-Speculative-Code-Store-.diff:This is XSA-375 / CVE-2021-0089. * XSA-377 0027-x86-spec-ctrl-Mitigate-TAA-after-S3-resume.diff:This is XSA-377 / CVE-2021-28690. -- Mark Pryor Sun, 11 Jul 2021 16:36:18 -0700 xen (4.15.0-1+deb11u1.3) bullseye; urgency=medium * Non-maintainer upload. * enable pvshim * xsm/flask hypervisor: merge into tools -- Mark Pryor Sat, 29 May 2021 11:59:01 -0700 xen (4.15.0-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ eb1f325186be9e02c3 x86/hpet: Dont enable legacy replacement mode unconditionally-Tue 20 Apr 2021 02:59 -- Mark Pryor Mon, 26 Apr 2021 15:35:02 -0700 xen (4.15.0-1+deb11u1.1) bullseye; urgency=medium * HEAD @ e25aa9939ae0cd8 README, Makefile: Prep for release-Tue 6 Apr 2021 10:14 * d/control: new depends on libzstd-dev * d/libxenstore3.0.symbols: Base -> VERS_3.0.3 * XSA-360 0009-x86-dpci-do-not-remove-pirqs-from-domain-tree-on-unbi.diff:This is XSA-360 * XSA-364 0010-xen-page_alloc-Only-flush-the-page-to-RAM-once-we-kno.diff:This is XSA-364. * XSA-368 0033-libxl-Fix-domain-soft-reset-state-handling.diff:This is XSA-368. * pygrub: clean up sys.path -- Mark Pryor Sat, 17 Apr 2021 13:27:37 -0700 xen (4.14.1-1+deb11u1.1) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ ad844aa352559a8b1 update Xen version to 4.14.1-Thu Dec 17 2020 08:47 * new minor release, initial build * d/control: remove dh-systemd depends * XSA-355 0081-memory-fix-off-by-one-in-XSA-346-change.diff:This is XSA-355. * XSA-353 0089-tools-ocaml-xenstored-do-permission-checks-on-xenstor.diff:This is XSA-353. * XSA-115 0090-tools-xenstore-allow-removing-child-of-a-node-exceedi.diff:This is part of XSA-115. 0091-tools-xenstore-ignore-transaction-id-for-un-watch.diff:This is part of XSA-115. 0092-tools-xenstore-fix-node-accounting-after-failed-node-.diff:This is part of XSA-115. 0093-tools-xenstore-simplify-and-rename-check_event_node.diff:This is part of XSA-115. 0094-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTRO.diff:This is part of XSA-115. 0095-tools-xenstore-rework-node-removal.diff:This is part of XSA-115. 0096-tools-xenstore-fire-watches-only-when-removing-a-spec.diff:This is part of XSA-115. 0097-tools-xenstore-introduce-node_perms-structure.diff:This is part of XSA-115. 0098-tools-xenstore-allow-special-watches-for-privileged-c.diff:This is part of XSA-115. 0099-tools-xenstore-avoid-watch-events-for-nodes-without-a.diff:This is part of XSA-115. 0100-tools-ocaml-xenstored-ignore-transaction-id-for-un-wa.diff:This is part of XSA-115. 0101-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMAI.diff:This is part of XSA-115. 0102-tools-ocaml-xenstored-unify-watch-firing.diff:This is part of XSA-115. 0103-tools-ocaml-xenstored-introduce-permissions-for-speci.diff:This is part of XSA-115. 0104-tools-ocaml-xenstored-avoid-watch-events-for-nodes-wi.diff:This is part of XSA-115. 0105-tools-ocaml-xenstored-add-xenstored.conf-flag-to-turn.diff:This is part of XSA-115. * XSA-322 0106-tools-xenstore-revoke-access-rights-for-removed-domai.diff:This is part of XSA-322. 0107-tools-ocaml-xenstored-clean-up-permissions-for-dead-d.diff:This is part of XSA-322. * XSA-323 0108-tools-ocaml-xenstored-Fix-path-length-validation.diff:This is part of XSA-323. * XSA-324 0109-tools-xenstore-drop-watch-event-messages-exceeding-ma.diff:This is XSA-324. * XSA-325 0110-tools-xenstore-Preserve-bad-client-until-they-are-des.diff:This is XSA-325. * XSA-330 0111-tools-ocaml-xenstored-delete-watch-from-trie-too-when.diff:This is XSA-330. * XSA-352 0112-tools-ocaml-xenstored-only-Dom0-can-change-node-owner.diff:This is XSA-352. * XSA-348 0115-x86-avoid-calling-svm-vmx-_do_resume.diff:This is XSA-348 / CVE-2020-29566. * XSA-356 0116-x86-irq-fix-infinite-loop-in-irq_move_cleanup_interru.diff:This is XSA-356 / CVE-2020-29567. * XSA-358 0117-evtchn-FIFO-re-order-and-synchronize-with-map_control.diff:This is XSA-358 / CVE-2020-29570. * XSA-359 0118-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from_.diff:This is XSA-359 / CVE-2020-29571. -- Mark Pryor Fri, 15 Jan 2021 13:59:52 -0800 xen (4.14.0-1+deb11u1.2) bullseye; urgency=medium * Non-maintainer upload. * HEAD @ d101b417b784a26 x86/msr: Disallow guest access to the RAPL MSRs-Tue 10 Nov 2020 09:43 * XSA-286 xen4e-0059-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XPT.diff:This is (not really) XSA-286 xen4e-0060-x86-pv-Flush-TLB-in-response-to-paging-structure-chan.diff:This is XSA-286. * XSA-351 xen4e-0078-xen-arm-Always-trap-AMU-system-registers.diff:This is part of XSA-351 (or XSA-93 re-born). xen4e-0080-x86-msr-Disallow-guest-access-to-the-RAPL-MSRs.diff:This is part of XSA-351. * d/control: tag python3-sphinx as noqemu -- Mark Pryor Fri, 15 Nov 2020 06:53:38 -0800 xen (4.14.0-1+deb11u1.1) bullseye; urgency=medium * Non-maintainer upload. * initial build, forward port from buster * HEAD @ 7b1e587f25c2dda38 hvmloader: flip "ACPI data" to "ACPI NVS" type for ACPI table region-Tue 20 Oct 2020 05:46 * gcc10 fixes: xen4e-0100-tool-libs-light-Fix-libxenlight-gcc-warning.diff xen4e-0101-tools-xenpmd-Fix-gcc10-snprintf-warning.diff xen4e-0102-gcc10-fixes.diff * XSA-345 xen4e-0039-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-singl.diff xen4e-0040-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit-.diff xen4e-0041-x86-mm-Prevent-some-races-in-hypervisor-mapping-updat.diff * XSA-346 xen4e-0042-IOMMU-suppress-iommu_dont_flush_iotlb-when-about-to-f.diff xen4e-0043-IOMMU-hold-page-ref-until-after-deferred-TLB-flush.diff * XSA-347 xen4e-0044-AMD-IOMMU-convert-amd_iommu_pte-from-struct-to-union.diff xen4e-0045-AMD-IOMMU-update-live-PTEs-atomically.diff xen4e-0046-AMD-IOMMU-ensure-suitable-ordering-of-DTE-modificatio.diff -- Mark Pryor Fri, 23 Oct 2020 12:40:32 -0700 xen (4.14.0-1+deb10u1.4) buster; urgency=medium * Non-maintainer upload. * d/control: introduce noqemu build profile qemuu & qemut are built with restriction add our profile to templates -- Mark Pryor Wed, 07 Oct 2020 16:01:08 -0700 xen (4.14.0-1+deb10u1.3) buster; urgency=medium * Non-maintainer upload. * HEAD @ c93b520a41f2787d evtchn/Flask: pre-allocate node on send path-Fri 2 Oct 2020 03:34 * XSA-333 0021-x86-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-corr.diff:This is XSA-333. * XSA-334 0022-xen-memory-Don-t-skip-the-RCU-unlock-path-in-acquire_.diff:This is XSA-334. * XSA-336 0023-x86-vpt-fix-race-when-migrating-timers-between-vCPUs.diff:This is XSA-336. * XSA-337 0024-x86-msi-get-rid-of-read_msi_msg.diff:This is part of XSA-337. 0025-x86-MSI-X-restrict-reading-of-table-PBA-bases-from-BA.diff:This is part of XSA-337. * XSA-338 0026-evtchn-relax-port_is_valid.diff:This is XSA-338. * XSA-339 0027-x86-pv-Avoid-double-exception-injection.diff:This is XSA-339 * XSA-340 0028-xen-evtchn-Add-missing-barriers-when-accessing-alloca.diff:This is XSA-340. * XSA-342 0029-evtchn-x86-enforce-correct-upper-limit-for-32-bit-gue.diff:This is XSA-342. * XSA-343 0030-evtchn-evtchn_reset-shouldn-t-succeed-with-still-open.diff:This is part of XSA-343. 0031-evtchn-convert-per-channel-lock-to-be-IRQ-safe.diff:This is part of XSA-343. 0032-evtchn-address-races-with-evtchn_reset.diff:This is part of XSA-343. * XSA-344 0033-evtchn-arrange-for-preemption-in-evtchn_destroy.diff:This is part of XSA-344. 0034-evtchn-arrange-for-preemption-in-evtchn_reset.diff:This is part of XSA-344. -- Mark Pryor Sat, 03 Oct 2020 13:05:25 -0700 xen (4.14.0-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ 28855ebcdbfa43 xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout()-Mon 14 Sep 2020 17:20 -- Mark Pryor Sat, 19 Sep 2020 15:43:13 -0700 xen (4.14.0-1+deb10u1.1) buster; urgency=medium * initial release * HEAD @ 456957aaa1391e README, Makefile: Xen 4.14.0 release-Thu 23 Jul 2020 08:07 -- Mark Pryor Thu, 23 Jul 2020 11:36:22 -0700 xen (4.14~rc6-1+deb10u1.1) buster; urgency=medium * Non-maintainer upload. * XSA-328 0015-x86-EPT-ept_set_middle_entry-related-adjustments.diff:This is part of XSA-328. 0016-x86-ept-atomically-modify-entries-in-ept_next_level.diff:This is part of XSA-328. * XSA-321 0017-vtd-improve-IOMMU-TLB-flush.diff:This is part of XSA-321. 0018-vtd-prune-and-rename-cache-flush-functions.diff:This is part of XSA-321. 0019-x86-iommu-introduce-a-cache-sync-hook.diff:This is part of XSA-321. 0020-vtd-don-t-assume-addresses-are-aligned-in-sync_cache.diff:This is part of XSA-321. 0021-x86-alternative-introduce-alternative_2.diff:This is part of XSA-321. 0022-vtd-optimize-CPU-cache-sync.diff:This is part of XSA-321. 0023-x86-ept-flush-cache-when-modifying-PTEs-and-sharing-p.diff:This is part of XSA-321. * XSA-327 0024-xen-Check-the-alignment-of-the-offset-pased-via-VCPUO.diff:This is XSA-327. -- Mark Pryor Wed, 15 Jul 2020 10:03:41 -0700 xen (4.14~rc3-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ f97f99c8d88ebc108f x86emul: fix FXRSTOR test for most AMD CPUs-Mon 6 Jul 2020 11:12 * same as rc5 -- Mark Pryor Mon, 06 Jul 2020 19:08:38 -0700 xen (4.14~rc3-1+deb10u1.1) buster; urgency=medium * Non-maintainer upload. * HEAD @ fde76f895d0aa817 tools: Commit flex (2.6.4) & bison (3.3.2) output from Debian buster-Fri 19 Jun 2020 08:20 * initial build xen-4.14~rc3 -- Mark Pryor Sun, 28 Jun 2020 08:01:01 -0700 xen (4.14~rc1-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ 2995d0afdf2d3fb44d0 x86/passthrough: introduce a flag for GSIs not requiring an EOI or unmask-Thu 11 Jun 2020 10:14 * XSA-320 xen4e-0013-x86-spec-ctrl-CPUID-MSR-definitions-for-Special-Regis.diff xen4e-0014-x86-spec-ctrl-Mitigate-the-Special-Register-Buffer-Da.diff xen4e-0016-x86-spec-ctrl-Update-docs-with-SRBDS-workaround.diff: -- Mark Pryor Fri, 12 Jun 2020 11:24:13 -0700 xen (4.14~rc1-1+deb10u1.1) buster; urgency=medium * HEAD @ 726c78d14dfe6ec76 Version changes for 4.14.0-rc-Mon 8 Jun 2020 15:18 * initial build * new: libxenhypfs to libxen-4.14 * install-utils_amd64: libs from here in qemuu build -- Mark Pryor Tue, 09 Jun 2020 12:32:43 -0700 xen (4.13.1-1+deb10u1.1) buster; urgency=medium * HEAD @ 6278553325a9f76d update Xen version to 4.13.1-Thu 14 May 2020 05:19 -- Mark Pryor Tue, 19 May 2020 17:53:14 -0700 xen (4.13.0-1+deb10u1.6) buster; urgency=medium * Non-maintainer upload. * HEAD @ 181614a71070ee1 AMD/IOMMU: fix off-by-one in amd_iommu_get_paging_mode() callers-Thu 9 Apr 2020 00:26 -- Mark Pryor Sat, 11 Apr 2020 15:34:22 -0700 xen (4.13.0-1+deb10u1.5) buster; urgency=medium * Non-maintainer upload. * HEAD @ d3f3e447676667ef30b x86/msr: Virtualise MSR_PLATFORM_ID properly-Thu 5 Mar 2020 02:07 * d/control: removed glusterfs-common depends * lowlevel/xc: patch to support python 3.8 misc-0503-lowlevel-xc-fix-function-calls-py38.diff -- Mark Pryor Sun, 15 Mar 2020 10:21:11 -0700 xen (4.13.0-1+deb10u1.4) buster; urgency=medium * Non-maintainer upload. * HEAD @ 721f2c323ca55c77 x86: clear per cpu stub page information in cpu_smpboot_free-Wed 15 Jan 2020 05:24 * XSA-312 0004-xen-arm-Place-a-speculation-barrier-sequence-followin.diff -- Mark Pryor Tue, 21 Jan 2020 11:11:18 -0800 xen (4.13.0-1+deb10u1.3) buster; urgency=medium * Non-maintainer upload. * using single tarball, no auxiliary tarballs -- Mark Pryor Tue, 07 Jan 2020 09:49:43 -0800 xen (4.13.0-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * d/rules.real: new rules to build 2 hypervisors, default and XSM/flask shorten hypervisor buildroot names, build-hypervisor -> bld-hyp qemut: add ipxe-qemu to build-depends -- Mark Pryor Fri, 27 Dec 2019 17:43:07 -0800 xen (4.13.0-1+deb10u1.1) buster; urgency=medium * HEAD @ a2e84d8e42c9e878f 4.13.0: Update xen/Makefile XEN_EXTRAVERSION-Tue 17 Dec 2019 06:23 * initial release * d/control: new package qemut, provides (qemu-dm) source tarball: xen_4.13.0.orig-qemut.tar.xz enable sdl, d/control: libsdl1.2debian, libsdl1.2-dev -- Mark Pryor Wed, 18 Dec 2019 09:18:31 -0800 xen (4.13~rc4-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ ecd3e34ff88b4a x86/svm: Fix handling of EFLAGS.RF on task switch-Wed 11 Dec 2019 09:10 * virtual rc5 equivalent * XSA-307 x86-Arm32-make-find_next_-zero_-bit-have-well-defined.diff:This is XSA-307. * XSA-308 x86-vtx-Work-around-SingleStep-STI-MovSS-VMEntry-fail.diff:This is XSA-308 * XSA-309 x86-mm-Don-t-reset-linear_pt_count-on-partial-validat.diff:This is XSA-309. * XSA-310 x86-mm-Set-old_guest_table-when-destroying-vcpu-paget.diff:This is part of XSA-310. x86-mm-alloc-free_lN_table-Retain-partial_flags-on-EI.diff:This is part of XSA-310. x86-mm-relinquish_memory-Grab-an-extra-type-ref-when-.diff:This is part of XSA-310. * XSA-311 AMD-IOMMU-Cease-using-a-dynamic-height-for-the-IOMMU-.diff:This is XSA-311. -- Mark Pryor Mon, 16 Dec 2019 08:58:06 -0800 xen (4.13~rc4-1+deb10u1.1) buster; urgency=medium * HEAD @ 8ba357fc326c9e x86/psr: fix bug which may cause crash-Mon 2 Dec 2019 07:19 * lz4: 0101-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.diff support direct kernel boot of LZ compressed kernel in ub20.04 * turn-off debug -- Mark Pryor Wed, 04 Dec 2019 18:37:40 -0800 xen (4.13~rc3-1+deb10u1.1) buster; urgency=medium * Non-maintainer upload. * HEAD @ 72580a8d3c7ac708 x86/microcode: refuse to load the same revision ucode-Wed 27 Nov 2019 04:53 * XSA-306 xen4d-0005-IOMMU-default-to-always-quarantining-PCI-devices.diff -- Mark Pryor Wed, 27 Nov 2019 13:08:46 -0800 xen (4.13~rc2-1+deb10u1.1) buster; urgency=medium * HEAD @ 8c4330818f6ee x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel-Tue 12 Nov 2019 09:12 * XSA-296 xen-hypercall-Don-t-use-BUG-for-parameter-checking-in.diff * XSA-298 x86-PV-check-GDT-LDT-limits-during-emulation.diff:This is XSA-298. * XSA-299 x86-mm-L1TF-checks-don-t-leave-a-partial-entry.diff:This is part of XSA-299. x86-mm-Don-t-re-set-PGT_pinned-on-a-partially-de-vali.diff:This is part of XSA-299. x86-mm-Separate-out-partial_pte-tristate-into-individ.diff:This is part of XSA-299. x86-mm-Use-flags-for-_put_page_type-rather-than-a-boo.diff:This is part of XSA-299. x86-mm-Rework-get_page_and_type_from_mfn-conditional.diff:This is part of XSA-299. x86-mm-Have-alloc_l-23-_table-clear-partial_flags-whe.diff:This is part of XSA-299. x86-mm-Always-retain-a-general-ref-on-partial.diff:This is part of XSA-299. x86-mm-Properly-handle-linear-pagetable-promotion-fai.diff:This is part of XSA-299. x86-mm-Fix-nested-de-validation-on-error.diff:This is part of XSA-299. x86-mm-Don-t-drop-a-type-ref-unless-you-held-a-ref-to.diff:This is part of XSA-299. * XSA-301 xen-arm-p2m-Avoid-aliasing-guest-physical-frame.diff:This is part of XSA-301. xen-arm-p2m-Avoid-off-by-one-check-on-p2m-max_mapped_.diff:This is part of XSA-301. xen-arm-p2m-Don-t-check-the-return-of-p2m_get_root_po.diff:This is part of XSA-301. * XSA-302 passthrough-quarantine-PCI-devices.diff * XSA-303 xen-arm32-entry-Split-__DEFINE_ENTRY_TRAP-in-two.diff:This is part of XSA-303. xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro-.diff:This is part of XSA-303. xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303. xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303. * XSA-304 xen4d-0012-x86-vtd-Hide-superpage-support-for-SandyBridge-IOMMUs.diff xen4d-0013-x86-vtx-Disable-executable-EPT-superpages-to-work-aro.diff * XSA-305 xen4d-0015-x86-tsx-Introduce-tsx-to-use-MSR_TSX_CTRL-when-availa.diff xen4d-0016-x86-spec-ctrl-Mitigate-the-TSX-Asynchronous-Abort-sid.diff * qemuu: v4.1.0-2+deb10u1.1 -- Mark Pryor Fri, 15 Nov 2019 11:07:08 -0800 xen (4.13~rc1-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ dfcccc663157c638d efi: use directmap to access runtime services table-Fri 25 Oct 2019 08:50 * firmware: misc-0302-firmware-turn-off-debug-in-make.patch -- Mark Pryor Sun, 27 Oct 2019 10:59:40 -0700 xen (4.13~rc1-1+deb10u1.1) buster; urgency=medium * HEAD @ 518c935fac4d30b3 Prep for 4.13.0-rc1: Set version to -rc-Mon 14 Oct 2019 03:31 * initial released rc * tarball is renamed, recompressed, and carries qemu-xen no separate tarball for qemu -- Mark Pryor Mon, 14 Oct 2019 11:13:19 -0700 xen (4.13~rc0-1+deb10u1.1) buster; urgency=medium * Non-maintainer upload. * proto rc * HEAD @ 4fc32c22c0588a iommu/arm: Remove arch_iommu_populate_page_table completely-Wed 9 Oct 2019 08:34 * blktap2 removed * qemuu: v4.1.0-1+deb10u1.1 -- Mark Pryor Fri, 11 Oct 2019 11:31:42 -0700 xen (4.12.1-1+deb10u1.2) buster; urgency=medium * Non-maintainer upload. * HEAD @ 599d6d23cbb790a788 ioreq: fix hvm_all_ioreq_servers_add_vcpu fail path cleanup-Mon 23 Sep 2019 05:26 * new libs.mk,56dccee3f: prep for this going into xen-4.13 xen4c-0604-add-a-lib-prefix-for-all-but-toolcore.diff * backports from staging: xen4c-0221-sched-don-t-let-XEN_RUNSTATE_UPDATE-leak-into-vcpu_ru.diff xen4c-0203-libxl-9pfs-has-a-QEMU-backend.diff -- Mark Pryor Sun, 06 Oct 2019 13:44:12 -0700 xen (4.12.1-1+deb10u1.1) buster; urgency=medium * HEAD @ ba62d9e360f830ed2 update Xen version to 4.12.1-Fri 9 Aug 2019 03:44 * initial release * qemuu: v3.0.1-2+deb10u1.1 * backports from staging: 0002-x86-ept-pass-correct-level-to-p2m_entry_modify.diff 0003-libxl-9pfs-has-a-QEMU-backend.diff 0004-xen-sched-fix-memory-leak-in-credit2.diff -- Mark Pryor Fri, 16 Aug 2019 12:12:54 -0700 xen (4.12.0-1+deb10u1.7) buster; urgency=medium * Non-maintainer upload. * HEAD @ e5122c6c4a413e5 x86/ctxt-switch: Document and improve GDT handling-Fri 19 Jul 2019 07:14 * backports and enhancements from staging (11) -- Mark Pryor Sun, 21 Jul 2019 09:43:08 -0700 xen (4.12.0-1+deb10u1.6) buster; urgency=medium * Non-maintainer upload. * HEAD @ 7f2df4b62214645d x86/msi: fix loop termination condition in pci_msi_conf_write_intercept-Fri 5 Jul 2019 01:25 * rebuild for Buster release * qemuu: qemuu-0201-xen_disk-fix-file-locking-in-emulation-and-migration.diff * configure: limit linux_backend_modules to those used in Buster -- Mark Pryor Fri, 12 Jul 2019 12:32:37 -0700 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog xen-hypervisor-4.18-amd64`.