xen (4.19.3-1+deb12u4.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 20cda53ff1453d102
    tools/libs/light: fix BAR memory address truncation-Fri 24 Oct 2025 05:22
  * XSA-472
    0014-x86-viridian-avoid-NULL-pointer-dereference-in-update.diff:This is CVE-2025-27466 / part of XSA-472.
    0015-x86-viridian-avoid-NULL-pointer-dereference-in-viridi.diff:This is CVE-2025-58142 / part of XSA-472.
    0016-x86-viridian-protect-concurrent-modification-of-the-r.diff:This is CVE-2025-58143 / part of XSA-472.
  * XSA-473
    0017-Arm-foreign-page-handling-in-p2m_get_page_from_gfn.diff:This is CVE-2025-58144 / part of XSA-473.
    0018-Arm-adjust-locking-in-p2m_get_page_from_gfn.diff:This is CVE-2025-58145 / part of XSA-473.
  * XSA-475
    0030-x86-viridian-Enforce-bounds-check-in-vpmask_set.diff:This is XSA-475 / CVE-2025-58147.
    0031-x86-viridian-Enforce-bounds-check-in-send_ipi.diff:This is XSA-475 / CVE-2025-58148.
  * XSA-476
    0033-tools-libs-light-fix-BAR-memory-address-truncation.diff:This is XSA-476 / CVE-2025-58149.

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 25 Oct 2025 19:34:35 -0700

xen (4.19.3-1+deb12u4.1) bookworm; urgency=medium

  * HEAD @ 077419f04a3125c58dc
    update Xen version to 4.19.3-Mon 4 Aug 2025 08:20

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 05 Aug 2025 08:07:25 -0700

xen (4.19.2-1+deb12u4.4) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ b026848daf3cca7a4e1
    x86/idle: undo use of MONITOR/MWAIT mnemonics-Wed 9 Jul 2025 03:18
  * XSA-470
    0069-x86-emul-Fix-extable-registration-in-invoke_stub.diff:This is XSA-470 / CVE-2025-27465
  * XSA-471
    0087-x86-ucode-Digests-for-TSA-microcode.diff:This is part of XSA-471 / CVE-2024-36350 / CVE-2024-36357.
    0088-x86-idle-Rearrange-VERW-and-MONITOR-in-mwait_idle_wit.diff:This is part of XSA-471 / CVE-2024-36350 / CVE-2024-36357.
    0089-x86-spec-ctrl-Mitigate-Transitive-Scheduler-Attacks.diff:This is part of XSA-471 / CVE-2024-36350 / CVE-2024-36357.

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 17 Jul 2025 07:38:06 -0700

xen (4.19.2-1+deb12u4.3) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2b92925c6d8bc6
    cpufreq: dont leave stale statistics pointer-Tue 13 May 2025 04:58
  * XSA-469
    0048-x86-guest-Remove-use-of-the-Xen-hypercall_page.diff:This is part of XSA-469 / CVE-2024-28956
    0049-x86-thunk-Mis-align-__x86_indirect_thunk_-to-mitigate.diff:This is part of XSA-469 / CVE-2024-28956
    0050-x86-thunk-Mis-align-the-RETs-in-clear_bhb_loops-to-mi.diff:This is part of XSA-469 / CVE-2024-28956
    0051-x86-stubs-Introduce-place_ret-to-abstract-away-raw-0x.diff:This is part of XSA-469 / CVE-2024-28956
    0052-x86-thunk-Build-Xen-with-Return-Thunks.diff:This is part of XSA-469 / CVE-2024-28956
    0053-x86-spec-ctrl-Synthesise-ITS_NO-to-guests-on-unaffect.diff:This is part of XSA-469 / CVE-2024-28956
  * d/scripts: various repair plus fix py3 shebang

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 13 May 2025 14:24:34 -0700

xen (4.19.2-1+deb12u4.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ cd0fa8381d3389f2
    xen: remove -N from the linker command line-Tue, 29 Apr 2025 02:58

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 29 Apr 2025 17:14:37 -0700

xen (4.19.2-1+deb12u4.1) bookworm; urgency=medium

  * HEAD @ f3362182e028119e
    update Xen version to 4.19.2-Fri 4 Apr 2025 03:47
  * initial build of 4.19.2

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 04 Apr 2025 09:22:20 -0700

xen (4.19.1-1+deb12u4.6) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ce591a92ca50d2b88
    xen/arinc653: call xfree with local IRQ enabled-Thu 20 Mar 2025 05:21

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 25 Mar 2025 10:44:45 -0700

xen (4.19.1-1+deb12u4.5) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ f2c5b4b1aa1972b5
    IOMMU/x86: the bus-to-bridge lock needs to be acquired IRQ-safe-Thu 27 Feb 2025 04:59
  * XSA-467
    0035-IOMMU-x86-the-bus-to-bridge-lock-needs-to-be-acquired.diff:This is XSA-467 / CVE-2025-1713.
  * qemuu v9.1.0

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 10 Mar 2025 14:32:57 -0700

xen (4.19.1-1+deb12u4.4) bookworm; urgency=medium

  * Non-maintainer upload.
  * xen-perf: split off xen-perf-hypervisor-4.19-amd64

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 09 Feb 2025 20:54:02 -0800

xen (4.19.1-1+deb12u4.3) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 4803a3c5b5f1f131bd8
    xen/events: fix race with set_global_virq_handler-Tue 21 Jan 2025 00:21
  * qemuu: v9.1.0

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 09 Feb 2025 17:22:59 -0800

xen (4.19.1-1+deb12u4.2) bookworm; urgency=medium

  * qemuu: v9.1.0, from staging
    test build for next gen qemu
  * HEAD @ 8dd897e691194929
    MISRA: Unmark Rules 1.1 and 2.1 as clean following Eclair upgrade-Tue 17 Dec 2024 14:01

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 27 Dec 2024 18:42:23 -0800

xen (4.19.1-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ ccf400846780289ae779
    update Xen version to 4.19.1-Tue 3 Dec 2024 23:52
  * qemuu: v8.0.5
  * XSA-463
    0070-x86-HVM-drop-stdvga-s-cache-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
    0071-x86-HVM-drop-stdvga-s-stdvga-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
    0072-x86-HVM-remove-unused-MMIO-handling-code.diff:This is part of XSA-463 / CVE-2024-45818
    0073-x86-HVM-drop-stdvga-s-gr-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
    0074-x86-HVM-drop-stdvga-s-sr-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
    0075-x86-HVM-drop-stdvga-s-g-s-r_index-struct-members.diff:This is part of XSA-463 / CVE-2024-45818
    0076-x86-HVM-drop-stdvga-s-vram_page-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
    0077-x86-HVM-drop-stdvga-s-lock-struct-member.diff:This is part of XSA-463 / CVE-2024-45818
  * XSA-464
    0079-libxl-Use-zero-ed-memory-for-PVH-acpi-tables.diff:This is XSA-464 / CVE-2024-45819.

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 05 Dec 2024 18:21:34 -0800

xen (4.19.0-1+deb12u3.4) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ fadbc7e32e42f1a4199b
    x86/boot: Fix XSM module handling during PVH boot-Tue 29 Oct 2024 08:31

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 29 Oct 2024 12:50:30 -0700

xen (4.19.0-1+deb12u3.3) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2c61ab407172682e13
    xen/ucode: Fix buffer under-run when parsing AMD containers-Tue 24 Sep 2024 05:44
  * XSA-462
    0015-x86-vLAPIC-prevent-undue-recursion-of-vlapic_error.

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 24 Sep 2024 10:25:08 -0700

xen (4.19.0-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 0918434e0fbee48c9
    automation: use expect to run QEMU-Fri 16 Aug 2024 15:20
  * XSA-460
    0011-x86-IOMMU-move-tracking-in-iommu_identity_mapping.diff:This is XSA-460 / CVE-2024-31145.
  * XSA-461
    0012-x86-pass-through-documents-as-security-unsupported-wh.diff:This is XSA-461 / CVE-2024-31146

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 26 Aug 2024 11:43:57 -0700

xen (4.19.0-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ 026c9fa29716b0ff0f8
    Set 4.19 version-Mon 29 Jul 2024 10:20
  * initial build of 4.19.0

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 30 Jul 2024 10:40:55 -0700

xen (4.19~rc3-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2d7b6170cc69f8a1a
    hotplug: Restore block-tap phy compatibility, again-Wed 24 Jul 2024 02:53
  * XSA-458
    0025-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch:This is CVE-2024-31143 / XSA-458

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 25 Jul 2024 11:49:03 -0700

xen (4.19~rc3-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ 1ddc8c1bad93aa6cbf
    CI: Add Ubuntu 22.04-Jammy and 24.04-Noble testing-Fri 12 Jul 2024 10:58
  * no debug build
    xen_perf_fix, add: # CONFIG_SELF_TESTS is not set

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 20 Jul 2024 15:50:49 -0700

xen (4.19~rc1-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ 4a73eb4c205d6b2d3e44f3f
    Update Xen version to 4.19-rc-Mon 1 Jul 2024 10:31
  * initial proto build of 4.19~rc
  * remove qemuu-uncom package from d/control and d/rules.real

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 08 Jul 2024 12:31:34 -0700

xen (4.18.2-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 01f7a3c792241d348a4
    update Xen version to 4.18.3-pre-Tue 21 May 2024 02:52

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 24 May 2024 10:51:40 -0700

xen (4.18.2-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ b2863e468e8119664be6
    Update Xen version to 4.18.2-Tue 9 Apr 2024 08:45
  * XSA-454
    0015-x86-HVM-clear-upper-halves-of-GPRs-upon-entry-from-32.diff:This is part of XSA-454 / CVE-2023-46842.
    0016-hypercall_xlat_continuation-Replace-BUG_ON-with-domai.diff:This is part of XSA-454 / CVE-2023-46842.
  * XSA-455
    0017-x86-spec-ctrl-Fix-BTC-SRSO-mitigations.diff:This is XSA-455 / CVE-2024-31142.
    0038-x86-spec-ctrl-Rename-spec_ctrl_flags-to-scf.diff:XSA-455 was ultimately caused by having fields with too-similar names.
    0046-x86-Use-indirect-calls-in-reset-stack-infrastructure.diff:Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind()
  * XSA-456
    0046-x86-Use-indirect-calls-in-reset-stack-infrastructure.diff:This is part of XSA-456 / CVE-2024-2201.
    0047-x86-Drop-INDIRECT_JMP.diff:This is part of XSA-456 / CVE-2024-2201.
    0048-x86-tsx-Expose-RTM_ALWAYS_ABORT-to-guests.diff:This is part of XSA-456 / CVE-2024-2201.
    0049-x86-spec-ctrl-Support-BHI_DIS_S-in-order-to-mitigate-.diff:This is part of XSA-456 / CVE-2024-2201.
    0050-x86-spec-ctrl-Software-BHB-clearing-sequences.diff:This is part of XSA-456 / CVE-2024-2201.
    0051-x86-spec-ctrl-Wire-up-the-Native-BHI-software-sequenc.diff:This is part of XSA-456 / CVE-2024-2201.
    0052-x86-spec-ctrl-Support-the-long-BHB-loop-sequence.diff:This is part of XSA-456 / CVE-2024-2201.

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 11 Apr 2024 09:42:10 -0700

xen (4.18.1-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * rebuild for nmu

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 22 Mar 2024 08:12:33 -0700

xen (4.18.1-1~ng12u3.1) bookworm; urgency=medium

  * HEAD @ ea82c8cdbfe5a6e3bb60
    update Xen version to 4.18.1-Mon 18 Mar 2024 01:27
  * 4.18.1 initial release
  * qemuu: v8.0.4+1-1~ng12u3.1
  * XSA-452
    0060-x86-vmx-Perform-VERW-flushing-later-in-the-VMExit-pat.diff:This is part of XSA-452 / CVE-2023-28746.
    0061-x86-spec-ctrl-Perform-VERW-flushing-later-in-exit-pat.diff:This is part of XSA-452 / CVE-2023-28746.
    0062-x86-spec-ctrl-Rename-VERW-related-options.diff:This is part of XSA-452 / CVE-2023-28746.
    0063-x86-spec-ctrl-VERW-handling-adjustments.diff:This is part of XSA-452 / CVE-2023-28746.
    0064-x86-spec-ctrl-Mitigation-Register-File-Data-Sampling.diff:This is part of XSA-452 / CVE-2023-28746.
  * XSA-453
    0066-x86-spinlock-introduce-support-for-blocking-speculati.diff:This is part of XSA-453 / CVE-2024-2193
    0067-rwlock-introduce-support-for-blocking-speculation-int.diff:This is part of XSA-453 / CVE-2024-2193
    0068-percpu-rwlock-introduce-support-for-blocking-speculat.diff:This is part of XSA-453 / CVE-2024-2193
    0069-locking-attempt-to-ensure-lock-wrappers-are-always-in.diff:This is part of XSA-453 / CVE-2024-2193
    0070-x86-mm-add-speculation-barriers-to-open-coded-locks.diff:This is part of XSA-453 / CVE-2024-2193
    0071-x86-protect-conditional-lock-taking-from-speculative-.diff:This is part of XSA-453 / CVE-2024-2193

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 20 Mar 2024 16:58:49 -0700

xen (4.18.0-1~ng12u3.6) bookworm; urgency=medium

  * Non-maintainer upload.
  * ng (next generation) packaging, preparing for time64 transition
  * split libs out xen-utils-<ver> into a new pkg, libxenfsutl4.18
  * rename libxen-<ver> as libxenmisc4.18

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 08 Mar 2024 14:11:41 -0800

xen (4.18.0-1+deb12u3.5) bookworm; urgency=medium

  * Non-maintainer upload.
  * fd7cb7a1d0433049d8fc594
    x86/cpu-policy: Allow for levelling of VERW side effects-Tue 5 Mar 2024 02:55
  * XSA-451
    0042-x86-account-for-shadow-stack-in-exception-from-stub-r.diff:This is CVE-2023-46841 / XSA-451.

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 05 Mar 2024 14:52:04 -0800

xen (4.18.0-1+deb12u3.4) bookworm; urgency=medium

  * Non-maintainer upload.
  * hypervisor: new xenperf hypervisor
    applet, sed edit: d/xen_perf_fix
    d/rules.real new flag, DEBUG_XENPERF

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 04 Feb 2024 13:17:57 -0800

xen (4.18.0-1+deb12u3.3) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ b1fdd7d0e47e0831ac
    x86/ucode: Fix stability of the raw CPU Policy rescan-Thu 1 Feb 2024 09:02
  * XSA-450
    0020-VT-d-Fix-else-vs-endif-misplacement.diff:This is XSA-450 / CVE-2023-46840.
  * XSA-449
    0019-pci-fail-device-assignment-if-phantom-functions-canno.diff:This is XSA-449 / CVE-2023-46839

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 03 Feb 2024 11:24:29 -0800

xen (4.18.0-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 1792d1723b7fb45a
    x86/x2apic: introduce a mixed physical/cluster mode-Tue 12 Dec 2023 05:45
  * XSA-447
    0017-xen-arm-page-Avoid-pointer-overflow-on-cache-clean-in.diff:This is XSA-447 / CVE-2023-46837. 
  * xen kconfig (d/xen_4.18_amd64.config): rebase as 7b120ef0b9ab3866059d0afc2d112

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 22 Dec 2023 10:03:01 -0800

xen (4.18.0-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ d75f1e9b74314cea91ce
    SUPPORT.md: Update release notes URL-Thu 16 Nov 2023 13:44
  - initial build of 4.18.0 release
  - XSA-445
    iommu-amd-vi-use-correct-level-for-quarantine-domain-.diff:This is XSA-445 / CVE-2023-46835
  - XSA-446
    x86-spec-ctrl-Remove-conditional-IRQs-on-ness-for-INT.diff:This is XSA-446 / CVE-2023-46836

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 16 Nov 2023 15:00:47 -0800

xen (4.18~rc3-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 7c3616e6f1aa54188
    x86/microcode: Disable microcode update handler if DIS_MCU_UPDATE is set-Wed 18 Oct 2023 08:03
  * d/libxenstore4.0.symbols: minver=4.16.0

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 23 Oct 2023 14:12:31 -0700

xen (4.18~rc3-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ 0ce2ee7a16f2886c3
    xenalyze: Reduce warnings about leaving a vcpu in INIT-Mon 16 Oct 2023 07:01
  * 4.18~rc3 initial build

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 16 Oct 2023 14:20:26 -0700

xen (4.18~rc2-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * reorder patches ahead of the next release: pygrub,libfsimage,order-dependent
    same patches in rh & debian, except for qemuu build mods: misc-0403*
  * no functional change

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 13 Oct 2023 16:55:38 -0700

xen (4.18~rc2-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ dc9d9aa62ddeb14abd5
    x86/pv: Correct the auditing of guest breakpoint addresses-Tue 10 Oct 2023 22:36
  * XSA-442
    0026-iommu-amd-vi-flush-IOMMU-TLB-when-flushing-the-DTE.diff:This is XSA-442 / CVE-2023-34326
  * XSA-443
    0027-libfsimage-xfs-Remove-dead-code.diff:This is part of XSA-443 / CVE-2023-34325
    0028-libfsimage-xfs-Amend-mask32lo-to-allow-the-value-32.diff:This is part of XSA-443 / CVE-2023-34325
    0029-libfsimage-xfs-Sanity-check-the-superblock-during-mou.diff:This is part of XSA-443 / CVE-2023-34325
    0030-libfsimage-xfs-Add-compile-time-check-to-libfsimage.diff:This is part of XSA-443 / CVE-2023-34325
    0031-tools-pygrub-Remove-unnecessary-hypercall.diff:This is part of XSA-443 / CVE-2023-34325
    0032-tools-pygrub-Small-refactors.diff:This is part of XSA-443 / CVE-2023-34325
    0033-tools-pygrub-Open-the-output-files-earlier.diff:This is part of XSA-443 / CVE-2023-34325
    0034-tools-libfsimage-Export-a-new-function-to-preload-all.diff:This is part of XSA-443 / CVE-2023-34325
    0035-tools-pygrub-Deprivilege-pygrub.diff:This is part of XSA-443 / CVE-2023-34325
    0036-libxl-add-support-for-running-bootloader-in-restricte.diff:This is part of XSA-443 / CVE-2023-34325
    0037-libxl-limit-bootloader-execution-in-restricted-mode.diff:This is part of XSA-443 / CVE-2023-34325
  * XSA-444
    0038-x86-svm-Fix-asymmetry-with-AMD-DR-MASK-context-switch.diff:This is part of XSA-444 / CVE-2023-34327
    0039-x86-pv-Correct-the-auditing-of-guest-breakpoint-addre.diff:This is part of XSA-444 / CVE-2023-34328.

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 12 Oct 2023 13:01:06 -0700

xen (4.18~rc1-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ a8ab67cae01eca7bba
    Update Xen version to 4.18-rc-Fri 29 Sep 2023 01:09
  * initial build of rc1
  * d/control: add sphinx depends
  * qemuu: support pam

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 03 Oct 2023 13:01:12 -0700

xen (4.18~rc0-1+deb12u3.4) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 88a9501a848aade858a
    xen/pdx: Reorder pdx.[ch]-Fri 22 Sep 2023 10:26

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 22 Sep 2023 15:41:09 -0700

xen (4.18~rc0-1+deb12u3.3) bookworm; urgency=medium

  * Non-maintainer upload.
  * HEAD @ fb0ff49fe9f784bfe
    x86/shadow: defer releasing of PVs top-level shadow reference-Wed 20 Sep 2023 02:31
  * XSA-438
    0001-x86-shadow-defer-releasing-of-PV-s-top-level-shadow-r.diff: This is CVE-2023-34322 / XSA-438.
  * qemuu: pre-cache the subprojects into the tarball

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 20 Sep 2023 08:04:54 -0700

xen (4.18~rc0-1+deb12u3.2) bookworm; urgency=medium

  * Non-maintainer upload.
  * qemuu: v8.1.0 (stable)
    known to support IGD passthrough

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 18 Sep 2023 06:56:27 -0700

xen (4.18~rc0-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ 21ec0c42267be169be60
    xen/arm: Handle empty grant table region in find_unallocated_memory()-Tue 12 Sep 2023 06:29
  * proto build of 4.18~rc
  * qemuu: v8.0.50 (qemu-xen-staging, 8.0.4 had FTBFS)
  * firmware: patch, turn off debug during rc
    misc-0302-firmware-turn-off-debug-in-make.patch

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 16 Sep 2023 09:52:13 -0700

xen (4.17.2-1+deb12u3.1) bookworm; urgency=medium

  * HEAD @ d31e5b2a9c39816a9
    xen/arm: page: Handle cache flush of an element at the top of the address space-Tue 5 Sep 2023 05:33
  * initial build of 4.17.2, qemu-xen-8.0.5
  * XSA-437
    0029-xen-arm-page-Handle-cache-flush-of-an-element-at-the-.diff:This is CVE-2023-34321 / XSA-437.

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 11 Sep 2023 10:46:32 -0700

xen (4.17.1-1+deb12u3.1) bookworm; urgency=medium

  * initial build of 4.17.1, qemu-xen-8.0.5
  * d/control: new python3-venv depends

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 20 May 2023 19:01:33 -0700

xen (4.17.1-1+deb12u2.1) bookworm; urgency=medium

  * HEAD @ 0880df6f5f905bffc
    update Xen version to 4.17.1-Thu 27 Apr 2023 05:53
  * initial build of 4.17.1, qemu-xen-7.2
  * forward port from bullseye

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 07 May 2023 08:51:28 -0700

xen (4.17.1-1+deb11u2.1) bullseye; urgency=medium

  * HEAD @ 0880df6f5f905bffc
    update Xen version to 4.17.1-Thu 27 Apr 2023 05:53
  * initial build of 4.17.1, qemu-xen-7.2

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 29 Apr 2023 10:09:33 -0700

xen (4.17.0-1+deb11u2.7) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 7758cd57e002c509
    ns16550: correct name/value pair parsing for PCI port/bridge-Thu 30 Mar 2023 23:35

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 03 Apr 2023 15:16:15 -0700

xen (4.17.0-1+deb11u2.6) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 3eac216e6e60860bbc
    libacpi: fix PCI hotplug AML-Tue 21 Mar 2023 05:47
  * XSA-427
    0060-x86-shadow-account-for-log-dirty-mode-when-pre-alloca.diff:This is CVE-2022-42332 / XSA-427.
  * XSA-428
    0061-x86-HVM-bound-number-of-pinned-cache-attribute-region.diff:This is CVE-2022-42333 / part of XSA-428.
    0062-x86-HVM-serialize-pinned-cache-attribute-list-manipul.diff:This is CVE-2022-42334 / part of XSA-428.
  * XSA-429
    0063-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_ent.diff:This is XSA-429 / CVE-2022-42331

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 21 Mar 2023 10:47:39 -0700

xen (4.17.0-1+deb11u2.5) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ec5b058d2a6436a2e180
    x86/ucode/AMD: late load the patch on every logical thread-Thu 2 Mar 2023 23:03

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 04 Mar 2023 12:14:31 -0800

xen (4.17.0-1+deb11u2.4) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ aaf74a532c02017998
    automation: Remove clang-8 from Debian unstable container-Wed 22 Feb 2023 06:14

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 28 Feb 2023 14:55:40 -0800

xen (4.17.0-1+deb11u2.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2f8851c37f88e4eb
    Revert "tools/xenstore: simplify loop handling connection I/O"-Thu 26 Jan 2023 02:00
  * disable ddeb in d/rules.real

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 05 Feb 2023 10:13:48 -0800

xen (4.17.0-1+deb11u2.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD c4972a4272690384
    tools/oxenstored: Render backtraces more nicely in Syslog-Tue 20 Dec 2022 05:13

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 21 Dec 2022 16:34:09 -0800

xen (4.17.0-1+deb11u2.1) bullseye; urgency=medium

  * qemuu: v7.2
    drop the 7.1 backports
    patch: rebased to qemu-7.2
    misc-0402-qemu-xen-reserve-slot-2-for-intel-igd.patch
  * upgrade meson to 0.64 from bookworm

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 16 Dec 2022 11:50:56 -0800

xen (4.17.0-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 11560248ffda3f00f20b
    Use EfiACPIReclaimMemory for ESRT-Thu 8 Dec 2022 10:03
  * release 4.17 final, initial build

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 09 Dec 2022 14:37:59 -0800

xen (4.17~rc4-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 894a7786c8eb20568aa
    Turn off debug by default-Thu 1 Dec 2022 05:54
  * initial build rc4
  * XSA-422
    0010-x86-spec-ctrl-Enumeration-for-IBPB_RET.diff:This is part of XSA-422 / CVE-2022-23824.
    0011-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.diff:This is part of XSA-422 / CVE-2022-23824.
  * XSA-409
    0033-xen-Introduce-non-broken-hypercalls-for-the-paging-me.diff:This is part of XSA-409 / CVE-2022-33747.
    0034-tools-tests-Unit-test-for-paging-mempool-size.diff:This is part of XSA-409 / CVE-2022-33747.
    0035-xen-arm-libxl-Revert-XEN_DOMCTL_shadow_op-use-p2m-mem.diff:This is part of XSA-409 / CVE-2022-33747.
    0036-xen-arm-Correct-the-p2m-pool-size-calculations.diff:This is part of XSA-409 / CVE-2022-33747.

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 02 Dec 2022 08:41:09 -0800

xen (4.17~rc3-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 37f82facd62f72
    xen/sched: migrate timers to correct cpus after suspend-Fri 4 Nov 2022 01:03

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 05 Nov 2022 14:31:24 -0700

xen (4.17~rc3-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 2d9b3699136d20e35
    IOMMU/VT-d: wire common device reserved memory API-Thu 3 Nov 2022 01:12
  * initial release, rc3
  * d/patches: 
    rebase to rc3: debxen/tools-xenstore-prefix.diff

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 04 Nov 2022 14:30:11 -0700

xen (4.17~rc2-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2dd823ca7237e7f
    tools/xenstore: harden transaction finalization against errors-Tue 1 Nov 2022 06:05
  * XSA-412
    0019-x86-vmx-Revert-VMX-use-a-single-global-APIC-access-pa.diff:This is XSA-412 / CVE-2022-42327.
  * XSA-414
    0020-tools-xenstore-create_node-Don-t-defer-work-to-undo-a.diff:This is XSA-414 / CVE-2022-42309.
  * XSA-415
    0021-tools-xenstore-Fail-a-transaction-if-it-is-not-possib.diff:This is XSA-415 / CVE-2022-42310.
  * XSA-326
    0022-tools-xenstore-split-up-send_reply.diff:This is part of XSA-326.
    0023-tools-xenstore-add-helpers-to-free-struct-buffered_da.diff:This is part of XSA-326.
    0024-tools-xenstore-reduce-number-of-watch-events.diff:This is part of XSA-326.
    0025-tools-xenstore-let-unread-watch-events-time-out.diff:This is part of XSA-326 / CVE-2022-42311.
    0026-tools-xenstore-limit-outstanding-requests.diff:This is part of XSA-326 / CVE-2022-42312.
    0027-tools-xenstore-don-t-buffer-multiple-identical-watch-.diff:This is part of XSA-326.
    0028-tools-xenstore-fix-connection-id-usage.diff:This is part of XSA-326.
    0029-tools-xenstore-simplify-and-fix-per-domain-node-accou.diff:This is part of XSA-326 / CVE-2022-42313.
    0030-tools-xenstore-limit-max-number-of-nodes-accessed-in-.diff:This is part of XSA-326 / CVE-2022-42314.
    0031-tools-xenstore-move-the-call-of-setup_structure-to-do.diff:This is part of XSA-326.
    0032-tools-xenstore-add-infrastructure-to-keep-track-of-pe.diff:This is part of XSA-326.
    0033-tools-xenstore-add-memory-accounting-for-responses.diff:This is part of XSA-326 / CVE-2022-42315.
    0034-tools-xenstore-add-memory-accounting-for-watches.diff:This is part of XSA-326 / CVE-2022-42315.
    0035-tools-xenstore-add-memory-accounting-for-nodes.diff:This is part of XSA-326 / CVE-2022-42315.
    0036-tools-xenstore-add-exports-for-quota-variables.diff:This is part of XSA-326.
    0037-tools-xenstore-add-control-command-for-setting-and-sh.diff:This is part of XSA-326.
    0038-tools-ocaml-xenstored-Synchronise-defaults-with-oxens.diff:This is part of XSA-326 / CVE-2022-42316.
    0039-tools-ocaml-xenstored-Check-for-maxrequests-before-pe.diff:This is part of XSA-326 / CVE-2022-42317.
    0040-tools-ocaml-GC-parameter-tuning.diff:This is part of XSA-326.
    0041-tools-ocaml-Change-Xb.input-to-return-Packet.t-option.diff:This is part of XSA-326.
    0042-tools-ocaml-xb-Add-BoundedQueue.diff:This is part of XSA-326.
    0043-tools-ocaml-Limit-maximum-in-flight-requests-outstand.diff:This is part of XSA-326 / CVE-2022-42318.
    0044-SUPPORT.md-clarify-support-of-untrusted-driver-domain.diff:This is part of XSA-326.
  * XSA-416
    0045-tools-xenstore-don-t-use-conn-in-as-context-for-tempo.diff:This is XSA-416 / CVE-2022-42319.
  * XSA-417
    0046-tools-xenstore-fix-checking-node-permissions.diff:This is XSA-417 / CVE-2022-42320.
  * XSA-418
    0047-tools-xenstore-remove-recursion-from-construct_node.diff:This is part of XSA-418 / CVE-2022-42321.
    0048-tools-xenstore-don-t-let-remove_child_entry-call-corr.diff:This is part of XSA-418 / CVE-2022-42321.
    0049-tools-xenstore-add-generic-treewalk-function.diff:This is part of XSA-418 / CVE-2022-42321.
    0050-tools-xenstore-simplify-check_store.diff:This is part of XSA-418 / CVE-2022-42321.
    0051-tools-xenstore-use-treewalk-for-check_store.diff:This is part of XSA-418 / CVE-2022-42321.
    0052-tools-xenstore-use-treewalk-for-deleting-nodes.diff:This is part of XSA-418 / CVE-2022-42321.
    0053-tools-xenstore-use-treewalk-for-creating-node-records.diff:This is part of XSA-418 / CVE-2022-42321.
  * XSA-419
    0054-tools-xenstore-remove-nodes-owned-by-destroyed-domain.diff:This is part of XSA-419 / CVE-2022-42322.
    0055-tools-xenstore-make-the-internal-memory-data-base-the.diff:This is part of XSA-419.
    0056-docs-enhance-xenstore.txt-with-permissions-descriptio.diff:This is part of XSA-419.
    0057-tools-ocaml-xenstored-Fix-quota-bypass-on-domain-shut.diff:This is part of XSA-419 / CVE-2022-42323.
  * XSA-420
    0058-tools-ocaml-Ensure-packet-size-is-never-negative.diff:This is XSA-420 / CVE-2022-42324.
  * XSA-421
    0059-tools-xenstore-fix-deleting-node-in-transaction.diff:This is part of XSA-421 / CVE-2022-42325.
    0060-tools-xenstore-harden-transaction-finalization-agains.diff:This is part of XSA-421 / CVE-2022-42326.

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 01 Nov 2022 07:47:09 -0700

xen (4.17~rc2-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 1d7fbc535d1d37bd
    x86/pv-shim: correct ballooning down for compat guests-Fri 28 Oct 2022 06:49
  * vga passthrough fix to qemuu (Chuck Zmudzinski):
    0401-xen-pass-through-merge-emulated-bits-correctly.diff
    reserve-slot-2-igd.patch	    

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 31 Oct 2022 17:08:19 -0700

xen (4.17~rc2-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 73c62927f64ecb48f27
    xen/sched: fix race in RTDS scheduler-Fri 21 Oct 2022 03:32
  * initial release of rc2

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 29 Oct 2022 10:06:47 -0700

xen (4.17~rc1-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * add lib version prefix
    supports multiarch, multilib
    use PACKAGE_VERSION, exported from xen/configure

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 21 Oct 2022 09:48:13 -0700

xen (4.17~rc1-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 448d28309f1a9
    VMX: correct error handling in vmx_create_vmcs()-Wed 12 Oct 2022 08:57
  * XSA-410
    0001-xen-arm-p2m-Prevent-adding-mapping-when-domain-is-dyi.diff:This is part of CVE-2022-33746 / XSA-410.
    0002-xen-arm-p2m-Handle-preemption-when-freeing-intermedia.diff:This is part of CVE-2022-33746 / XSA-410.
    0003-x86-p2m-add-option-to-skip-root-pagetable-removal-in-.diff:This is part of CVE-2022-33746 / XSA-410.
    0004-x86-HAP-adjust-monitor-table-related-error-handling.diff:This is part of CVE-2022-33746 / XSA-410.
    0005-x86-shadow-tolerate-failure-of-sh_set_toplevel_shadow.diff:This is part of CVE-2022-33746 / XSA-410.
    0006-x86-shadow-tolerate-failure-in-shadow_prealloc.diff:This is part of CVE-2022-33746 / XSA-410.
    0007-x86-p2m-refuse-new-allocations-for-dying-domains.diff:This is part of CVE-2022-33746 / XSA-410.
    0008-x86-p2m-truly-free-paging-pool-memory-for-dying-domai.diff:This is part of CVE-2022-33746 / XSA-410.
    0009-x86-p2m-free-the-paging-memory-pool-preemptively.diff:This is part of CVE-2022-33746 / XSA-410.
    0010-xen-x86-p2m-Add-preemption-in-p2m_teardown.diff:This is part of CVE-2022-33746 / XSA-410.
  * XSA-409
    0011-libxl-docs-Add-per-arch-extra-default-paging-memory.diff:This is part of CVE-2022-33747 / XSA-409.
    0012-xen-arm-Construct-the-P2M-pages-pool-for-guests.diff:This is part of CVE-2022-33747 / XSA-409.
    0013-xen-arm-libxl-Implement-XEN_DOMCTL_shadow_op-for-Arm.diff:This is part of CVE-2022-33747 / XSA-409.
    0014-xen-arm-Allocate-and-free-P2M-pages-from-the-P2M-pool.diff:This is part of CVE-2022-33747 / XSA-409.
  * XSA-411
    0015-gnttab-correct-locking-on-transitive-grant-copy-error.diff:This is CVE-2022-33748 / XSA-411.

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 13 Oct 2022 10:52:52 -0700

xen (4.17~rc1-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 9029bc265cdf2bd63
    Update Xen version to 4.17-rc-Fri, 7 Oct 2022 06:30
  * initial build

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 10 Oct 2022 07:46:39 -0700

xen (4.16.2-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ cea5ed49bb5716698a
    update Xen version to 4.16.2-Thu 18 Aug 2022 04:47
  * initial release
  * qemuu: v7.0.0 from qemu-xen staging

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 22 Aug 2022 15:43:16 -0700

xen (4.16.1-1+deb11u1.6) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2abe83f9d91e6411b
    PCI: simplify (and thus correct) pci_get_pdev{,_by_domain}()-Mon 15 Aug 2022 06:36
  * new package qemuu-uncom, /usr/bin/qemu-keymap
  * XSA-403
    0061-tools-libxl-env-variable-to-signal-whether-disk-nic-b.diff

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 18 Aug 2022 08:19:42 -0700

xen (4.16.1-1+deb11u1.5) bullseye; urgency=medium

  * Non-maintainer upload.
  * qemuu: v7.0.0 from qemu-xen staging
  * egl-helpers.h needed for dbus_display
    https://gitlab.com/qemu-project/qemu/-/issues/1108
    https://www.mail-archive.com/qemu-devel@nongnu.org/msg902247.html
  * backports from upstream to fix dbus-display FTBFS: 
    1106-move-opengl-to-meson.diff
    1107-meson-configure-move-RDMA-options-to-meson.diff
    1108-meson-configure-move-libgio-test-to-meson.diff
    1109-audio-dbus-fix-building.diff
    1110-ui-dbus-display-requires-CONFIG_GBM.diff

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 15 Aug 2022 12:12:22 -0700

xen (4.16.1-1+deb11u1.4) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ d77bb6e5375f19c
    common/memory: Fix ifdefs for ptdom_max_order-Wed 27 Jul 2022 00:22
  * XSA-408
    0052-x86-mm-correct-TLB-flush-condition-in-_get_page_type.diff:This is CVE-2022-33745 / XSA-408

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 27 Jul 2022 08:55:16 -0700

xen (4.16.1-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload
  * HEAD @ 0a5387a01165b46c8
    x86/spec-ctrl: Mitigate Branch Type Confusion when possible-Tue 12 Jul 2022 08:25
  * XSA-401
    0022-x86-pv-Clean-up-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362.
    0023-x86-pv-Fix-ABAC-cmpxchg-race-in-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362.
  * XSA-402
    0024-x86-page-Introduce-_PAGE_-constants-for-memory-types.diff:This is part of XSA-402.
    0025-x86-Don-t-change-the-cacheability-of-the-directmap.diff:This is CVE-2022-26363, part of XSA-402.
    0026-x86-Split-cache_flush-out-of-cache_writeback.diff:This is part of XSA-402.
    0027-x86-amd-Work-around-CLFLUSH-ordering-on-older-parts.diff:This is part of XSA-402.
    0028-x86-pv-Track-and-flush-non-coherent-mappings-of-RAM.diff:This is CVE-2022-26364, part of XSA-402.
  * XSA-404
    0030-x86-spec-ctrl-Make-VERW-flushing-runtime-conditional.diff:This is part of XSA-404.
    0031-x86-spec-ctrl-Enumeration-for-MMIO-Stale-Data-control.diff:This is part of XSA-404.
    0032-x86-spec-ctrl-Add-spec-ctrl-unpriv-mmio.diff:This is part of XSA-404.
  * XSA-407
    0044-x86-spec-ctrl-Rework-spec_ctrl_flags-context-switchin.diff:This is part of XSA-407.
    0045-x86-spec-ctrl-Rename-SCF_ist_wrmsr-to-SCF_ist_sc_msr.diff:This is part of XSA-407.
    0047-x86-spec-ctrl-Rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.diff:This is part of XSA-407.
    0048-x86-spec-ctrl-Support-IBPB-on-entry.diff:This is part of XSA-407.
    0049-x86-cpuid-Enumeration-for-BTC_NO.diff:This is part of XSA-407.
    0050-x86-spec-ctrl-Enable-Zen2-chickenbit.diff:This is part of XSA-407.
    0051-x86-spec-ctrl-Mitigate-Branch-Type-Confusion-when-pos.diff:This is part of XSA-407 / CVE-2022-23825.
 
 -- Mark Pryor <pryorm09@gmail.com>  Tue, 12 Jul 2022 15:40:29 -0700

xen (4.16.1-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 8e11ec8fbf6f933f
    PCI: dont allow "pci-phantom=" to mark real devices as phantom functions-Tue 7 Jun 2022 05:08

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 08 Jun 2022 12:28:43 -0700

xen (4.16.1-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ f26544492298cb82
    update Xen version to 4.16.1-Tue 12 Apr 2022 05:21
  * XSA-397
    0090-x86-hap-do-not-switch-on-log-dirty-for-VRAM-tracking.diff:This is CVE-2022-26356 / XSA-397.
  * XSA-399
    0091-VT-d-correct-ordering-of-operations-in-cleanup_domid_.diff:This is CVE-2022-26357 / XSA-399.
  * XSA-400
    0092-VT-d-fix-de-assign-ordering-when-RMRRs-are-in-use.diff:This is CVE-2022-26358 / part of XSA-400.
    0096-VT-d-re-assign-devices-directly.diff:This is CVE-2022-26359 / part of XSA-400.
    0097-AMD-IOMMU-re-assign-devices-directly.diff:This is CVE-2022-26360 / part of XSA-400.
    0103-IOMMU-x86-use-per-device-page-tables-for-quarantining.diff:This is CVE-2022-26361 / part of XSA-400

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 13 Apr 2022 17:57:12 -0700

xen (4.16.0-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 4dcddbba664cc91
    livepatch: resolve old address before function verification-Mon 28 Mar 2022 04:49
  * XSA-398
    0052-xen-arm-Introduce-new-Arm-processors.diff:This is part of XSA-398 / CVE-2022-23960.
    0053-xen-arm-move-errata-CSV2-check-earlier.diff:This is part of XSA-398 / CVE-2022-23960.
    0054-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.diff:This is part of XSA-398 / CVE-2022-23960.
    0055-xen-arm-Add-Spectre-BHB-handling.diff:This is part of XSA-398 / CVE-2022-23960.
    0056-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKAROU.diff:This is part of XSA-398 / CVE-2022-23960.
    0057-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.diff:This is part of XSA-398 / CVE-2021-26401.

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 28 Mar 2022 09:39:55 -0700

xen (4.16.0-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2d8eade97343e99c
    x86/spec-ctrl: Support Intel PSFD for guests-Tue 8 Feb 2022 10:01
  * qemuu: v6.1.1 from staging-4.16
  * XSA-393
    0014-xen-arm-p2m-Always-clear-the-P2M-entry-when-the-mappi.diff:This is CVE-2022-23033 / XSA-393.
  * XSA-394
    0015-xen-grant-table-Only-decrement-the-refcounter-when-gr.diff:This is CVE-2022-23034 / XSA-394.
  * XSA-395
    0016-passthrough-x86-stop-pirq-iteration-immediately-in-ca.diff:This is CVE-2022-23035 / XSA-395.

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 11 Feb 2022 08:40:51 -0800

xen (4.16.0-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ b0b4661fa3cba99
    xen/Makefile: Set 4.16 version-Tue 30 Nov 2021 03:42
  * final release
  * libxenstore4.0 is new

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 01 Dec 2021 08:34:55 -0800

xen (4.16~rc4-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ 59505f48fabed
    Turn off debug by default-Tue 23 Nov 2021 08:43
  * 4.16 rc4 initial build

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 28 Nov 2021 18:07:05 -0800

xen (4.15.1-1+deb11u1.4) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 544e547a63175ac6
    x86/P2M: deal with partial success of p2m_set_entry()-Tue 23 Nov 2021 04:26
  * XSA-385
    0033-xen-page_alloc-Harden-assign_pages.diff:This is CVE-2021-28706 / part of XSA-385.
  * XSA-388
    0034-x86-PoD-deal-with-misaligned-GFNs.diff:This is CVE-2021-28704 and CVE-2021-28707 / part of XSA-388.
    0035-x86-PoD-handle-intermediate-page-orders-in-p2m_pod_ca.diff:This is CVE-2021-28708 / part of XSA-388.
  * XSA-389
    0036-x86-P2M-deal-with-partial-success-of-p2m_set_entry.diff:This is CVE-2021-28705 and CVE-2021-28709 / XSA-389.
  * XSA-390
    VT-d-fix-reduced-page-table-levels-support-when-shari.diff:This is CVE-2021-28710 / XSA-390.

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 24 Nov 2021 09:08:32 -0800

xen (4.15.1-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ f50ef17c9884c0c2d48
    x86/PV32: fix physdev_op_compat handling-Fri 15 Oct 2021 02:06
  * qemu-xen: upgrade to 6.1.0 from staging
    add build-dep: python3-sphinx-rtd-theme sphinx-rtd-theme-common
  * rebuild for bullseye 11.1

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 30 Oct 2021 09:33:49 -0700

xen (4.15.1-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 3b98d9f35a9edd
    VT-d: fix deassign of device with RMRR-Tue 5 Oct 2021 11:49
  * XSA-386
    VT-d: fix deassign of device with RMRR. This is CVE-2021-28702 / XSA-386

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 06 Oct 2021 13:07:32 -0700

xen (4.15.1-1+deb11u1.1) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 84fa99099b920f7b
    update Xen version to 4.15.1-Fri 10 Sep 2021 00:03
  * qemu-xen-6* included
  * XSA-384
    0100-gnttab-deal-with-status-frame-mapping-race.diff.This is CVE-2021-28701 / XSA-384.
  * initial release

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 21 Sep 2021 07:52:36 -0700

xen (4.15.0-1+deb11u1.7) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 91bb9e9b0c0e2af
    tools/firmware/ovmf: Use OvmfXen platform file is exist-Wed 25 Aug 2021 06:29
  * XSA-378
    0073-AMD-IOMMU-correct-global-exclusion-range-extending.diff:This is part of XSA-378 / CVE-2021-28695.
    0074-AMD-IOMMU-correct-device-unity-map-handling.diff:This is part of XSA-378 / CVE-2021-28695.
    0075-IOMMU-also-pass-p2m_access_t-to-p2m_get_iommu_flags.diff:This is part of XSA-378.
    0076-IOMMU-generalize-VT-d-s-tracking-of-mapped-RMRR-regio.diff:This is part of XSA-378.
    0077-AMD-IOMMU-re-arrange-complete-re-assignment-handling.diff:This is CVE-2021-28696 / part of XSA-378.
    0078-AMD-IOMMU-re-arrange-exclusion-range-and-unity-map-re.diff:This is part of XSA-378.
    0079-x86-p2m-introduce-p2m_is_special.diff:This is part of XSA-378.
    0080-x86-p2m-guard-in-particular-identity-mapping-entries.diff:This is CVE-2021-28694 / part of XSA-378.
  * XSA-379
    0081-x86-mm-widen-locked-region-in-xenmem_add_to_physmap_o.diff:This is CVE-2021-28697 / XSA-379.
  * XSA-380
    0082-gnttab-add-preemption-check-to-gnttab_release_mapping.diff:This is part of CVE-2021-28698 / XSA-380.
    0083-gnttab-replace-mapkind.diff:This is part of CVE-2021-28698 / XSA-380.
  * XSA-382
    0084-gnttab-fix-array-capacity-check-in-gnttab_get_status_.diff:This is CVE-2021-28699 / XSA-382.
  * XSA-383
    0085-xen-arm-Restrict-the-amount-of-memory-that-dom0less-d.diff:This is CVE-2021-28700 / XSA-383.
  * qemu-xen: upgrade to v6.0.0 from staging

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 28 Aug 2021 14:31:37 -0700

xen (4.15.0-1+deb11u1.6) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 6bbdcefd205903b2181b
    libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl-Thu 19 Aug 2021 09:46

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 21 Aug 2021 10:18:12 -0700

xen (4.15.0-1+deb11u1.5) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ dba774896f7dd7477
    xen/arm: bootfdt: Always sort memory banks-Fri 16 Jul 2021 13:08

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 27 Jul 2021 08:43:28 -0700

xen (4.15.0-1+deb11u1.4) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ec457ac2a29279e8cd
    x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL-Thu 17 Jun 2021 06:36
  * document XSA-370
    0011-SUPPORT.md-Document-speculative-attacks-status-of-non.diff:This documents, but does not fix, XSA-370.
  * XSA-372
    0021-xen-arm-Create-dom0less-domUs-earlier.diff:This is part of XSA-372 / CVE-2021-28693.
    0022-xen-arm-Boot-modules-should-always-be-scrubbed-if-boo.diff:This is part of XSA-372 / CVE-2021-28693.
  * XSA-373
    0023-VT-d-size-qinval-queue-dynamically.diff:This is part of XSA-373 / CVE-2021-28692.
    0024-AMD-IOMMU-size-command-buffer-dynamically.diff:This is part of XSA-373 / CVE-2021-28692.
    0025-VT-d-eliminate-flush-related-timeouts.diff:This is part of XSA-373 / CVE-2021-28692.
    0028-AMD-IOMMU-wait-for-command-slot-to-be-available.diff:This is part of XSA-373 / CVE-2021-28692.
    0029-AMD-IOMMU-drop-command-completion-timeout.diff:This is part of XSA-373 / CVE-2021-28692.
  * XSA-375
    0026-x86-spec-ctrl-Protect-against-Speculative-Code-Store-.diff:This is XSA-375 / CVE-2021-0089.
  * XSA-377
    0027-x86-spec-ctrl-Mitigate-TAA-after-S3-resume.diff:This is XSA-377 / CVE-2021-28690.

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 11 Jul 2021 16:36:18 -0700

xen (4.15.0-1+deb11u1.3) bullseye; urgency=medium

  * Non-maintainer upload.
  * enable pvshim
  * xsm/flask hypervisor: merge into tools

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 29 May 2021 11:59:01 -0700

xen (4.15.0-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ eb1f325186be9e02c3
    x86/hpet: Dont enable legacy replacement mode unconditionally-Tue 20 Apr 2021 02:59

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 26 Apr 2021 15:35:02 -0700

xen (4.15.0-1+deb11u1.1) bullseye; urgency=medium

  * HEAD @ e25aa9939ae0cd8
    README, Makefile: Prep for release-Tue 6 Apr 2021 10:14
  * d/control: new depends on libzstd-dev
  * d/libxenstore3.0.symbols: Base -> VERS_3.0.3 
  * XSA-360
    0009-x86-dpci-do-not-remove-pirqs-from-domain-tree-on-unbi.diff:This is XSA-360
  * XSA-364
    0010-xen-page_alloc-Only-flush-the-page-to-RAM-once-we-kno.diff:This is XSA-364.
  * XSA-368
    0033-libxl-Fix-domain-soft-reset-state-handling.diff:This is XSA-368.
  * pygrub: clean up sys.path

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 17 Apr 2021 13:27:37 -0700

xen (4.14.1-1+deb11u1.1) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ad844aa352559a8b1
    update Xen version to 4.14.1-Thu Dec 17 2020 08:47
  * new minor release, initial build
  * d/control: remove dh-systemd depends
  * XSA-355
    0081-memory-fix-off-by-one-in-XSA-346-change.diff:This is XSA-355.
  * XSA-353
    0089-tools-ocaml-xenstored-do-permission-checks-on-xenstor.diff:This is XSA-353.
  * XSA-115
    0090-tools-xenstore-allow-removing-child-of-a-node-exceedi.diff:This is part of XSA-115.
    0091-tools-xenstore-ignore-transaction-id-for-un-watch.diff:This is part of XSA-115.
    0092-tools-xenstore-fix-node-accounting-after-failed-node-.diff:This is part of XSA-115.
    0093-tools-xenstore-simplify-and-rename-check_event_node.diff:This is part of XSA-115.
    0094-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTRO.diff:This is part of XSA-115.
    0095-tools-xenstore-rework-node-removal.diff:This is part of XSA-115.
    0096-tools-xenstore-fire-watches-only-when-removing-a-spec.diff:This is part of XSA-115.
    0097-tools-xenstore-introduce-node_perms-structure.diff:This is part of XSA-115.
    0098-tools-xenstore-allow-special-watches-for-privileged-c.diff:This is part of XSA-115.
    0099-tools-xenstore-avoid-watch-events-for-nodes-without-a.diff:This is part of XSA-115.
    0100-tools-ocaml-xenstored-ignore-transaction-id-for-un-wa.diff:This is part of XSA-115.
    0101-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMAI.diff:This is part of XSA-115.
    0102-tools-ocaml-xenstored-unify-watch-firing.diff:This is part of XSA-115.
    0103-tools-ocaml-xenstored-introduce-permissions-for-speci.diff:This is part of XSA-115.
    0104-tools-ocaml-xenstored-avoid-watch-events-for-nodes-wi.diff:This is part of XSA-115.
    0105-tools-ocaml-xenstored-add-xenstored.conf-flag-to-turn.diff:This is part of XSA-115.
  * XSA-322
    0106-tools-xenstore-revoke-access-rights-for-removed-domai.diff:This is part of XSA-322.
    0107-tools-ocaml-xenstored-clean-up-permissions-for-dead-d.diff:This is part of XSA-322.
  * XSA-323
    0108-tools-ocaml-xenstored-Fix-path-length-validation.diff:This is part of XSA-323.
  * XSA-324
    0109-tools-xenstore-drop-watch-event-messages-exceeding-ma.diff:This is XSA-324.
  * XSA-325
    0110-tools-xenstore-Preserve-bad-client-until-they-are-des.diff:This is XSA-325.
  * XSA-330
    0111-tools-ocaml-xenstored-delete-watch-from-trie-too-when.diff:This is XSA-330.
  * XSA-352
    0112-tools-ocaml-xenstored-only-Dom0-can-change-node-owner.diff:This is XSA-352.
  * XSA-348
    0115-x86-avoid-calling-svm-vmx-_do_resume.diff:This is XSA-348 / CVE-2020-29566.
  * XSA-356
    0116-x86-irq-fix-infinite-loop-in-irq_move_cleanup_interru.diff:This is XSA-356 / CVE-2020-29567.
  * XSA-358
    0117-evtchn-FIFO-re-order-and-synchronize-with-map_control.diff:This is XSA-358 / CVE-2020-29570.
  * XSA-359
    0118-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from_.diff:This is XSA-359 / CVE-2020-29571.

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 15 Jan 2021 13:59:52 -0800

xen (4.14.0-1+deb11u1.2) bullseye; urgency=medium

  * Non-maintainer upload.
  * HEAD @ d101b417b784a26
    x86/msr: Disallow guest access to the RAPL MSRs-Tue 10 Nov 2020 09:43
  * XSA-286
    xen4e-0059-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XPT.diff:This is (not really) XSA-286
    xen4e-0060-x86-pv-Flush-TLB-in-response-to-paging-structure-chan.diff:This is XSA-286.
  * XSA-351
    xen4e-0078-xen-arm-Always-trap-AMU-system-registers.diff:This is part of XSA-351 (or XSA-93 re-born).
    xen4e-0080-x86-msr-Disallow-guest-access-to-the-RAPL-MSRs.diff:This is part of XSA-351.
  * d/control: tag python3-sphinx as noqemu

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 15 Nov 2020 06:53:38 -0800

xen (4.14.0-1+deb11u1.1) bullseye; urgency=medium

  * Non-maintainer upload.
  * initial build, forward port from buster
  * HEAD @ 7b1e587f25c2dda38
    hvmloader: flip "ACPI data" to "ACPI NVS" type for ACPI table region-Tue 20 Oct 2020 05:46
  * gcc10 fixes:
    xen4e-0100-tool-libs-light-Fix-libxenlight-gcc-warning.diff
    xen4e-0101-tools-xenpmd-Fix-gcc10-snprintf-warning.diff
    xen4e-0102-gcc10-fixes.diff
  * XSA-345
    xen4e-0039-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-singl.diff
    xen4e-0040-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit-.diff
    xen4e-0041-x86-mm-Prevent-some-races-in-hypervisor-mapping-updat.diff
  * XSA-346
    xen4e-0042-IOMMU-suppress-iommu_dont_flush_iotlb-when-about-to-f.diff
    xen4e-0043-IOMMU-hold-page-ref-until-after-deferred-TLB-flush.diff
  * XSA-347
    xen4e-0044-AMD-IOMMU-convert-amd_iommu_pte-from-struct-to-union.diff
    xen4e-0045-AMD-IOMMU-update-live-PTEs-atomically.diff
    xen4e-0046-AMD-IOMMU-ensure-suitable-ordering-of-DTE-modificatio.diff

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 23 Oct 2020 12:40:32 -0700

xen (4.14.0-1+deb10u1.4) buster; urgency=medium

  * Non-maintainer upload.
  * d/control: introduce noqemu build profile
    qemuu & qemut are built with restriction <!noqemu>
    add our profile to templates

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 07 Oct 2020 16:01:08 -0700

xen (4.14.0-1+deb10u1.3) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ c93b520a41f2787d
    evtchn/Flask: pre-allocate node on send path-Fri 2 Oct 2020 03:34
  * XSA-333
    0021-x86-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-corr.diff:This is XSA-333.
  * XSA-334
    0022-xen-memory-Don-t-skip-the-RCU-unlock-path-in-acquire_.diff:This is XSA-334.
  * XSA-336
    0023-x86-vpt-fix-race-when-migrating-timers-between-vCPUs.diff:This is XSA-336.
  * XSA-337
    0024-x86-msi-get-rid-of-read_msi_msg.diff:This is part of XSA-337.
    0025-x86-MSI-X-restrict-reading-of-table-PBA-bases-from-BA.diff:This is part of XSA-337.
  * XSA-338
    0026-evtchn-relax-port_is_valid.diff:This is XSA-338.
  * XSA-339
    0027-x86-pv-Avoid-double-exception-injection.diff:This is XSA-339
  * XSA-340
    0028-xen-evtchn-Add-missing-barriers-when-accessing-alloca.diff:This is XSA-340.
  * XSA-342
    0029-evtchn-x86-enforce-correct-upper-limit-for-32-bit-gue.diff:This is XSA-342.
  * XSA-343
    0030-evtchn-evtchn_reset-shouldn-t-succeed-with-still-open.diff:This is part of XSA-343.
    0031-evtchn-convert-per-channel-lock-to-be-IRQ-safe.diff:This is part of XSA-343.
    0032-evtchn-address-races-with-evtchn_reset.diff:This is part of XSA-343.
  * XSA-344
    0033-evtchn-arrange-for-preemption-in-evtchn_destroy.diff:This is part of XSA-344.
    0034-evtchn-arrange-for-preemption-in-evtchn_reset.diff:This is part of XSA-344.

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 03 Oct 2020 13:05:25 -0700

xen (4.14.0-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 28855ebcdbfa43
    xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout()-Mon 14 Sep 2020 17:20

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 19 Sep 2020 15:43:13 -0700

xen (4.14.0-1+deb10u1.1) buster; urgency=medium

  * initial release
  * HEAD @ 456957aaa1391e
    README, Makefile: Xen 4.14.0 release-Thu 23 Jul 2020 08:07

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 23 Jul 2020 11:36:22 -0700

xen (4.14~rc6-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * XSA-328
    0015-x86-EPT-ept_set_middle_entry-related-adjustments.diff:This is part of XSA-328.
    0016-x86-ept-atomically-modify-entries-in-ept_next_level.diff:This is part of XSA-328.
  * XSA-321
    0017-vtd-improve-IOMMU-TLB-flush.diff:This is part of XSA-321.
    0018-vtd-prune-and-rename-cache-flush-functions.diff:This is part of XSA-321.
    0019-x86-iommu-introduce-a-cache-sync-hook.diff:This is part of XSA-321.
    0020-vtd-don-t-assume-addresses-are-aligned-in-sync_cache.diff:This is part of XSA-321.
    0021-x86-alternative-introduce-alternative_2.diff:This is part of XSA-321.
    0022-vtd-optimize-CPU-cache-sync.diff:This is part of XSA-321.
    0023-x86-ept-flush-cache-when-modifying-PTEs-and-sharing-p.diff:This is part of XSA-321.
  * XSA-327
    0024-xen-Check-the-alignment-of-the-offset-pased-via-VCPUO.diff:This is XSA-327.

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 15 Jul 2020 10:03:41 -0700

xen (4.14~rc3-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ f97f99c8d88ebc108f
    x86emul: fix FXRSTOR test for most AMD CPUs-Mon 6 Jul 2020 11:12
  * same as rc5

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 06 Jul 2020 19:08:38 -0700

xen (4.14~rc3-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ fde76f895d0aa817
    tools: Commit flex (2.6.4) & bison (3.3.2) output from Debian buster-Fri 19 Jun 2020 08:20
  * initial build xen-4.14~rc3

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 28 Jun 2020 08:01:01 -0700

xen (4.14~rc1-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 2995d0afdf2d3fb44d0
    x86/passthrough: introduce a flag for GSIs not requiring an EOI or unmask-Thu 11 Jun 2020 10:14
  * XSA-320
    xen4e-0013-x86-spec-ctrl-CPUID-MSR-definitions-for-Special-Regis.diff
    xen4e-0014-x86-spec-ctrl-Mitigate-the-Special-Register-Buffer-Da.diff
    xen4e-0016-x86-spec-ctrl-Update-docs-with-SRBDS-workaround.diff:

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 12 Jun 2020 11:24:13 -0700

xen (4.14~rc1-1+deb10u1.1) buster; urgency=medium

  * HEAD @ 726c78d14dfe6ec76
    Version changes for 4.14.0-rc-Mon 8 Jun 2020 15:18
  * initial build
  * new: libxenhypfs to libxen-4.14
  * install-utils_amd64: libs from here in qemuu build

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 09 Jun 2020 12:32:43 -0700

xen (4.13.1-1+deb10u1.1) buster; urgency=medium

  * HEAD @ 6278553325a9f76d
    update Xen version to 4.13.1-Thu 14 May 2020 05:19

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 19 May 2020 17:53:14 -0700

xen (4.13.0-1+deb10u1.6) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 181614a71070ee1
    AMD/IOMMU: fix off-by-one in amd_iommu_get_paging_mode() callers-Thu 9 Apr 2020 00:26

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 11 Apr 2020 15:34:22 -0700

xen (4.13.0-1+deb10u1.5) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ d3f3e447676667ef30b
    x86/msr: Virtualise MSR_PLATFORM_ID properly-Thu 5 Mar 2020 02:07
  * d/control: removed glusterfs-common depends
  * lowlevel/xc: patch to support python 3.8
    misc-0503-lowlevel-xc-fix-function-calls-py38.diff

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 15 Mar 2020 10:21:11 -0700

xen (4.13.0-1+deb10u1.4) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 721f2c323ca55c77
    x86: clear per cpu stub page information in cpu_smpboot_free-Wed 15 Jan 2020 05:24
  * XSA-312
    0004-xen-arm-Place-a-speculation-barrier-sequence-followin.diff

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 21 Jan 2020 11:11:18 -0800

xen (4.13.0-1+deb10u1.3) buster; urgency=medium

  * Non-maintainer upload.
  * using single tarball, no auxiliary tarballs

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 07 Jan 2020 09:49:43 -0800

xen (4.13.0-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * d/rules.real: new rules to build 2 hypervisors, default and XSM/flask 
    shorten hypervisor buildroot names, build-hypervisor -> bld-hyp
    qemut: add ipxe-qemu to build-depends

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 27 Dec 2019 17:43:07 -0800

xen (4.13.0-1+deb10u1.1) buster; urgency=medium

  * HEAD @ a2e84d8e42c9e878f
    4.13.0: Update xen/Makefile XEN_EXTRAVERSION-Tue 17 Dec 2019 06:23
  * initial release
  * d/control: new package qemut, provides (qemu-dm)
    source tarball: xen_4.13.0.orig-qemut.tar.xz
    enable sdl, d/control: libsdl1.2debian, libsdl1.2-dev

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 18 Dec 2019 09:18:31 -0800

xen (4.13~rc4-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ecd3e34ff88b4a
    x86/svm: Fix handling of EFLAGS.RF on task switch-Wed 11 Dec 2019 09:10
  * virtual rc5 equivalent
  * XSA-307
    x86-Arm32-make-find_next_-zero_-bit-have-well-defined.diff:This is XSA-307.
  * XSA-308
    x86-vtx-Work-around-SingleStep-STI-MovSS-VMEntry-fail.diff:This is XSA-308
  * XSA-309
    x86-mm-Don-t-reset-linear_pt_count-on-partial-validat.diff:This is XSA-309.
  * XSA-310
    x86-mm-Set-old_guest_table-when-destroying-vcpu-paget.diff:This is part of XSA-310.
    x86-mm-alloc-free_lN_table-Retain-partial_flags-on-EI.diff:This is part of XSA-310.
    x86-mm-relinquish_memory-Grab-an-extra-type-ref-when-.diff:This is part of XSA-310.
  * XSA-311
    AMD-IOMMU-Cease-using-a-dynamic-height-for-the-IOMMU-.diff:This is XSA-311.

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 16 Dec 2019 08:58:06 -0800

xen (4.13~rc4-1+deb10u1.1) buster; urgency=medium

  * HEAD @ 8ba357fc326c9e
    x86/psr: fix bug which may cause crash-Mon 2 Dec 2019 07:19
  * lz4: 0101-lz4-refine-commit-9143a6c55ef7-for-the-64-bit-case.diff
    support direct kernel boot of LZ compressed kernel in ub20.04
  * turn-off debug

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 04 Dec 2019 18:37:40 -0800

xen (4.13~rc3-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 72580a8d3c7ac708
    x86/microcode: refuse to load the same revision ucode-Wed 27 Nov 2019 04:53
  * XSA-306
    xen4d-0005-IOMMU-default-to-always-quarantining-PCI-devices.diff

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 27 Nov 2019 13:08:46 -0800

xen (4.13~rc2-1+deb10u1.1) buster; urgency=medium

  * HEAD @ 8c4330818f6ee
    x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel-Tue 12 Nov 2019 09:12
  * XSA-296
    xen-hypercall-Don-t-use-BUG-for-parameter-checking-in.diff
  * XSA-298
    x86-PV-check-GDT-LDT-limits-during-emulation.diff:This is XSA-298.
  * XSA-299
    x86-mm-L1TF-checks-don-t-leave-a-partial-entry.diff:This is part of XSA-299.
    x86-mm-Don-t-re-set-PGT_pinned-on-a-partially-de-vali.diff:This is part of XSA-299.
    x86-mm-Separate-out-partial_pte-tristate-into-individ.diff:This is part of XSA-299.
    x86-mm-Use-flags-for-_put_page_type-rather-than-a-boo.diff:This is part of XSA-299.
    x86-mm-Rework-get_page_and_type_from_mfn-conditional.diff:This is part of XSA-299.
    x86-mm-Have-alloc_l-23-_table-clear-partial_flags-whe.diff:This is part of XSA-299.
    x86-mm-Always-retain-a-general-ref-on-partial.diff:This is part of XSA-299.
    x86-mm-Properly-handle-linear-pagetable-promotion-fai.diff:This is part of XSA-299.
    x86-mm-Fix-nested-de-validation-on-error.diff:This is part of XSA-299.
    x86-mm-Don-t-drop-a-type-ref-unless-you-held-a-ref-to.diff:This is part of XSA-299.
  * XSA-301
    xen-arm-p2m-Avoid-aliasing-guest-physical-frame.diff:This is part of XSA-301.
    xen-arm-p2m-Avoid-off-by-one-check-on-p2m-max_mapped_.diff:This is part of XSA-301.
    xen-arm-p2m-Don-t-check-the-return-of-p2m_get_root_po.diff:This is part of XSA-301.
  * XSA-302
    passthrough-quarantine-PCI-devices.diff
  * XSA-303
    xen-arm32-entry-Split-__DEFINE_ENTRY_TRAP-in-two.diff:This is part of XSA-303.
    xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro-.diff:This is part of XSA-303.
    xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303.
    xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303.
  * XSA-304
    xen4d-0012-x86-vtd-Hide-superpage-support-for-SandyBridge-IOMMUs.diff
    xen4d-0013-x86-vtx-Disable-executable-EPT-superpages-to-work-aro.diff
  * XSA-305
    xen4d-0015-x86-tsx-Introduce-tsx-to-use-MSR_TSX_CTRL-when-availa.diff
    xen4d-0016-x86-spec-ctrl-Mitigate-the-TSX-Asynchronous-Abort-sid.diff
  * qemuu: v4.1.0-2+deb10u1.1

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 15 Nov 2019 11:07:08 -0800

xen (4.13~rc1-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ dfcccc663157c638d
    efi: use directmap to access runtime services table-Fri 25 Oct 2019 08:50
  * firmware: misc-0302-firmware-turn-off-debug-in-make.patch

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 27 Oct 2019 10:59:40 -0700

xen (4.13~rc1-1+deb10u1.1) buster; urgency=medium

  * HEAD @ 518c935fac4d30b3
    Prep for 4.13.0-rc1: Set version to -rc-Mon 14 Oct 2019 03:31
  * initial released rc
  * tarball is renamed, recompressed, and carries qemu-xen
    no separate tarball for qemu

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 14 Oct 2019 11:13:19 -0700

xen (4.13~rc0-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * proto rc
  * HEAD @ 4fc32c22c0588a
    iommu/arm: Remove arch_iommu_populate_page_table completely-Wed 9 Oct 2019 08:34
  * blktap2 removed
  * qemuu: v4.1.0-1+deb10u1.1

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 11 Oct 2019 11:31:42 -0700

xen (4.12.1-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 599d6d23cbb790a788
    ioreq: fix hvm_all_ioreq_servers_add_vcpu fail path cleanup-Mon 23 Sep 2019 05:26
  * new libs.mk,56dccee3f: prep for this going into xen-4.13
    xen4c-0604-add-a-lib-prefix-for-all-but-toolcore.diff
  * backports from staging:
    xen4c-0221-sched-don-t-let-XEN_RUNSTATE_UPDATE-leak-into-vcpu_ru.diff
    xen4c-0203-libxl-9pfs-has-a-QEMU-backend.diff

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 06 Oct 2019 13:44:12 -0700

xen (4.12.1-1+deb10u1.1) buster; urgency=medium

  * HEAD @ ba62d9e360f830ed2
    update Xen version to 4.12.1-Fri 9 Aug 2019 03:44
  * initial release
  * qemuu: v3.0.1-2+deb10u1.1
  * backports from staging:
    0002-x86-ept-pass-correct-level-to-p2m_entry_modify.diff
    0003-libxl-9pfs-has-a-QEMU-backend.diff
    0004-xen-sched-fix-memory-leak-in-credit2.diff

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 16 Aug 2019 12:12:54 -0700

xen (4.12.0-1+deb10u1.7) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ e5122c6c4a413e5
    x86/ctxt-switch: Document and improve GDT handling-Fri 19 Jul 2019 07:14
  * backports and enhancements from staging (11)

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 21 Jul 2019 09:43:08 -0700

xen (4.12.0-1+deb10u1.6) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 7f2df4b62214645d
    x86/msi: fix loop termination condition in pci_msi_conf_write_intercept-Fri 5 Jul 2019 01:25
  * rebuild for Buster release
  * qemuu:
    qemuu-0201-xen_disk-fix-file-locking-in-emulation-and-migration.diff
  * configure: limit linux_backend_modules to those used in Buster 

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 12 Jul 2019 12:32:37 -0700

xen (4.12.0-1+deb10u1.5) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ f41dbf33e7129846a0
    xen/arm: grant-table: Protect gnttab_clear_flag against guest misbehavior-Fri 14 Jun 2019 06:32
  * XSA-295
    0046-xen-arm-Add-an-isb-before-reading-CNTPCT_EL0-to-preve.diff:This is part of XSA-295.
    0047-xen-grant_table-Rework-the-prototype-of-_set_status-f.diff:This is part of XSA-295.
    0048-xen-arm64-bitops-Rewrite-bitop-helpers-in-C.diff:This is part of XSA-295.
    0049-xen-arm32-bitops-Rewrite-bitop-helpers-in-C.diff:This is part of XSA-295.
    0050-xen-arm-bitops-Consolidate-prototypes-in-one-place.diff:This is part of XSA-295.
    0051-xen-arm64-cmpxchg-Simplify-the-cmpxchg-implementation.diff:This is part of XSA-295.
    0052-xen-arm32-cmpxchg-Simplify-the-cmpxchg-implementation.diff:This is part of XSA-295.
    0053-xen-arm-bitops-Implement-a-new-set-of-helpers-that-ca.diff:This is part of XSA-295.
    0054-xen-arm-cmpxchg-Provide-a-new-helper-that-can-timeout.diff:This is part of XSA-295.
    0055-xen-arm-Turn-on-SILO-mode-by-default-on-Arm.diff:This is part of XSA-295.
    0056-xen-bitops-Provide-helpers-to-safely-modify-guest-mem.diff:This is part of XSA-295.
    0057-xen-cmpxchg-Provide-helper-to-safely-modify-guest-mem.diff:This is part of XSA-295.
    0058-xen-Use-guest-atomics-helpers-when-modifying-atomical.diff:This is part of XSA-295.
    0059-xen-arm-Add-performance-counters-in-guest-atomic-help.diff:This is part of XSA-295.
    0060-xen-arm-grant-table-Protect-gnttab_clear_flag-against.diff:This is part of XSA-295.
  * xen/xsm/flask/Makefile: use python2 for gen-policy.py

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 15 Jun 2019 14:45:12 -0700

xen (4.12.0-1+deb10u1.4) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 967627141b33
    libacpi: report PCI slots as enabled only for hotpluggable devices-Tue 4 Jun 2019 06:40

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 05 Jun 2019 11:08:19 -0700

xen (4.12.0-1+deb10u1.3) buster; urgency=medium
  * test python3 patches
  * d/rules.real: export python3 path
  * d/control: xen-utils-common depends python3

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 16 May 2019 11:52:19 -0700

xen (4.12.0-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 4ed6c8b95c80a6
    x86: fix build race when generating temporary object files-Wed 15 May 2019 00:42
  * XSA-297
    xen4c-0018-x86-spec-ctrl-CPUID-MSR-definitions-for-Microarchitec.diff
    xen4c-0019-x86-spec-ctrl-Infrastructure-to-use-VERW-to-flush-pip.diff
    xen4c-0020-x86-spec-ctrl-Introduce-options-to-control-VERW-flush.diff

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 15 May 2019 09:52:19 -0700

xen (4.12.0-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 997d6248a9ae932d0db
    README, xen/Makefile: Set version to 4.12.0-Mon 1 Apr 2019 04:03

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 12 Apr 2019 15:36:29 -0700

xen (4.12~rc3-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 365aabb6e5023ce
    tools/libxendevicemodel: add xendevicemodel_modified_memory_bulk to map-Fri 15 Feb 2019 05:42
  * hypervisor: disable debug in kconfig

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 18 Feb 2019 16:11:57 -0800

xen (4.12~rc1-1~bpo9+1.3) stable; urgency=medium

  * Non-maintainer upload.
  * revert all commits to tools/{libfsimage,pygrub}

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 29 Jan 2019 10:56:18 -0800

xen (4.12~rc1-1~bpo9+1.2) stable; urgency=medium

  * Non-maintainer upload.
  * libxentoolcore1: new package, split out of libxenstore3.0 to preserve ABI compatibility with qemuu_3.1

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 20 Jan 2019 13:09:59 -0800

xen (4.12~rc1-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * initial release: 4.12~rc1
  * d/rules.real,install-libxen: libxenstat.so.4.12 libxenfsimage.so.4.12 libtoolcore.so.1
    no ABI correction

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 19 Jan 2019 11:45:32 -0800

xen (4.11.1-1~bpo9+1.2) stable; urgency=medium

  * Non-maintainer upload.
  * d/rules.real: moved to qemu-3.1
  * qemu: v3.1.0-1~bpo9+1.1
  * bios/rom blobs: imported from qemu-xen staging (qemu-3.0)

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 11 Jan 2019 16:41:35 -0800

xen (4.11.1-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 96cbd0893f78399
    update Xen version to 4.11.1-Thu 29 Nov 2018 06:04
  * initial release xen-4.11.1
  * XSA-282
    x86-extend-get_platform_badpages-interface.diff:This is part of XSA-282.
    x86-work-around-HLE-host-lockup-erratum.diff:This is part of XSA-282.
  * XSA-275
    amd-iommu-fix-flush-checks.diff:This is part of XSA-275.
    AMD-IOMMU-suppress-PTE-merging-after-initial-table-cr.diff:This is part of XSA-275.
  * XSA-276
    x86-hvm-ioreq-fix-page-referencing.diff:This is part of XSA-276.
  * XSA-277
    x86-mm-Put-the-gfn-on-all-paths-after-get_gfn_query.diff:This is XSA-277.
  * XSA-279
    x86-mm-Don-t-perform-flush-after-failing-to-update-a-.diff:This is XSA-279.
  * XSA-280
    x86-shadow-move-OOS-flag-bit-positions.diff:This is part of XSA-280.
    x86-shadow-shrink-struct-page_info-s-shadow_flags-to-.diff:This is part of XSA-280.
  * libxen-dev: add xentoolcore.h

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 10 Jan 2019 08:20:56 -0800

xen (4.11.0-1~bpo9+1.5) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ ff9f8730a993b0ffa
    x86: work around HLE host lockup erratum-Wed 7 Nov 2018 00:42
  * XSA-278
    xen4b-0072-x86-extend-get_platform_badpages-interface.diff:This is part of XSA-282.
    xen4b-0073-x86-work-around-HLE-host-lockup-erratum.diff

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 08 Nov 2018 08:50:59 -0800

xen (4.11.0-1~bpo9+1.4) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 0719a5ff7ee0fc5d
    x86: assorted array_index_nospec() insertions-Fri 14 Sep 2018 04:05
  * xen-utils-4.11 install error: move flask tools into a versioned path

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 02 Oct 2018 15:27:44 -0700

xen (4.11.0-1~bpo9+1.3) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 733450b39b83d7891dd
    x86: write to correct variable in parse_pv_l1tf-Wed 15 Aug 2018 05:20
  * XSA-268
    xen4b-0030-ARM-disable-grant-table-v2.diff:This is XSA-268.
  * XSA-269
    xen4b-0031-x86-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBU.diff:This is XSA-269.
  * XSA-272
    xen4b-0032-tools-oxenstored-Make-evaluation-order-explicit.diff:This is XSA-272.
  * XSA-273
    xen4b-0033-x86-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-m.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0034-x86-spec-ctrl-Introduce-an-option-to-control-L1TF-mit.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0035-x86-shadow-Infrastructure-to-force-a-PV-guest-into-sh.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0036-x86-mm-Plumbing-to-allow-any-PTE-update-to-fail-with-.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0037-x86-pv-Force-a-guest-into-shadow-mode-when-it-writes-.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0038-x86-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.diff:This is part of XSA-273 / CVE-2018-3646.
    xen4b-0039-x86-msr-Virtualise-MSR_FLUSH_CMD-for-guests.diff:This is part of XSA-273 / CVE-2018-3646.
    xen4b-0040-x86-spec-ctrl-Introduce-an-option-to-control-L1D_FLUS.diff:This is part of XSA-273 / CVE-2018-3620.
    xen4b-0041-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigat.diff:This is part of XSA-273.
    xen4b-0042-xl.conf-Add-global-affinity-masks.diff:This is part of XSA-273 / CVE-2018-3646.

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 17 Aug 2018 11:11:10 -0700

xen (4.11.0-1~bpo9+1.2) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 33ced725e11af4e
    x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware-Mon 30 Jul 2018 02:30
  * 17 patches from stable-4.11

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 01 Aug 2018 10:03:19 -0700

xen (4.11.0-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 1eb6544a567e3e5133fa
    SUPPORT.md: Support lifetime for 4.11-Mon 9 Jul 2018 06:47
  * xen-4.11 final

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 27 Jul 2018 13:12:50 -0700

xen (4.11~rc7-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * reset to the latest rc
  
 -- Mark Pryor <pryorm09@gmail.com>  Fri, 06 Jul 2018 08:49:09 -0700

xen (4.11~rc6-1~bpo9+1.1) stable; urgency=medium

  * Non-maintainer upload.
  * backport from buster
  * HEAD @ eb17ff9ce6a99a8761d3f
    x86: guard against #NM-Thu 28 Jun 2018 00:39

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 29 Jun 2018 12:05:28 -0700

xen (4.11~rc6-1+deb10u1.3) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ eb17ff9ce6a99a8761d3f
    x86: guard against #NM-Thu 28 Jun 2018 00:39
  * XSA-264
    xen4b-0021-x86-mm-don-t-bypass-preemption-checks.diff
  * XSA-265
    xen4b-0022-x86-Refine-checks-in-DB-handler-for-faulting-conditio.diff
  * XSA-266
    xen4b-0023-libxl-qemu_disk_scsi_drive_string-Break-out-common-pa.diff
    xen4b-0024-libxl-restore-passing-readonly-to-qemu-for-SCSI-disks.diff
  * rebase d/xen_4.11_amd64.config (xen/.config)

 -- Mark Pryor <pryorm09@gmail.com>  Thu, 28 Jun 2018 12:42:53 -0700

xen (4.11~rc6-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * XSA-267
    xen4b-0010-x86-Support-fully-eager-FPU-context-switching.diff
    xen4b-0011-x86-spec-ctrl-Mitigations-for-LazyFPU.diff
  * HEAD @ b4cf1d608bb7d7
    x86/EFI: further correct FPU state handling around runtime calls-Tue 26 Jun 2018 06:26
  * qemuu: include module ui/keycodemapdb (or FTBFS)

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 26 Jun 2018 10:00:54 -0700

xen (4.11~rc6-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * initial release
  * HEAD @ 06f542f8f2e446c01
    x86/CPUID: dont override tool stack decision to hide STIBP-Tue 29 May 2018 03:39

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 25 Jun 2018 22:13:47 -0700

xen (4.10.1-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * new minor version, 4.10.1
  * HEAD @ eeb15764adbfe44e
    x86/HVM: account for fully eager FPU mode in emulation-Fri 15 Jun 2018 04:43
  * XSA-258
    libxl: Specify format of inserted cdrom
  * XSA-259
    x86: fix slow int80 path after XPTI additions
  * XSA-260
    xen4a-0001-x86-traps-Fix-dr6-handing-in-DB-handler.diff: CVE-2018-8897.
    xen4a-0002-x86-pv-Move-exception-injection-into-compat_-test_all.diff: CVE-2018-8897.
    xen4a-0003-x86-traps-Use-an-Interrupt-Stack-Table-for-DB.diff: CVE-2018-8897.
    xen4a-0004-x86-traps-Fix-handling-of-DB-exceptions-in-hypervisor.diff: CVE-2018-8897.
  * XSA-261
    xen4a-0005-x86-vpt-add-support-for-IO-APIC-routed-interrupts.diff
  * XSA-262
    xen4a-0006-x86-HVM-guard-against-emulator-driving-ioreq-state-in.diff
  * XSA-263
  - http://xenbits.xen.org/xsa/xsa263-4.10/
    xen4a-0023-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.diff
    xen4a-0024-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-v.diff
    xen4a-0025-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec_.diff
    xen4a-0026-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATIV.diff
    xen4a-0027-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid-.diff
    xen4a-0028-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-co.diff
    xen4a-0029-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-HV.diff
    xen4a-0030-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_C.diff
    xen4a-0031-x86-cpuid-Improvements-to-guest-policies-for-speculat.diff
    xen4a-0032-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line-.diff
    xen4a-0033-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-Byp.diff
    xen4a-0034-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-B.diff
    xen4a-0035-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-u.diff
  * XSA-267
    xen4a-0048-x86-Support-fully-eager-FPU-context-switching.diff
    xen4a-0049-x86-spec-ctrl-Mitigations-for-LazyFPU.diff

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 20 Jun 2018 14:17:22 -0700

xen (4.10.0-1+deb10u1.8) buster; urgency=medium

  * Non-maintainer upload.
  * binary rebuild, no change

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 15 May 2018 16:09:43 -0700

xen (4.10.0-1+deb10u1.7) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ b6a6458b13dc6f
    xen/arm: Flush TLBs before turning on the MMU to avoid stale entries-Fri 2 Mar 2018 16:28

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 14 Apr 2018 12:30:03 -0700

xen (4.10.0-1+deb10u1.6) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ a6780c122b863d
    x86/hvm: Disallow the creation of HVM domains without Local APIC emulation-Tue 27 Feb 2018 05:19
  * XSA-252
    xen4a-0069-memory-don-t-implicitly-unpin-for-decrease-reservatio.diff
  * XSA-255
    xen4a-0070-gnttab-ARM-don-t-corrupt-shared-GFN-array.diff.
    xen4a-0071-gnttab-don-t-blindly-free-status-pages-upon-version-c.diff
  * XSA-256
    xen4a-0072-x86-hvm-Disallow-the-creation-of-HVM-domains-without-.diff

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 14 Mar 2018 11:37:52 -0700

xen (4.10.0-1+deb10u1.5) buster; urgency=medium

  * Non-maintainer upload.
  * activate debian/control rule: add featureset none to d/arch/defines

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 17 Feb 2018 12:55:13 -0800

xen (4.10.0-1+deb10u1.4) testing; urgency=medium

  * Non-maintainer upload.
  * built in buster
  * HEAD @ 3921128fcb350131
    xen/arm: vsmc: Dont implement function IDs that dont exist-Thu 8 Feb 2018 16:25
  * qemuu: point only to subdir-install-qemu-xen-dir rule
  * qemuu: clear CFLAGS on cmdline
  * rules.real: removed STAMP_DIR/install-hypervisor (no longer staging this)
  * XSA-254
    xen4a-0017-x86-entry-Remove-support-for-partial-cpu_user_regs-fr.diff
    xen4a-0022-xen-arm-Introduce-enable-callback-to-enable-a-capabil.diff
    xen4a-0023-xen-arm64-Add-missing-MIDR-values-for-Cortex-A72-A73-.diff
    xen4a-0024-xen-arm-cpuerrata-Add-MIDR_ALL_VERSIONS.diff
    xen4a-0025-xen-arm64-Add-skeleton-to-harden-the-branch-predictor.diff
    xen4a-0026-xen-arm64-Implement-branch-predictor-hardening-for-af.diff
    xen4a-0017-x86-entry-Remove-support-for-partial-cpu_user_regs-fr.diff
    xen4a-0022-xen-arm-Introduce-enable-callback-to-enable-a-capabil.diff
    xen4a-0023-xen-arm64-Add-missing-MIDR-values-for-Cortex-A72-A73-.diff
    xen4a-0024-xen-arm-cpuerrata-Add-MIDR_ALL_VERSIONS.diff
    xen4a-0025-xen-arm64-Add-skeleton-to-harden-the-branch-predictor.diff
    xen4a-0026-xen-arm64-Implement-branch-predictor-hardening-for-af.diff
    xen4a-0029-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY_-macros.diff
    xen4a-0030-xen-arm32-Add-missing-MIDR-values-for-Cortex-A17-and-.diff
    xen4a-0031-xen-arm32-entry-Add-missing-trap_reset-entry.diff
    xen4a-0032-xen-arm32-Add-skeleton-to-harden-branch-predictor-ali.diff
    xen4a-0033-xen-arm32-Invalidate-BTB-on-guest-exit-for-Cortex-A17.diff
    xen4a-0040-x86-entry-Rearrange-RESTORE_ALL-to-restore-register-i.diff
    xen4a-0041-x86-hvm-Use-SAVE_ALL-to-construct-the-cpu_user_regs-f.diff
    xen4a-0042-x86-entry-Erase-guest-GPR-state-on-entry-to-Xen.diff
    xen4a-0044-x86-Support-compiling-with-indirect-branch-thunks.diff
    xen4a-0045-x86-Support-indirect-thunks-from-assembly-code.diff
    xen4a-0046-x86-boot-Report-details-of-speculative-mitigations.diff
    xen4a-0047-x86-amd-Try-to-set-lfence-as-being-Dispatch-Serialisi.diff
    xen4a-0048-x86-Introduce-alternative-indirect-thunks.diff
    xen4a-0049-x86-feature-Definitions-for-Indirect-Branch-Controls.diff
    xen4a-0050-x86-cmdline-Introduce-a-command-line-option-to-disabl.diff

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 16 Feb 2018 15:32:28 -0800

xen (4.10.0-1+deb10u1.3) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 3921128fcb3501318f523
    xen/arm: vsmc: Dont implement function IDs that dont exist-Thu 8 Feb 2018 16:25
  * qemuu: upgrade to qemu-2.11	
    sourced in *orig-qemuu211.tar.xz taken from a qemu-xen.git (staging) snapshot v2.11.0
    /usr/bin/q-s-i386 symlinked and set as system-qemu
    removed lzo compression, --enable-xen-pci-passthrough
    disable-libiscsi, enable-linux-user
  * Config.mk: set qemu-xen commit to 2b033e396f4fa0981bae

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 10 Feb 2018 11:52:40 -0800

xen (4.10.0-1+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * add libxentoolcore symbols to d/libxenstore3.symbols
  * d/rules.real: 
    qemuu build conditional on filetest of qemuu/VERSION
    install-hypervisor* now in d/stamps

 -- Mark Pryor <pryorm09@gmail.com>  Tue, 16 Jan 2018 14:55:14 -0800

xen (4.10.0-1+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * initial release (Closes:#765432)
  * move sources to xen-4.10.0
  * libxenstore3.0 has depends on libxentoolcore*.so*
  * all ABI/prefix patches taken from knorrie git repo: https://github.com/knorrie/debian-xen/
  * removed d/libxenstore3.0.symbols

 -- Mark Pryor <pryorm09@gmail.com>  Mon, 08 Jan 2018 19:11:59 -0800

xen (4.9.1-2+deb10u1.2) buster; urgency=medium

  * Non-maintainer upload.
  * HEAD @ d6fe1860285bd
    x86/vmx: Don-t use hvm_inject_hw_exception() in long_mode_do_msr_write()-Wed 20 Dec 2017 06:59
  * 18 patches from staging-4.9
  * XSA-212 followup
    improve-XENMEM_add_to_physmap_batch-address-checking
  * /usr/lib/xen-4.9/bin/qemu-system-i386 -version -> QEMU emulator version 2.10.1

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 03 Jan 2018 10:36:44 -0800

xen (4.9.1-2+deb10u1.1) buster; urgency=medium

  * Non-maintainer upload.
  * qemu-xen build in tools/
    sourced in *orig-qemuu.tar.xz taken from a qemu-xen.git (staging-4.10) snapshot v2.10.1
  * rules: new targets
    build folders: install-qemuu
    stamps: build-qemuu, install-qemuu
    qemuu package: version decoupled from xen at 2.10+deb10u1.1
  * HEAD @ 32e364c4e72157
    x86/paging: don-t unconditionally BUG() on finding SHARED_M2P_ENTRY-Tue 12 Dec 2017 05:40
  * XSA 240 (2)
    x86-don-t-wrongly-trigger-linear-page-table-assertion.diff:This is part of XSA-240.
  * XSA-246
    x86-pod-prevent-infinite-loop-when-shattering-large-p.diff:This is XSA-246.
  * XSA-247
    p2m-Always-check-to-see-if-removing-a-p2m-entry-actua.diff:This is part of XSA-247.
    p2m-Check-return-value-of-p2m_set_entry-when-decreasi.diff:This is part of XSA-247.
  * XSA 248
    x86-mm-don-t-wrongly-set-page-ownership.diff:This is XSA-248.
  * XSA 249
    x86-shadow-fix-refcount-overflow-check.diff:This is XSA-249.
  * XSA 250
    x86-shadow-fix-ref-counting-error-handling.diff:This is XSA-250.
  * XSA 251
    x86-paging-don-t-unconditionally-BUG-on-finding-SHARE.diff:This is XSA-251.
 
 -- Mark Pryor <pryorm09@gmail.com>  Wed, 20 Dec 2017 14:10:33 -0800

xen (4.9.1-1+deb10u1.0) buster; urgency=medium

  * HEAD @ ae34ab8c5d2e977f
    update Xen version to 4.9.1-Mon 20 Nov 2017 06:59
  * rebase to 4.9.1

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 22 Nov 2017 09:33:24 -0800

xen (4.9.0-1+deb10u2.1) buster; urgency=medium

  * Non-maintainer upload.
  * initial build for buster (Closes:#8765432)
  * HEAD @ d6ce860bbdf9dbdc
    x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap-Thu 16 Nov 2017 02:47
  * XSA-240
    xen49-0075-x86-don-t-wrongly-trigger-linear-page-table-assertion.diff:This is part of XSA-240.
  * XSA-243
    xen49-0076-x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh_.diff:The fix for XSA-243 / CVE-2017-15592 (c/s bf2b4eadcf379) introduced a change

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 17 Nov 2017 21:05:35 -0800

xen (4.9.0-1+deb9u2.4) stretch; urgency=medium

  * Non-maintainer upload.
  * HEAD @ 1b6df9d821481ba4e2
    VMX: PLATFORM_INFO MSR is r/o-Tue 24 Oct 2017 07:17
  * [ CVE-2017-15597 / XSA-236 ]
    gnttab-fix-pin-count-page-reference-race
  * 15 patches from staging-4.9

 -- Mark Pryor <pryorm09@gmail.com>  Wed, 25 Oct 2017 08:56:47 -0700

xen (4.9.0-1+deb9u2.3) stretch; urgency=medium

  * HEAD @ de38e28cc2cc62e6e
    x86/cpu: Fix IST handling during PCPU bringup-Thu 12 Oct 2017 06:08
  * 14 patches from staging-4.9
  * XSA-245
    xen-page_alloc-Cover-memory-unreserved-after-boot-in-.diff
    xen-arm-Correctly-report-the-memory-region-in-the-dum.diff
  * XSA-237
    x86-don-t-allow-MSI-pIRQ-mapping-on-unowned-device.diff
    x86-enforce-proper-privilege-when-un-mapping-pIRQ-s.diff
    x86-MSI-disallow-redundant-enabling.diff
    x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-ma.diff
    x86-FLASK-fix-unmap-domain-IRQ-XSM-hook.diff
  * XSA-238
    x86-ioreq-server-correctly-handle-bogus-XEN_DMOP_-un-.diff
  * XSA-239
    x86-HVM-prefill-partially-used-variable-on-emulation-.diff
  * XSA-240
    x86-limit-linear-page-table-use-to-a-single-level.diff
  * XSA-241
    x86-don-t-store-possibly-stale-TLB-flush-time-stamp.diff
  * XSA-242
    x86-don-t-allow-page_unlock-to-drop-the-last-type-ref.diff
  * XSA-243
    x86-shadow-Don-t-create-self-linear-shadow-mappings-f.diff
  * XSA-244
    x86-cpu-Fix-IST-handling-during-PCPU-bringup.diff

 -- Mark Pryor <pryorm09@gmail.com>  Fri, 13 Oct 2017 12:54:58 -0700

xen (4.9.0-1+deb9u2.2) stretch; urgency=medium

  * enable systemd units from upstream (xen-utils-common)
  * added ipxe.tar.gz to include-binaries in delta
  * docs: PANDOC is null
  * patch/series: remove version.diff from series
  * fixed: tools-xenstore-prefix.diff
  * HEAD @ 1cdcb36701fd22aec
    xen/arm: Correctly report the memory region in the dummy NUMA helpers-Fri 6 Oct 2017 05:59
  * 11 patches from staging-4.9

 -- Mark Pryor <pryorm09@gmail.com>  Sat, 07 Oct 2017 07:27:36 -0700

xen (4.9.0-1+deb9u2.1) stretch; urgency=medium

  * Non-maintainer upload.
  * removed xsa226.patch (only part of xsa226) and added all three from staging-4.9
  * XSA-226 (complete)
    gnttab-don-t-use-possibly-unbounded-tail-calls
    gnttab-fix-transitive-grant-handling
    gnttab: fix: dont use possibly unbounded tail calls
  * HEAD @ 36898eb12572f0a
    gnttab: also validate PTE permissions upon destroy/replace-Tue 12 Sep 2017 06:07
  * XSA-231
    xen-mm-make-sure-node-is-less-than-MAX_NUMNODES
  * XSA-232
    grant_table-fix-GNTTABOP_cache_flush-handling
  * XSA-233
    tools-xenstore-dont-unlink-connection-object-twice.diff
  * XSA-234
    gnttab-also-validate-PTE-permissions-upon-destroy-rep

 -- Mark Pryor <pryorm09@gmail.com>  Sun, 01 Oct 2017 13:37:41 -0700

xen (4.9.0-0ubuntu2) artful; urgency=medium

  * Add libxendevicemodel references to d/libxen-dev.install

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 18 Aug 2017 17:22:20 +0200

xen (4.9.0-0ubuntu1) artful; urgency=medium

  * Update to upstream 4.9.0 release.
    Changes include numerous bugfixes, including security fixes for:
    XSA-213 / CVE-2017-8903
    XSA-214 / CVE-2017-8904
    XSA-217 / CVE-2017-10912
    XSA-218 / CVE-2017-10913, CVE-2017-10914
    XSA-219 / CVE-2017-10915
    XSA-220 / CVE-2017-10916
    XSA-221 / CVE-2017-10917
    XSA-222 / CVE-2017-10918
    XSA-223 / CVE-2017-10919
    XSA-224 / CVE-2017-10920, CVE-2017-10921, CVE-2017-10922
    XSA-225 / CVE-2017-10923
  * Additional CVE's:
    - XSA-226 / CVE-2017-12135
    - XSA-227 / CVE-2017-12137
    - XSA-228 / CVE-2017-12136
    - XSA-230 / CVE-2017-12855
  * Additional fixes:
    - debian/rules.real:
      - Add a call to build common tool headers
      - Add a call to install common tool headers
    - Add checking of return values of asprintf calls.
      - d/p/ubuntu/tools-xs-test-hardening.patch
    - Add additional modifications for new libxendevicemodel
      - d/p/ubuntu/tools-libs-abiname.diff
    - Fix a segmentation fault when mmio_hole is set in hvm.cfg (from 4.9.y)
      - d/p/upstream-4.9.1-tools-libxl-Fix-a-segment-fault-when-mmio_hole...
    - Enable Local MCE feature
      - d/p/.../0001-x86-mce-make-mce-barriers-private-to-their-users.patch
      - d/p/.../0002-x86-mce-make-found_error-and-mce_fatal_cpus-private-.patch
      - d/p/.../0003-x86-mce-fix-comment-of-struct-mc_telem_cpu_ctl.patch
      - d/p/.../0004-x86-mce-allow-mce_barrier_-enter-exit-to-return-with.patch
      - d/p/.../0005-x86-mce-handle-host-LMCE.patch
      - d/p/.../0006-x86-mce_intel-detect-and-enable-LMCE-on-Intel-host.patch
      - d/p/.../0007-x86-domctl-generalize-the-restore-of-vMCE-parameters.patch
      - d/p/.../0008-x86-vmce-emulate-MSR_IA32_MCG_EXT_CTL.patch
      - d/p/.../0009-x86-vmce-enable-injecting-LMCE-to-guest-on-Intel-hos.patch
      - d/p/.../0010-x86-vmx-expose-LMCE-feature-via-guest-MSR_IA32_FEATU.patch
      - d/p/.../0011-x86-vmce-tools-libxl-expose-LMCE-capability-in-guest.patch
      - d/p/.../0012-x86-mce-add-support-of-vLMCE-injection-to-XEN_MC_inj.patch
    - Re-introduce (fake) xs_restrict call to keep libxenstore version at
      3.0 for now.
      - d/p/ubuntu/tools-fake-xs-restrict.patch
    - debian/libxenstore3.0.symbols:
      - Added xs_control_command
    - xen-4.9.0/debian/xen-hypervisor-4.9.xen.cfg:
      - Modified GRUB_DEFAULT setting to be dynamic (like update-grub does)
        which should handle non English environments (LP: #1321144)

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 17 Aug 2017 11:37:11 +0200

xen (4.8.1-1+deb9u1) unstable; urgency=medium

  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660).  (Xen 4.7 and later is not affected by XSA-215.)

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 02 May 2017 12:19:57 +0100

xen (4.8.1-1) unstable; urgency=high

  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228   Closes:#859560
      XSA-207 / no cve yet      Closes:#856229
      XSA-206 / no cve yet      no Debian bug

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 18 Apr 2017 18:05:00 +0100

xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium

  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Mon, 23 Jan 2017 16:03:31 +0000

xen (4.8.0-1ubuntu2) zesty; urgency=medium

  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Mar 2017 09:27:04 +0100

xen (4.8.0-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Add transitional package definitions to debian/control and
      debian/rules.gen (force hypervisor upgrade).
    - Split xen.init into xenstored.init and xen.init
      * xen.init depends in xenstored.init and optionally schedules itself
        before libvirtd.
      * xenstored.init additionally modprobes xen-acpi-processor
    - Remove update-alternatives call from xen utils (postinst/prerm) scripts.
    - Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
      debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Jan 2017 12:40:13 +0100

xen (4.8.0-1) unstable; urgency=high

  * Update to upstream Xen 4.8.0.
    Includes the following security fixes:
        XSA-201   CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
        XSA-198   CVE-2016-9379 CVE-2016-9380
        XSA-196   CVE-2016-9378 CVE-2016-9377   Closes:#845669
        XSA-195   CVE-2016-9383
        XSA-194   CVE-2016-9384                 Closes:#845667
        XSA-193   CVE-2016-9385
        XSA-192   CVE-2016-9382
        XSA-191   CVE-2016-9386
    Includes other bugfixes too:
        Closes:#812166, Closes:#818525.

  Cherry picks from upstream:
  * Security fixes:
        XSA-204   CVE-2016-10013                 Closes:#848713
        XSA-203   CVE-2016-10025
        XSA-202   CVE-2016-10024
    For completeness, the following XSAs do not apply here:
        XSA-197   CVE-2016-9381      Bug is in qemu
        XSA-199   CVE-2016-9637      Bug is in qemu
        XSA-200   CVE-2016-9932      Xen 4.8 is not affected
  * Cherry pick a build failure fix:
      "x86/emul: add likely()/unlikely() to test harness"

  [ Ian Jackson ]
  * Drop -lcrypto search from upstream configure, and from our
    Build-Depends.  Closes:#844419.
  * Change my own email address to my work (Citrix) address.  When
    uploading, I will swap hats to effectively sponsor my own upload.

  [ Ian Campbell ]
  * Start a qemu process in dom0 to service the toolstacks loopback disk
    attaches. (Closes: #770456)
  * Remove correct pidfile when stopping xenconsoled.
  * Check that xenstored has actually started before talking to it.
    Incorporate a timeout so as not to block boot (Mitigates #737613)
  * Correct syntax error in xen-init-list when running with xend
    (Closes: #763102)
  * Apply SELinux labels to directories created by initscripts. Patch from
    Russell Coker. (Closes: #764912)
  * Include a reportbug control file to redirect bugs to src:xen for
    packages which contain the Xen version in the name.  Closes:#796370.

  [ Lubomir Host ]
  * Fix xen-init-name to not fail looking for a nonexistent 'config'
    entry in xl's JSON output.  Closes:#818129.

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Thu, 22 Dec 2016 14:51:46 +0000

xen (4.8.0~rc5-1) unstable; urgency=medium

  * New upstream version, Xen 4.8.0 RC5.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 11 Nov 2016 15:26:58 +0000

xen (4.8.0~rc3-1) unstable; urgency=medium

  * Upload 4.8.0~rc3 to unstable.  (RC5 is out upstream, but let's not
    update to that in the middle of the Xen 4.6 -> 4.8 transition.)
  * No source changes.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 05 Nov 2016 15:08:47 +0000

xen (4.8.0~rc3-0exp2) experimental; urgency=medium

  * Build-Depend on iasl on all architectures.  ARM has ACPI now.
    Fixes FTBFS on arm64 (at least).
  * Add qemu-utils and seabios to Suggests.
  * Pass -no-pie -fno-pic to x86 emulator test build.  (Patch
    also submitted upstream.)  Fixes FTBFS on i386 with GCC6.
  * Add myself to Uploaders.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Tue, 01 Nov 2016 18:00:25 +0000

xen (4.8.0~rc3-0exp1) experimental; urgency=high

  * New upstream version, Xen 4.8.0 RC3.
    Fixes many outstanding CVEs.
  * Incorporated many changes from 4.8.0-0ubuntu2
    - libxen-dev is M-A: same
    - Work around grep bug http://bugs.launchpad.net/bugs/1547466
    - debian/xen-hypervisor-4.6.xen.cfg:
      Additional config file to simplify grub configuration.
    - Use new library/abiname scheme.
    - Document what xl and xm are in default.xen
    - Add libvirtd dependency to xendomains init script
    (Thanks to Stefan Bader and others.)

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 24 Oct 2016 17:31:27 +0100

xen (4.7.0-0ubuntu2) yakkety; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7093 / XSA-186
      * x86/emulate: Correct boundary interactions of emulated instructions
      * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual
        boundary
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 06 Oct 2016 15:24:46 +0200

xen (4.7.0-0ubuntu1) yakkety; urgency=low

  * Rebasing to upstream Xen release 4.7 (LP: #1621618)
    - Renamed all *-4.6* files into *-4.7*. Also moved references within
      various files from 4.6 to 4.7.
    - Follow previous abiname patches to create individual run-time libs
      for the versioned libxen package for libxencall, libxenevtchn,
      libxenforeignmemory, libxengnttab, and libxentoollog.
    - Modified debian/libxen-dev.install to pick up the additional headers
      and drop one which is no longer present. And also add the new libs.
    - Refreshed Debian patchesS
    - Dropped transitional packages <4.6, added a set for 4.6.
    - Dropped tools-allow-configure-time-choice-of-libexec-subdire.patch
      (upstream)
    - Dropped ubuntu-config-prefix-fix.patch (unnecessary)
    - Dropped all security patches since those were all included in
      the new upstream release.
    - Added fix for FTBS on Arm due to unused static variables and
      hardening flags turned on.
    - Switched dependencies of sysvinit scripts from libvirt-bin to
      libvirtd.
    - Added modprobe for xen-acpi-processor (no auto-load alias) to
      xenstrore init script. Otherwise there is no frequency scaling
      if the driver is compiled as a module.
    - Added proposed upstream fix for regression to save PV guests
      with more than 1G of memory.

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 31 Aug 2016 16:12:26 +0200

xen (4.6.0-1+nmu2) unstable; urgency=medium

  * Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of
    4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be
    installed.

 -- Ian Campbell <ijc@debian.org>  Tue, 09 Feb 2016 16:41:16 +0000

xen (4.6.0-1+nmu1) unstable; urgency=medium

  * Non-maintainer upload.
  * Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR)
    which are no longer used by the upstream build system.
  * Use correct/consistent LIBEXEC dirs throughout build
    (Closes: #805508).

 -- Ian Campbell <ijc@debian.org>  Tue, 19 Jan 2016 14:43:54 +0000

xen (4.6.0-1ubuntu5) yakkety; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 07 Jun 2016 16:30:19 +0200

xen (4.6.0-1ubuntu4) xenial; urgency=low

  * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 19 Feb 2016 12:08:31 +0100

xen (4.6.0-1ubuntu3) xenial; urgency=low

  * Fix unmount error message on shutdown and init script ordering issues:
    - d/xen-utils-common.xenstored.init: Introduce new init script which only
      starts xenstored (but also shuts it down on stop). Prevent this one to
      be run on upgrade.
    - d/xen-utils-common.xen.init:
      * Add X-Start-Before/X-Stop-After dependencies on libvirt-bin
      * Remove xenstored related code
  * d/scripts/xen-init-list: Revert back to unmodified version from Debian.
    With the ordering fixed, libvirt guests should be handled by its own
    script before xendomains is run.
  * d/control, d/libxen-dev.install and d/rules.real:
    Add xenlight.pc and xlutil.pc to be packaged as part of libxen-dev in
    multi-arch suitable location. Also declare libxen-dev as multi-arch
    same.
  * Additional Security Patches:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 18 Feb 2016 18:20:38 +0100

xen (4.6.0-1ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 16 Dec 2015 12:06:10 +0100

xen (4.6.0-1ubuntu1) xenial; urgency=low

  * Merge of Xen-4.6 from Debian. Remaining changes:
    - debian/control, debian/rules.gen:
      Generate transitional xen-hypervisor packages.
    - debian/rules.real:
      Install the grub.d config file.
    - debian/scripts/xen-init-list:
      Ignore libxl guests not created by the xl toolstack (e.g. libvirt).
    - debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      Minor readability improvements (maybe get rid of those)
    - debian/xen-hypervisor-4.6.xen.cfg:
      Additional config file to simplify grub configuration.
    - debian/xen-utils-4.6.postinst, debian/xen-utils-4.6.prerm:
      Remove update-alternatives call.
    - debian/xen-utils-common.xen.init:
      Fix consoled_stop_real and additional code to start and attach a
      qemu instance to dom0 (needed for pygrub booting QCOW2 PVM guests).
      Note: Also contains a work-around for a kernel bug which should be
      dropped in the next release.
    - debian/patches/ubuntu-config-prefix-fix.patch:
      Modifies configure and tools/configure to use the correct (versioned)
      libexec path.
    - Additional security fixes:
      * XSA-156 / CVE-2015-5307
        x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 02 Dec 2015 18:57:48 +0100

xen (4.6.0-1) unstable; urgency=medium

  * New upstream release.
  * CVE-2015-7812
  * CVE-2015-7813
  * CVE-2015-7814
  * CVE-2015-7835
  * CVE-2015-7969
  * CVE-2015-7970
  * CVE-2015-7971
  * CVE-2015-7972

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Nov 2015 21:49:07 +0100

xen (4.5.1-0ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 03 Nov 2015 08:39:07 -0600

xen (4.5.1-0ubuntu1) wily; urgency=low

  * New upstream stable release (4.5.1)
    - Replacing the following security changes by upstream versions:
      * CVE-2014-3969 / XSA-98 (update),
        CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118,
        CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
        CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123,
        CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127
    - Included security changes which where not yet applied:
      * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136
  * Applying additional Xen Security Advisories:
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 02 Sep 2015 16:37:39 +0200

xen (4.5.1~rc1-1) experimental; urgency=medium

  [ Ian Campbell ]
  * Use xen-init-dom0 from initscript when it is available.
  * Install some user facing docs in xen-utils-common. (Closes: #688308)

  [ Bastian Blank ]
  * New upstream release candidate.

 -- Bastian Blank <waldi@debian.org>  Sun, 31 May 2015 21:59:56 +0200

xen (4.5.0-1ubuntu4) vivid; urgency=low

  * Applying Xen Security Advisories:
    * CVE-2014-3969 / XSA-98 (update)
      - xen: arm: correct arm64 version of gva_to_ma_par
    * CVE-2015-2752 / XSA-125
      - Limit XEN_DOMCTL_memory_mapping hypercall to only process up
        to 64 GFNs (or less)
    * CVE-2015-2751 / XSA-127
      - domctl: don't allow a toolstack domain to call domain_pause() on
        itself

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Apr 2015 10:10:27 +0200

xen (4.5.0-1ubuntu3) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-0268 / XSA-117
      * xen/arm: vgic-v2: Don't crash the hypervisor if the SGI
        target mode is invalid
    - CVE-2015-1563 / XSA-118
      * xen/arm: vgic: message in the emulation code should be
        rate-limited
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 04 Mar 2015 12:34:49 +0100

xen (4.5.0-1ubuntu2) vivid; urgency=low

  * Really add a transitional package for xen-hypervisor-4.4-amd64 for
    i386.

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 27 Feb 2015 15:47:49 +0100

xen (4.5.0-1ubuntu1) vivid; urgency=low

  * Merge lastest upstream release from Debian experimental. Remaining
    changes:
    - d/rules.real:
      * Remove reference to OCAMLDESTDIR [minor cleanup]
      * Install xen.cfg into /etc/default/grub.d
      * Declare transitional packages for hypervisor.
    - d/rules.gen:
      * Add rules for transitional hypervisor packages.
    - d/scripts/xen-init-list:
      * Ignore domains not managed by xl (also works around a bug in
        xl list -l).
    - d/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      * Add a little more explanation to a config file.
    - d/xen-hypervisor-4.5.xen.cfg
    - d/xen-utils-4.5.postinst and d/xen-utils-4.5.prerm:
      * Remove call to update-alternatives since we did not have those
        created in any release in the upgrade-path.
    - d/xen-utils-common.xen.init (picked from Debian packaging xen.git):
      * Fix removal of xenconsoled pid file.
      * Add code to start a qemu process for dom0.
      * Replace xenstore-writes by xen-init-dom0 call.
 
 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 22 Jan 2015 11:35:47 +0100

xen (4.5.0-1) experimental; urgency=medium

  [ Ian Campbell ]
  * New upstream release

 -- Bastian Blank <waldi@debian.org>  Wed, 21 Jan 2015 20:21:45 +0100

xen (4.5.0~rc3-1) experimental; urgency=medium

  * New upstream release candidate.
  * Re-add xend config.

 -- Bastian Blank <waldi@debian.org>  Wed, 17 Dec 2014 22:37:23 +0100

xen (4.4.1-6) unstable; urgency=medium

  * Fix starvation of writers in locks.
    CVE-2014-9065

 -- Bastian Blank <waldi@debian.org>  Thu, 11 Dec 2014 15:56:08 +0100

xen (4.4.1-5) unstable; urgency=medium

  * Fix excessive checks of hypercall arguments.
    CVE-2014-8866
  * Fix boundary checks of emulated MMIO access.
    CVE-2014-8867
  * Fix additional memory leaks in xl. (closes: #767295)

 -- Bastian Blank <waldi@debian.org>  Sun, 30 Nov 2014 20:13:32 +0100

xen (4.4.1-4) unstable; urgency=medium

  [ Bastian Blank ]
  * Make operations pre-emptible.
    CVE-2014-5146, CVE-2014-5149
  * Don't allow page table updates from non-PV page tables.
    CVE-2014-8594
  * Enforce privilege level while loading code segment.
    CVE-2014-8595
  * Fix reference counter leak.
    CVE-2014-9030
  * Use linux 3.16.0-4 stuff.
  * Fix memory leak in xl. (closes: #767295)

  [ Ian Campbell ]
  * Add licensing for tools/python/logging to debian/copyright.
    (Closes: #759384)
  * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
  * xen-utils recommends grub-xen-host package (Closes: #770460)

 -- Bastian Blank <waldi@debian.org>  Thu, 27 Nov 2014 20:17:36 +0100

xen (4.4.1-3ubuntu2) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
  * Pulling in Debian change to start qemu in dom0 (LP: #1396068)
  * Picking up Debian change to recommend grub-xen-host from xen-utils.
  * Picking up Debian change to really include xen-init-name.

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 19 Nov 2014 13:47:12 +0100

xen (4.4.1-3ubuntu1) vivid; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/p/series: Completely non-build-affecting additional comments. Just
      helpful hints for maintenance.
    - d/rules.real:
      * Use a separate grub config file in /etc/default/grub.d which auto-
        matically sets the default boot to Xen.
      * Remove OCAMLDESTDIR since all the xend/xm support is gone now.
    - d/scripts/xen-init-list: Avoid calling "xen list -l" without arguments
      as that breaks if there are guests started by libvirt are running.
    - d/xen-utils-4.4.postinst and d/xen-utils-4.4.prerm: Remove call to
      update-alternatives as this has not been used for several releases
      now.
    - d/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      Be a bit more verbose in the comments of the file and also point
      out that xm is gone now.

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 28 Oct 2014 17:32:56 +0100

xen (4.4.1-3) unstable; urgency=medium

  [ Bastian Blank ]
  * Remove unused build-depencencies.
  * Extend list affected systems for broken interrupt assignment.
    CVE-2013-3495
  * Fix race in hvm memory management.
    CVE-2014-7154
  * Fix missing privilege checks on instruction emulation.
    CVE-2014-7155, CVE-2014-7156
  * Fix uninitialized control structures in FIFO handling.
    CVE-2014-6268
  * Fix MSR range check in emulation.
    CVE-2014-7188

  [ Ian Campbell ]
  * Install xen.efi into /boot for amd64 builds.

 -- Bastian Blank <waldi@debian.org>  Fri, 17 Oct 2014 16:27:46 +0200

xen (4.4.1-2) unstable; urgency=medium

  * Re-build with correct content.
  * Use dh_lintian.

 -- Bastian Blank <waldi@debian.org>  Wed, 24 Sep 2014 20:23:14 +0200

xen (4.4.1-1) unstable; urgency=medium

  * New upstream release.
    - Fix several vulnerabilities. (closes: #757724)
      CVE-2014-2599, CVE-2014-3124,
      CVE-2014-3967, CVE-2014-3968,
      CVE-2014-4021

 -- Bastian Blank <waldi@debian.org>  Sun, 21 Sep 2014 10:45:47 +0200

xen (4.4.0-5) unstable; urgency=medium

  [ Ian Campbell ]
  * Expand on the descriptions of some packages. (Closes: #466683)
  * Clarify where xen-utils-common is required. (Closes: #612403)
  * No longer depend on gawk. Xen can now use any awk one of which is always
    present. (Closes: #589176)
  * Put core dumps in /var/lib/xen/dump and ensure it exists.
    (Closes: #444000)

  [ Bastian Blank ]
  * Handle JSON output from xl in xendomains init script.

 -- Bastian Blank <waldi@debian.org>  Sat, 06 Sep 2014 22:11:20 +0200

xen (4.4.0-4) unstable; urgency=medium

  [ Bastian Blank ]
  * Also remove unused OCaml packages from control file.
  * Make library packages multi-arch: same. (closes: #730417)
  * Use debhelper compat level 9. (closes: #692352)

  [ Ian Campbell ]
  * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
  * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
  * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)

 -- Bastian Blank <waldi@debian.org>  Sat, 30 Aug 2014 13:34:04 +0200

xen (4.4.0-3) unstable; urgency=medium

  [ Ian Campbell ]
  * Use correct SeaBIOS binary which supports Xen (Closes: #737905).

  [ Bastian Blank ]
  * Really update config.{sub,guess}.

 -- Bastian Blank <waldi@debian.org>  Fri, 29 Aug 2014 16:33:19 +0200

xen (4.4.0-2) unstable; urgency=medium

  * Remove broken and unused OCaml-support.

 -- Bastian Blank <waldi@debian.org>  Mon, 18 Aug 2014 15:18:42 +0200

xen (4.4.0-1) unstable; urgency=medium

  [ Bastian Blank ]
  * New upstream release.
    - Update scripts for compatiblity with latest coreutils.
      (closes: #718898)
    - Fix guest reboot with xl toolstack. (closes: #727100)
    - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
      (closes: #730254)
    - xl support for global VNC options. (closes: #744157)
    - vif scripts can now be named relative to /etc/xen/scripts.
      (closes: #744160)
    - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
    - pygrub searches for extlinux.conf in the expected places.
      (closes: #697407)
    - Update scripts to use correct syntax for ip command.
      (closes: #705659)
  * Fix install of xend configs to not break compatibility.

  [ Ian Campbell ]
  * Disable blktap1 support using new configure option instead of by patching.
  * Disable qemu-traditional and rombios support using new configure option
    instead of by patching. No need to build-depend on ipxe any more.
  * Use system qemu-xen via new configure option instead of patching.
  * Use system seabios via new configure option instead of patching.
  * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
  * Add support for armhf and arm64.
  * Update config.{sub,guess}.

 -- Bastian Blank <waldi@debian.org>  Sat, 09 Aug 2014 13:09:00 +0200

xen (4.4.0-0ubuntu9) utopic; urgency=low

  * debian/scripts/xen-init-list: Modify code to only list domains started
    by the xl command (when using libxl). Also working around a bug in the
    "list -l" command of the xl toolstack which causes it to fail if there
    are domains running which are not created by xl (like via libvirt)
    (LP: #1377960).

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 07 Oct 2014 11:05:44 +0200

xen (4.4.0-0ubuntu8) utopic; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-5147 / XSA-102
      * xen: arm: handle AArch32 userspace when dumping 64-bit guest state.
      * xen: arm: Correctly handle exception injection from userspace on
        64-bit.
      * xen: arm: Handle traps from 32-bit userspace on 64-bit kernel as undef
    - CVE-2014-5148 / XSA-103
      * xen: arm: Correctly handle do_sysreg exception injection from 64-bit
        userspace
    - CVE-2014-7154 / XSA-104
      * x86/shadow: fix race condition sampling the dirty vram state
    - CVE-2014-7155 / XSA-105
      * x86/emulate: check cpl for all privileged instructions
    - CVE-2014-7156 / XSA-106
      * x86emul: only emulate software interrupt injection for real mode
    - CVE-2014-6268 / XSA-107
      * evtchn: check control block exists when using FIFO-based events
    - CVE-2014-7188 / XSA-108
      * x86/HVM: properly bound x2APIC MSR range

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 26 Sep 2014 09:55:15 +0200

xen (4.4.0-0ubuntu7) utopic; urgency=low

  * d/xen-utils-<version>.postinst: Remove xend config conversion script.
  * d/p/ubuntu-use-seabios-256.patch: Pick the 256K seabios image for
    hvmloader because the 128K default image dropped Xen support.
    (LP: #1370123)

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 16 Sep 2014 17:35:24 +0200

xen (4.4.0-0ubuntu6) utopic; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-2599 / XSA-89
      * x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access()
    - CVE-2014-3125 / XSA-91
      * xen/arm: Correctly save/restore CNTKCTL_EL1
    - CVE-2014-3124 / XSA-92
      * x86/HVM: restrict HVMOP_set_mem_type
    - CVE-2014-2915 / XSA-93
      * xen/arm: Inject an undefined instruction when the coproc/sysreg
                 is not handled
      * xen/arm: Don't let the guest access the coprocessors registers
      * xen/arm: Upgrade DCISW into DCCISW
      * xen/arm: Trap cache and TCM lockdown registers
      * xen/arm: Don't expose implementation defined registers (Cp15 c15)
                 to the guest
      * xen/arm: Don't let guess access to Debug and Performance Monitor
                 registers
    - CVE-2014-2986 / XSA-94
      * xen/arm: vgic: Check rank in GICD_ICFGR* emulation before locking
    - CVE-2014-3714, CVE-2014-3715,  CVE-2014-3716, CVE-2014-3717 / XSA-95
      * tools: arm: remove code to check for a DTB appended to the kernel
    - CVE-2014-3967,CVE-2014-3968 / XSA-96
      * x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
    - CVE-2014-3969 / XSA-98
      * xen: arm: check permissions when copying to/from guest virtual
                  addresses
      * xen: arm: ensure we hold a reference to guest pages while we copy
                  to/from them
    - CVE-2014-4021 / XSA-100
      * AMD IOMMU: don't free page table prematurely
      * page-alloc: scrub pages used by hypervisor upon freeing
    - CVE-2014-4022 / XSA-101
      * xen: arm: initialise the grant_table_gpfn array on allocation

 -- Stefan Bader <stefan.bader@canonical.com>  Mon, 23 Jun 2014 15:40:16 +0200

xen (4.4.0-0ubuntu5) trusty; urgency=low

  * Minimal changes to make arm64 build. It produces packages, whatever
    can be done with those is somebody elses problem.

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 11 Apr 2014 15:12:47 +0200

xen (4.4.0-0ubuntu4) trusty; urgency=low

  * Fix up some more stale 4.3 references in xen-utils-4.4 debian
    packaging files.
  * Remove update-alternatives for postinst and prerm of xen-utils-<version>
    as there is no xen-default anymore.
  * debian/rules.real:
    Add etc/default/grub.d and install xen.cfg into it. This adds a
    place to set Xen grub arguments and makes booting into Xen the
    default (with a warning message on running update-grub).
  * debian/rules.real, debian/xen-utils-$(VERSION).postinst, xen-sxp2xm, 
    and xen-migrate-xend-managed-domains:
    Add migration scripts to the xen-utils-$(VERSION) package
    (LP: #1303886).
  * Add transitional packages for migrating xen-hypervisor-4.1-(i386|amd64)
    and xen-hypervisor-4.3-amd64 to add the xen-system-amd64 meta-package
    which is the preferred/recommeded way of installing Xen now.

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 26 Mar 2014 19:25:53 +0100

xen (4.4.0-0ubuntu3) trusty; urgency=low

  * Fixing up changelog history and preparing for FFE (LP: #1290743).

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 20 Mar 2014 12:53:21 +0100

xen (4.4.0-0ubuntu2) trusty; urgency=low

  * debian/patches/tools-ocaml-disable-test.patch: This disables the ocaml
    test build for now until linking issues are resolved.
  * debian/xen-utils-common.xen.init: Write domid for dom0 into xenstore
    (now required).

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 11 Mar 2014 14:26:58 +0100

xen (4.4.0-0ubuntu1) trusty; urgency=low

  * New upstream release (Xen.4.4)
  * Refreshed patches:
    - debian/patches/tools-libxc-abiname.diff
    - debian/patches/tools-libxl-abiname.diff
    - debian/patches/tools-libxl-prefix.diff
  * debian/rules.real: Force xend to be built.
  * debian/rules.real: For utils_<arch> installation move binaries from
    usr/sbin/ to usr/lib/xen-<version>/bin. Several that used to go into
    the private bin directory moved to the public sbin directory.
    Not ideal but quicker to do without side-effects.
  * debian/rules.real: Hypervisor has no .gz type on armhf.
  * debian/control, debian/rules.gen: Manually update version from 4.3 to 4.4.
  * debian/control: Add build dependency for libfdt-dev on armhf.
  * debian/control: Only depend on qemu-system-x86 for i386 and amd64 builds.
  * debian/*: Also rename several versioned packaging files.
  * debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
    Add comment about toolstack names and make xl the default.

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 11 Mar 2014 09:54:35 +0100

xen (4.3.0-3) unstable; urgency=low

  * Revive hypervisor on i386.

 -- Bastian Blank <waldi@debian.org>  Fri, 18 Oct 2013 00:15:16 +0200

xen (4.3.0-2) unstable; urgency=low

  * Force proper install order. (closes: #721999)

 -- Bastian Blank <waldi@debian.org>  Sat, 05 Oct 2013 15:03:36 +0000

xen (4.3.0-1ubuntu5) trusty; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-1642 / XSA-83
      * x86/irq: avoid use-after-free on error path in pirq_guest_bind()
    - CVE-2014-1891 / XSA-84
      * flask: fix reading strings from guest memory
    - CVE-2014-1895 / XSA-85
      * xsm/flask: correct off-by-one in flask_security_avc_cachestats
        cpu id check
    - CVE-2014-1896 / XSA-86
      * libvchan: Fix handling of invalid ring buffer indices
    - CVE-2014-1666 / XSA-87
      * x86: PHYSDEVOP_{prepare,release}_msix are privileged
    - CVE-2014-1950 / XSA-88
      * libxc: Fix out-of-memory error handling in xc_cpupool_getinfo()

 -- Stefan Bader <stefan.bader@canonical.com>  Mon, 17 Feb 2014 13:54:15 +0100

xen (4.3.0-1ubuntu4) trusty; urgency=medium

  * Rebuild for ocaml-4.01.

 -- Matthias Klose <doko@ubuntu.com>  Mon, 23 Dec 2013 16:18:35 +0000

xen (4.3.0-1ubuntu3) trusty; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-4553 / XSA-74
      * Lock order reversal between page_alloc_lock and mm_rwlock
    - CVE-2013-4551 / XSA-75
      * Host crash due to guest VMX instruction execution
    - CVE-2013-4554 / XSA-76
      * Hypercalls exposed to privilege rings 1 and 2 of HVM guests
    - CVE-????-???? / XSA-77
      * Disaggregated domain management security status
    - CVE-2013-6375 / XSA-78
      * Insufficient TLB flushing in VT-d (iommu) code
    - CVE-2013-6400 / XSA-80
      * IOMMU TLB flushing may be inadvertently suppressed
    - CVE-2013-6885 / XSA-82
      * Guest triggerable AMD CPU erratum may cause host hang

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 06 Dec 2013 17:51:24 +0100

xen (4.3.0-1ubuntu2) trusty; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1442 / XSA-62
      * Information leak on AVX and/or LWP capable CPUs
    - CVE-2013-4355 / XSA-63
      * Information leaks through I/O instruction emulation
    - CVE-2013-4356 / XSA-64
      * Memory accessible by 64-bit PV guests under live migration
    - CVE-2013-4361 / XSA-66
      Information leak through fbld instruction emulation
    - CVE-2013-4368 / XSA-67
      * Information leak through outs instruction emulation
    - CVE-2013-4369 / XSA-68
      * possible null dereference when parsing vif ratelimiting info
    - CVE-2013-4370 / XSA-69
      * misplaced free in ocaml xc_vcpu_getaffinity stub
    - CVE-2013-4371 / XSA-70
      * use-after-free in libxl_list_cpupool under memory pressure
    - CVE-2013-4416 / XSA-72
      * ocaml xenstored mishandles oversized message replies
    - CVE-2013-4494 / XSA-73
      * Lock order reversal between page allocation and grant table locks

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 05 Nov 2013 16:16:05 +0100

xen (4.3.0-1ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Add armhf to packages (except ocaml related) and create hypervisor
      and system-meta package. Modify build environment to produce Arm
      packages.
      * debian/control
      * debian/rules.gen
      * debian/rules.real
      * debian/patches/ubuntu-tools-armhf-without-ocaml.patch
        Ocaml source fail to build on Arm.
    - Re-introduce xen-hypervisor-amd64 for i386 builds. Otherwise i386
      would be rendered uninstallable.
      * debian/arch/i386/defines
      * debian/control
    - Keep qemu-dm for now (upstream qemu would not support
      migration, yet). Forward-port some patches from the old Debian
      package which still included qemu-dm:
      * debian/patches/qemu-prefix.diff
        Modify LDFLAGS to point to lib dir for qemu-dm.
      * debian/patches/qemu-disable-blktap.diff
        Blktap never went upstream.
      * debian/patches/ubuntu-qemu-disable-qemu-upstream.diff
        We want to use the binary from qemu-system-x86.
      * debian/patches/ubuntu-qemu-upstream-location.patch
        Modify tools to look for qemu-system-i386 in public path.
    - Fixup hvmloader build to find the correct PXE boot roms.
      * ubuntu-tools-firmware-etherboot-kvm-ipxe.diff
    - Add packaging dependency on libxenstore to libxen (otherwise
      libtool fails to find references for libxenlight).
      * debian/rules.real
    - Add migration helper that removes private paths from xend domain
      configs.
      * debian/scripts/Makefile
      * debian/scripts/xend-domain-config-path-strip
      * debian/xen-utils-common.postinst
    - Fix for using ulong instead of unsigned long in gdbsx.
      * debian/patches/toolchain.diff
  * First test for suitable toolstack in xendomains before using the list
    command as that causes the xapi daemon to hang.
    - debian/xen-utils-common.xendomains.init

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 27 Sep 2013 15:12:17 +0200

xen (4.3.0-1) unstable; urgency=low

  * New upstream release.
    - Fix HVM PCI passthrough. (closes: #706543)
  * Call configure with proper arguments.
  * Remove now empty xen-docs package.
  * Disable external code retrieval.
  * Drop all i386 hypervisor packages.
  * Drop complete blktap support.
  * Create /run/xen.
  * Make xen-utils recommend qemu-system-x86. (closes: #688311)
    - This version comes with audio support. (closes: #635166)
  * Make libxenlight and libxlutil public. (closes: #644390)
    - Set versioned ABI name.
    - Install headers.
    - Move libs into normal library path.
  * Use build flags in the tools build.
    - Fix fallout from harderning flags.
  * Update Standards-Version to 3.9.4. No changes.

 -- Bastian Blank <waldi@debian.org>  Thu, 05 Sep 2013 13:54:03 +0200

xen (4.3.0-0ubuntu4) saucy; urgency=low

  * Re-introduce xen-hypervisor-amd64 for i386 builds. Otherwise i386
    would be rendered uninstallable.

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 19 Sep 2013 15:28:06 -0500

xen (4.3.0-0ubuntu3) saucy; urgency=low

  * Avoid building libxenlight with blktap support (at least for now).
    - ubuntu-tools-force-build-without-blktap2.patch
    - debian/rules.real: Do not install libblktapctl
    - debian/libxen-dev.install: Do not package libblktapctl

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 15 Aug 2013 10:07:46 +0200

xen (4.3.0-0ubuntu2) saucy; urgency=low

  * debian/rules.real: Avoid ocaml install and trying to strip hvmload
    which does not exist on Arm.
  * debian/rules.gen: Remove i386 related rules for arch-flavour which
    would try to build the hypervisor (not supported anymore).
  * debian/rules.gen: Add rules for armhf builds.
  * debian/control: Add armhf to packages (except ocaml related) and
    create hypervisor and system-meta package.

 -- Stefan Bader <stefan.bader@canonical.com>  Sat, 03 Aug 2013 10:23:42 +0100

xen (4.3.0-0ubuntu1) saucy; urgency=low

  * debian/rules.real: Drop installing pdf for docs. Upstream dropped
    the xen-abi documentation.
  * debian/rules.real: Add --prefix=/usr to configure calls.
    (Default prefix is now /usr/local)
  * debian/rules -> debian/rules.real: Move modification of LDFLAGS as
    the latter does the compile and since 4.2.2 includes default.mk
    which would set the values back (either to the gcc version or
    to nothing).
  * debian/rules.real: Hack around checks for wget which the Debian build
    does not allow to use.
  * debian/control: Drop i386 versions of xen-hypervisor and xen-system.
    Upstream dropped i386 support for those.
  * debian/control: Add recommends for qemu-system-x86 to xen-utils-4.3.
    Utils (xl stack) will use the generic qemu-system-i386 when being
    told to use qemu-xen and qemu-dm for qemu-xen-traditional.
  * xen-utils-common.xen.init: Create /var/run/xen if not present on
    startup (this directory is used by libxl for qmp sockets).
  * Add support to allow libvirt to build the libxl driver:
    - tools/libxl: Create versioned variants of libxenlight.so and
      libblktapctl.so
    - debian/rules.real: Add packaging dependency on libxenstore to
      libxen (otherwise libtool fails to find references).
    - debian/libxen-dev.install: Package headers and library files
      of libxenlight.
  * Carried over from previous versions:
    - Keep qemu-dm for now (upstream qemu would not support
      migration, yet). Forward-port some patches from the old Debian
      package which still included qemu-dm:
      - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
      - qemu-disable-blktap (this is not present in upstream)
      - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
        be provided by qemu/kvm package)

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 25 Jun 2013 16:39:42 +0200

xen (4.2.2-1ubuntu1) saucy; urgency=low

  * Merge with Debian unstable. Dropping the following patches in favour
    of Debian ones:
    - xsa52-4.2-unstable.patch
    - xsa53-4.2.patch
    - xsa54.patch
    - xsa56.patch
  * Remaining changes:
    - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
      This will again use the Ubuntu specific LDFLAGS (using some
      hardening options). Older releases would always pass those options
      in the environment but that changed.
    - Ressurrect qemu-dm for now (upstream qemu would not support
      migration, yet). Forward-port some patches from the old Debian
      package which still included qemu-dm:
      - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
      - qemu-disable-blktap (this is not present in upstream)
      - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
        be provided by qemu/kvm package)
  * Remaining additional patches:
    - qemu-fix-librt-test.patch
      Fix build regression caused by glibc not requiring to link against
      librt for the clock_gettime function. Patch picked from xen-devel
      mailing list.
    - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
      Add direct include to sys/types.h for xg_main.c which likely was
      indirectly done before. Needed to get ulong type definition.
    - tools-ocaml-fix-build: refresh and reenable (and fix the description
      of) this patch.  Without it the ocam native libraries (*.cmxa)
      build in /build local paths rather than appropriatly versioned
      library references.
    - APIC Register Virtualization (backported from Xen 4.3)
      - 0001-xen-enable-APIC-Register-Virtualization.patch
      - 0002-xen-enable-Virtual-interrupt-delivery.patch
      - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
    - TSC Adjust Support (backported from Xen 4.3)
      - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
      - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
      - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
    - Fix FTBS on i386
      - 0007-x86-Fix-i386-virtual-apic.patch
    - silence-gcc-warnings.patch: Silence gcc warnings.

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Jul 2013 09:41:37 +0200

xen (4.2.2-1) unstable; urgency=low

  * New upstream release.
    - Fix build with gcc 4.8. (closes: #712376)
  * Build-depend on libssl-dev. (closes: #712366)
  * Enable hardening as much as possible.
  * Re-enable ocaml build fixes. (closes: #695176)
  * Check for out-of-bound values in CPU affinity setup.
    CVE-2013-2072
  * Fix information leak on AMD CPUs.
    CVE-2013-2076
  * Recover from faults on XRSTOR.
    CVE-2013-2077
  * Properly check guest input to XSETBV.
    CVE-2013-2078

 -- Bastian Blank <waldi@debian.org>  Thu, 11 Jul 2013 00:28:24 +0200

xen (4.2.1-2ubuntu2) saucy; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55
      * libelf: abolish libelf-relocate.c
      * libxc: introduce xc_dom_seg_to_ptr_pages
      * libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
      * libelf: add `struct elf_binary*' parameter to elf_load_image
      * libelf: abolish elf_sval and elf_access_signed
      * libelf: move include of <asm/guest_access.h> to top of file
      * libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised
      * libelf: introduce macros for memory access and pointer handling
      * tools/xcutils/readnotes: adjust print_l1_mfn_valid_note
      * libelf: check nul-terminated strings properly
      * libelf: check all pointer accesses
      * libelf: Check pointer references in elf_is_elfbinary
      * libelf: Make all callers call elf_check_broken
      * libelf: use C99 bool for booleans
      * libelf: use only unsigned integers
      * libelf: check loops for running away
      * libelf: abolish obsolete macros
      * libxc: Add range checking to xc_dom_binloader
      * libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
      * libxc: check return values from malloc
      * libxc: range checks in xc_dom_p2m_host and _guest
      * libxc: check blob size before proceeding in xc_dom_check_gzip
      * libxc: Better range check in xc_dom_alloc_segment
    - CVE-XXXX-XXXX / XSA57
      * libxl: Restrict permissions on PV console device xenstore nodes

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 21 Jun 2013 14:23:14 +0200

xen (4.2.1-2ubuntu1) saucy; urgency=low

  * Merge with Debian unstable. Dropping the following patches in favour
    of Debian ones:
    - xsa33-4.2-unstable.patch
    - xsa36-4.2.patch
    - xsa44-4.2.patch
    - xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch
    - xsa45-4.2-02-new-guest-cr3-preemptible.patch
    - xsa45-4.2-03-new-user-base-preemptible.patch
    - xsa45-4.2-04-vcpu-reset-preemptible.patch
    - xsa45-4.2-05-set-info-guest-preemptible.patch
    - xsa45-4.2-06-unpin-preemptible.patch
    - xsa45-4.2-07-mm-error-paths-preemptible.patch
    - xsa46-4.2.patch
    - xsa47-4.2-unstable.patch
    - xsa49-4.2.patch
  * Remaining changes:
    - debian/control: Depend on libssl-dev
    - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
      This will again use the Ubuntu specific LDFLAGS (using some
      hardening options). Older releases would always pass those options
      in the environment but that changed.
    - Ressurrect qemu-dm for now (upstream qemu would not support
      migration, yet). Forward-port some patches from the old Debian
      package which still included qemu-dm:
      - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
      - qemu-disable-blktap (this is not present in upstream)
      - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
        be provided by qemu/kvm package)
  * Remaining additional patches:
    - qemu-cve-2012-6075-1.patch / qemu-cve-2012-6075-2.patch
    - xsa34-4.2.patch
    - xsa35-4.2-with-xsa34.patch
    - xsa38.patch
    - xsa52-4.2-unstable.patch
    - xsa53-4.2.patch
    - xsa54.patch
    - xsa56.patch
    - qemu-fix-librt-test.patch
      Fix build regression caused by glibc not requiring to link against
      librt for the clock_gettime function. Patch picked from xen-devel
      mailing list.
    - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
      Add direct include to sys/types.h for xg_main.c which likely was
      indirectly done before. Needed to get ulong type definition.
    - tools-ocaml-fix-build: refresh and reenable (and fix the description
      of) this patch.  Without it the ocam native libraries (*.cmxa)
      build in /build local paths rather than appropriatly versioned
      library references.
    - APIC Register Virtualization (backported from Xen 4.3)
      - 0001-xen-enable-APIC-Register-Virtualization.patch
      - 0002-xen-enable-Virtual-interrupt-delivery.patch
      - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
    - TSC Adjust Support (backported from Xen 4.3)
      - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
      - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
      - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch
    - Fix FTBS on i386
      - 0007-x86-Fix-i386-virtual-apic.patch
    - Fix HVM regression when host supports SMEP
      - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
      - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
      - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
    - silence-gcc-warnings.patch: Silence gcc warnings.
    - gcc48-ftbfs.patch
    - gcc48-ftbfs-2.patch

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 14 Jun 2013 10:01:32 +0200

xen (4.2.1-2) unstable; urgency=low

  * Actually upload to unstable.

 -- Bastian Blank <waldi@debian.org>  Sun, 12 May 2013 00:20:58 +0200

xen (4.2.1-1) experimental; urgency=low

  * New upstream release.
  * Enable usage of seabios.
  * Fix some toolchain issues.

 -- Bastian Blank <waldi@debian.org>  Sat, 11 May 2013 23:55:46 +0200

xen (4.2.1-0ubuntu4) saucy; urgency=low

  [ Stefan Bader ]
  * Applying Xen Security Advisories:
    - CVE-2013-1918 / XSA-45
      * x86: make vcpu_destroy_pagetables() preemptible
      * x86: make new_guest_cr3() preemptible
      * x86: make MMUEXT_NEW_USER_BASEPTR preemptible
      * x86: make vcpu_reset() preemptible
      * x86: make arch_set_info_guest() preemptible
      * x86: make page table unpinning preemptible
      * x86: make page table handling error paths preemptible
    - CVE-2013-1952 / XSA-49
      * VT-d: don't permit SVT_NO_VERIFY entries for known device types
    - CVE-2013-2076 / XSA-52
      * x86/xsave: fix information leak on AMD CPUs
    - CVE-2013-2077 / XSA-53
      * x86/xsave: recover from faults on XRSTOR
    - CVE-2013-2078 / XSA-54
      * x86/xsave: properly check guest input to XSETBV
    - CVE-2013-2072 / XSA-56
      * libxc: limit cpu values when setting vcpu affinity

  [ Marc Deslauriers ]
  * debian/patches/gcc48-ftbfs.patch: Add -Wno-unused-local-typedefs to
    CFLAGS.
  * debian/patches/gcc48-ftbfs-2.patch: fix memset(&p,0,sizeof(p)) idiom in
    several places.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 10 Jun 2013 15:03:13 -0400

xen (4.2.1-0ubuntu3.1) raring-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1917 / XSA-44
      x86: clear EFLAGS.NT in SYSENTER entry path
    - CVE-2013-1919 / XSA-46
      x86: fix various issues with handling guest IRQs
    - CVE-2013-1920 / XSA-47
      defer event channel bucket pointer store until after XSM checks

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 10 Apr 2013 14:21:15 +0200

xen (4.2.1-0ubuntu3) raring; urgency=low

  * Fix FTBS on i386
    - 0007-x86-Fix-i386-virtual-apic.patch
  * Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
    - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
    - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
    - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 05 Apr 2013 16:39:45 +0200

xen (4.2.1-0ubuntu2) raring; urgency=low

  * Backporting support for Intel APIC virtualization (LP: #1160373)
    - 0001-xen-enable-APIC-Register-Virtualization.patch
    - 0002-xen-enable-Virtual-interrupt-delivery.patch
    - 0003-xen-add-virtual-x2apic-support-for-apicv.patch
  * Backporting support for Intel TSC adjust (LP: #1160378)
    - 0004-x86-Implement-TSC-adjust-feature-for-HVM-guest.patch
    - 0005-x86-Save-restore-TSC-adjust-during-HVM-guest-migrati.patch
    - 0006-x86-Expose-TSC-adjust-to-HVM-guest.patch

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 26 Mar 2013 09:41:25 +0100

xen (4.2.1-0ubuntu1) raring; urgency=low

  * New upstream stable release. Remaining changes:
    - Fix to qemu for CVE-2012-6075
    - Patches for XSA33-36 and 38
    - qemu-fix-librt-test.patch
      Fix build regression caused by glibc not requiring to link against
      librt for the clock_gettime function. Patch picked from xen-devel
      mailing list.
    - tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
      Add direct include to sys/types.h for xg_main.c which likely was
      indirectly done before. Needed to get ulong type definition.
    - tools-ocaml-fix-build: refresh and reenable (and fix the description
      of) this patch.  Without it the ocam native libraries (*.cmxa)
      build in /build local paths rather than appropriatly versioned
      library references.
    - Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
      This will again use the Ubuntu specific LDFLAGS (using some
      hardening options). Older releases would always pass those options
      in the environment but that changed.
    - Ressurrect qemu-dm for now (upstream qemu would not support
      migration, yet). Forward-port some patches from the old Debian
      package which still included qemu-dm:
      - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
      - qemu-disable-blktap (this is not present in upstream)
      - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
        be provided by qemu/kvm package)
    - Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
      up hvmloader build. kvm-ipxe contains a subset of the rom files from
      which the Xen build only uses two to be embedded in the hvmloader.
    - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 08 Mar 2013 10:34:54 +0100

xen (4.2.0-2) experimental; urgency=low

  * Support JSON output in domain init script helper.

 -- Bastian Blank <waldi@debian.org>  Mon, 01 Oct 2012 15:11:30 +0200

xen (4.2.0-1ubuntu6) raring; urgency=low

  * Applying Xen Security Advisory:
    - VT-d: fix interrupt remapping source validation for devices behind
      legacy bridges
      CVE-2012-5634 / XSA-33
    - x86_32: don't allow use of nested HVM
      CVE-2013-0151 / XSA-34
    - xen: Do not allow guests to enable nested HVM on themselves
      CVE-2013-0152 / XSA-35
    - ACPI: acpi_table_parse() should return handler's error code
      CVE-2013-0153 / XSA-36
    - oxenstored incorrect handling of certain Xenbus ring states
      CVE-2013-0215 / XSA-38
  * Applying qemu security fixes:
    - e1000: Discard packets that are too long if !SBP and !LPE
      CVE-2012-6075 / XSA-41
    - Discard packets longer than 16384 when !SBP to match the hardware
      behavior.
      CVE-2012-6075 / XSA-41
  * qemu-fix-librt-test.patch
    Fix build regression caused by glibc not requiring to link against
    librt for the clock_gettime function. Patch picked from xen-devel
    mailing list.
  * tools-gdbsx-fix-build-failure-with-glibc-2.17.patch
    Add direct include to sys/types.h for xg_main.c which likely was
    indirectly done before. Needed to get ulong type definition.

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 29 Jan 2013 15:48:47 +0100

xen (4.2.0-1ubuntu5) raring; urgency=low

  * Add libssl-dev to Build-Depends. 

 -- Chris J Arges <chris.j.arges@canonical.com>  Tue, 15 Jan 2013 11:13:48 -0600

xen (4.2.0-1ubuntu4) raring; urgency=low

  * Applying Xen Security fixes (LP: #1086875)
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
    - x86: get_page_from_gfn() must return NULL for invalid GFNs
      CVE-2012-5525

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 05 Dec 2012 18:13:25 +0100

xen (4.2.0-1ubuntu3) raring; urgency=low

  * tools-ocaml-fix-build: refresh and reenable (and fix the description
    of) this patch.  Without it the ocam native libraries (*.cmxa)
    build in /build local paths rather than appropriatly versioned
    library references.

 -- Andy Whitcroft <apw@ubuntu.com>  Thu, 29 Nov 2012 21:49:00 +0000

xen (4.2.0-1ubuntu2) raring; urgency=low

  * Drop replaces and conflicts for xen3 packages (they are no longer
    in the upgrade path) from debian/control:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-3.3
  * Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
    This will again use the Ubuntu specific LDFLAGS (using some
    hardening options). Older releases would always pass those options
    in the environment but that changed.
  * Ressurrect qemu-dm for now (upstream qemu would not support
    migration, yet). Forward-port some patches from the old Debian
    package which still included qemu-dm:
    - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
    - qemu-disable-blktap (this is not present in upstream)
    - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
      be provided by qemu/kvm package)
  * Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
    up hvmloader build. kvm-ipxe contains a subset of the rom files from
    which the Xen build only uses two to be embedded in the hvmloader.
  * XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
    - CVE-2012-4535
  * XSA-22: Prevent incorrect updates of m2p mappings
    - CVE-2012-4537
  * XSA-23: check toplevel pagetables are present before unhooking them
    - CVE-2012-4538
  * XSA-24: Prevent infinite loop in compat code
    - CVE-2012-4539
  * XSA-25: limit maximum size of kernel/ramdisk
    - CVE-2012-4544

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 13 Nov 2012 09:03:58 +0100

xen (4.2.0-1ubuntu1) raring; urgency=low

  * Merge from Debian Experimental, Remaining changes:
    - debian/control:
      - Build depends on ipxe-qemu.
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc.
    - disable debian/patches/config-etherboot.diff.
    - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 08 Nov 2012 12:14:30 -0600

xen (4.2.0-1) experimental; urgency=low

  * New upstream release.

 -- Bastian Blank <waldi@debian.org>  Tue, 18 Sep 2012 13:54:30 +0200

xen (4.2.0~rc3-1) experimental; urgency=low

  * New upstream snapshot.

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Sep 2012 20:28:46 +0200

xen (4.2.0~rc2-1) experimental; urgency=low

  * New upstream snapshot.
  * Build-depend against libglib2.0-dev and libyajl-dev.
  * Disable seabios build for now.
  * Remove support for Lenny and earlier.
  * Support build-arch and build-indep make targets.

 -- Bastian Blank <waldi@debian.org>  Sun, 13 May 2012 12:21:10 +0000

xen (4.1.4-4) unstable; urgency=high

  * Make several long runing operations preemptible.
    CVE-2013-1918
  * Fix source validation for VT-d interrupt remapping.
    CVE-2013-1952

 -- Bastian Blank <waldi@debian.org>  Thu, 02 May 2013 14:30:29 +0200

xen (4.1.4-3) unstable; urgency=high

  * Fix return from SYSENTER.
    CVE-2013-1917
  * Fix various problems with guest interrupt handling.
    CVE-2013-1919
  * Only save pointer after access checks.
    CVE-2013-1920
  * Fix domain locking for transitive grants.
    CVE-2013-1964

 -- Bastian Blank <waldi@debian.org>  Fri, 19 Apr 2013 13:01:57 +0200

xen (4.1.4-2) unstable; urgency=low

  * Use pre-device interrupt remapping mode per default. Fix removing old
    remappings.
    CVE-2013-0153

 -- Bastian Blank <waldi@debian.org>  Wed, 06 Feb 2013 13:04:52 +0100

xen (4.1.4-1) unstable; urgency=low

  * New upstream release.
    - Disable process-context identifier support in newer CPUs for all
      domains.
    - Add workarounds for AMD errata.
    - Don't allow any non-canonical addresses.
    - Use Multiboot memory map if BIOS emulation does not provide one.
    - Fix several problems in tmem.
      CVE-2012-3497
    - Fix error handling in domain creation.
    - Adjust locking and interrupt handling during S3 resume.
    - Tighten more resource and memory range checks.
    - Reset performance counters. (closes: #698651)
    - Remove special-case for first IO-APIC.
    - Fix MSI handling for HVM domains. (closes: #695123)
    - Revert cache value of disks in HVM domains.

 -- Bastian Blank <waldi@debian.org>  Thu, 31 Jan 2013 15:44:50 +0100

xen (4.1.3-8) unstable; urgency=high

  * Fix error in VT-d interrupt remapping source validation.
    CVE-2012-5634
  * Fix buffer overflow in qemu e1000 emulation.
    CVE-2012-6075
  * Update patch, mention second CVE.
    CVE-2012-5511, CVE-2012-6333

 -- Bastian Blank <waldi@debian.org>  Sat, 19 Jan 2013 13:55:07 +0100

xen (4.1.3-7) unstable; urgency=low

  * Fix clock jump due to incorrect annotated inline assembler.
    (closes: #599161)
  * Add support for XZ compressed Linux kernels to hypervisor and userspace
    based loaders, it is needed for any Linux kernels newer then Wheezy.
    (closes: #695056)

 -- Bastian Blank <waldi@debian.org>  Tue, 11 Dec 2012 18:54:59 +0100

xen (4.1.3-6) unstable; urgency=high

  * Fix error handling in physical to machine memory mapping.
    CVE-2012-5514

 -- Bastian Blank <waldi@debian.org>  Tue, 04 Dec 2012 10:51:43 +0100

xen (4.1.3-5) unstable; urgency=high

  * Fix state corruption due to incomplete grant table switch.
    CVE-2012-5510
  * Check range of arguments to several HVM operations.
    CVE-2012-5511, CVE-2012-6333
  * Check array index before using it in HVM memory operation.
    CVE-2012-5512
  * Check memory range in memory exchange operation.
    CVE-2012-5513
  * Don't allow too large memory size and avoid busy looping.
    CVE-2012-5515

 -- Bastian Blank <waldi@debian.org>  Mon, 03 Dec 2012 19:37:38 +0100

xen (4.1.3-4) unstable; urgency=high

  * Use linux 3.2.0-4 stuff.
  * Fix overflow in timer calculations.
    CVE-2012-4535
  * Check value of physical interrupts parameter before using it.
    CVE-2012-4536
  * Error out on incorrect memory mapping updates.
    CVE-2012-4537
  * Check if toplevel page tables are present.
    CVE-2012-4538
  * Fix infinite loop in compatibility code.
    CVE-2012-4539
  * Limit maximum kernel and ramdisk size.
    CVE-2012-2625, CVE-2012-4544

 -- Bastian Blank <waldi@debian.org>  Tue, 20 Nov 2012 15:51:01 +0100

xen (4.1.3-3ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3.
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-4.1.
    - Change depend back to ipxe as we do not have ipxe-qemu.
    - etherboot: Change the config back to include the 8086100e.rom
    - Dropped:
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc. Right now there seem to be no LDFLAGS passed.
  * Backported AMD specific improvements from upstream Xen (LP: #1009098):
    - svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
    - x86: Use deep C states for off-lined CPUs
    - x86/AMD: Add support for AMD's OSVW feature in guests.
    - hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 27 Sep 2012 21:27:44 +0200

xen (4.1.3-3) unstable; urgency=low

  * Xen domain init script:
    - Make sure Open vSwitch is started before any domain.
    - Properly handle and show output of failed migration and save.
    - Ask all domains to shut down before checking them.

 -- Bastian Blank <waldi@debian.org>  Tue, 18 Sep 2012 13:26:32 +0200

xen (4.1.3-2) unstable; urgency=medium

  * Don't allow writing reserved bits in debug register.
    CVE-2012-3494
  * Fix error handling in interrupt assignment.
    CVE-2012-3495
  * Don't trigger bug messages on invalid flags.
    CVE-2012-3496
  * Check array bounds in interrupt assignment.
    CVE-2012-3498
  * Properly check bounds while setting the cursor in qemu.
    CVE-2012-3515
  * Disable monitor in qemu by default.
    CVE-2012-4411

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Sep 2012 19:41:46 +0200

xen (4.1.3-1) unstable; urgency=medium

  * New upstream release: (closes: #683286)
    - Don't leave the x86 emulation in a bad state. (closes: #683279)
      CVE-2012-3432
    - Only check for shared pages while any exist on teardown.
      CVE-2012-3433
    - Fix error handling for unexpected conditions.
    - Update CPUID masking to latest Intel spec.
    - Allow large ACPI ids.
    - Fix IOMMU support for PCI-to-PCIe bridges.
    - Disallow access to some sensitive IO-ports.
    - Fix wrong address in IOTLB.
    - Fix deadlock on CPUs without working cpufreq driver.
    - Use uncached disk access in qemu.
    - Fix buffer size on emulated e1000 device in qemu.
  * Fixup broken and remove applied patches.

 -- Bastian Blank <waldi@debian.org>  Fri, 17 Aug 2012 11:25:02 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low

  [ Ian Campbell ]
  * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
  * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)

  [ Bastian Blank ]
  * Actually build-depend on new enough version of dpkg-dev.
  * Add xen-sytem-* meta-packages. We are finally in a position to do
    automatic upgrades and this package is missing. (closes: #681376)

 -- Bastian Blank <waldi@debian.org>  Sat, 28 Jul 2012 10:23:26 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4ubuntu1) quantal; urgency=low

  [ Ubuntu Merge-o-Matic ]
  * Merge from Debian unstable.  Remaining changes:
      - Thanks to Stefan Bader.
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3.
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Change depend back to ipxe as we do not have ipxe-qemu.
      - etherboot: Change the config back to include the 8086100e.rom
      - Dropped:
        - Make sure the LDFLAGS value passed is suitable for use by ld
          rather than gcc. Right now there seem to be no LDFLAGS passed.


 -- Chuck Short <zulcss@ubuntu.com>  Tue, 03 Jul 2012 08:43:03 -0400

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low

  * Add Build-Using info to xen-utils package.
  * Fix build-arch target.

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Jul 2012 19:52:30 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low

  * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
    compatible.
  * Fix init script usage.
  * Fix udev rules for emulated network devices:
    - Force names of emulated network devices to a predictable name.

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Jul 2012 16:59:04 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low

  * Fix pointer missmatch in interrupt functions. Fixes build on i386.

 -- Bastian Blank <waldi@debian.org>  Fri, 15 Jun 2012 18:00:51 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low

  * New upstream snapshot.
    - Fix privilege escalation and syscall/sysenter DoS while using
      non-canonical addresses by untrusted PV guests. (closes: #677221)
      CVE-2012-0217
      CVE-2012-0218
    - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
      cause a DoS of the host.
      CVE-2012-2934
  * Don't fail if standard toolstacks are not available. (closes: #677244)

 -- Bastian Blank <waldi@debian.org>  Thu, 14 Jun 2012 17:06:25 +0200

xen (4.1.2-7) unstable; urgency=low

  * Really use ucf.
  * Update init script dependencies:
    - Start $syslog before xen.
    - Start drbd and iscsi before xendomains. (closes: #626356)
    - Start corosync and heartbeat after xendomains.
  * Remove /var/log/xen on purge. (closes: #656216)

 -- Bastian Blank <waldi@debian.org>  Tue, 22 May 2012 10:44:41 +0200

xen (4.1.2-6) unstable; urgency=low

  * Fix generation of architectures for hypervisor packages.
  * Remove information about loop devices, it is incorrect. (closes: #503044)
  * Update xendomains init script:
    - Create directory for domain images only root readable. (closes: #596048)
    - Add missing sanity checks for variables. (closes: #671750)
    - Remove not longer supported config options.
    - Don't fail if no config is available.
    - Remove extra output if domain was restored.

 -- Bastian Blank <waldi@debian.org>  Sun, 06 May 2012 20:07:41 +0200

xen (4.1.2-5) unstable; urgency=low

  * Actually force init script rename. (closes: #669341)
  * Fix long output from xl.
  * Move complete init script setup.
  * Rewrite xendomains init script:
    - Use LSB output functions.
    - Make output more clear.
    - Use xen toolstack wrapper.
    - Use a python script to properly read domain details.
  * Set name for Domain-0.

 -- Bastian Blank <waldi@debian.org>  Mon, 23 Apr 2012 11:56:45 +0200

xen (4.1.2-4) unstable; urgency=low

  [ Bastian Blank ]
  * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
  * Don't longer use a4wide latex package.
  * Use ucf for /etc/default/xen.
  * Remove handling for old udev rules link and xenstored directory.
  * Rename xend init script to xen.

  [ Lionel Elie Mamane ]
  * Fix toolstack script to work with old dash. (closes: #648029)

 -- Bastian Blank <waldi@debian.org>  Mon, 16 Apr 2012 08:47:29 +0000

xen (4.1.2-3) unstable; urgency=low

  * Merge xen-common source package.
  * Remove xend wrapper, it should not be called by users.
  * Support xl in init script.
  * Restart xen daemons on upgrade.
  * Restart and stop xenconsoled in init script.
  * Load xen-gntdev module.
  * Create /var/lib/xen. (closes: #658101)
  * Cleanup udev rules. (closes: #657745)

 -- Bastian Blank <waldi@debian.org>  Wed, 01 Feb 2012 19:28:28 +0100

xen (4.1.2-2ubuntu2) precise; urgency=low

  * etherboot: Change the config back to include the 8086100e.rom
    (LP: #948333)

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 06 Mar 2012 20:58:14 +0100

xen (4.1.2-2ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3.
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc.
      - Dropped:
        - debian/patches/upstream-23044:d4ca456c0c25
        - debian/patches/upstream-23104:1976adbf2b80
        - debian/patches/upstream-changeset-23146.patch
        - debian/patches/upstream-changeset-23147.patch
        - debian/patches/xen-pirq-resubmit-irq.patch

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 22 Dec 2011 04:53:35 +0000

xen (4.1.2-2) unstable; urgency=low

  [ Jon Ludlam ]
  * Import (partially reworked) upstream changes for OCaml support.
    - Rename the ocamlfind packages.
    - Remove uuid and log libraries.
    - Fix 2 bit-twiddling bugs and an off-by-one
  * Fix build of OCaml libraries.
  * Add OCaml library and development package.
  * Include some missing headers.

 -- Bastian Blank <waldi@debian.org>  Sat, 10 Dec 2011 19:13:25 +0000

xen (4.1.2-1) unstable; urgency=low

  * New upstream release.
  * Build-depend on pkg-config.
  * Add package libxen-4.1. Includes some shared libs.

 -- Bastian Blank <waldi@debian.org>  Sat, 26 Nov 2011 18:28:06 +0100

xen (4.1.1-3ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3.
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc.
      - debian/patches/upstream-changeset-23146.patch,
        debian/patches/upstream-changeset-23147.patch: Fix booting with hvm
        domU. (LP: #832207)
      - debian/patches/xen-pirq-resubmit-irq.patch: Retrigger pirq events
        when asserted while processing. (LP: #854829)

 -- Chuck Short <zulcss@ubuntu.com>  Sun, 06 Nov 2011 05:51:08 +0000

xen (4.1.1-3) unstable; urgency=low

  [ Julien Danjou ]
  * Remove Julien Danjou from the Uploaders field. (closes: #590439)

  [ Bastian Blank ]
  * Use current version of python. (closes: #646660)
  * Build-depend against liblzma-dev, it is used if available.
    (closes: #646694)
  * Update Standards-Version to 3.9.2. No changes.
  * Don't use brace-expansion in debhelper install files.

 -- Bastian Blank <waldi@debian.org>  Wed, 26 Oct 2011 14:42:33 +0200

xen (4.1.1-2ubuntu4.1) oneiric-proposed; urgency=low

  * debian/patches/xen-pirq-resubmit-irq.patch: Retrigger
    pirq events when asserted while processing. Thanks to Stefan Bader
    (LP: #854829) 

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 10 Oct 2011 19:30:09 -0400

xen (4.1.1-2ubuntu4) oneiric; urgency=low

  * Rebuild to drop build records on armel and powerpc. LP: #823714.

 -- Matthias Klose <doko@ubuntu.com>  Thu, 06 Oct 2011 14:15:35 +0200

xen (4.1.1-2ubuntu2) oneiric; urgency=low

  * Clean up patches. 
  * debian/patches/upstream-changeset-23146.patch,
    debian/patches/upstream-changeset-23147.patch: Fix booting with hvm
    domU. (LP: #832207)

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 01 Sep 2011 13:13:47 -0400

xen (4.1.1-2ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3.
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
    + Make sure the LDFLAGS value passed is suitable for use by ld
      rather than gcc.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 11 Aug 2011 14:18:41 +0000

xen (4.1.1-2) unstable; urgency=low

  * Fix hvmloader with gcc 4.6.

 -- Bastian Blank <waldi@debian.org>  Fri, 05 Aug 2011 23:58:36 +0200

xen (4.1.1-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    + Xen 3.3 -> Xen 4.1 migration:
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3.
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
    + Make sure the LDFLAGS value passed is suitable for use by ld
      rather than gcc.
    + Dropped upstream patches:
      - debian/patches/disable-unused-but-not-set-error.patch:
        Applied upstream.
      - debian/patches/xc-dom-restore-set-but-not-used.patch:
        Applied upstream.
      - debian/patches/xc-dom-restore-set-but-not-used.patch:
        Applied upstream.

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 19 Jul 2011 00:11:08 +0000

xen (4.1.1-1) unstable; urgency=low

  * New upstream release.
  * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
  * Use dh_python2.

 -- Bastian Blank <waldi@debian.org>  Mon, 18 Jul 2011 19:38:38 +0200

xen (4.1.0-3ubuntu4) oneiric; urgency=low

  * Fix xen 3.3 -> xen 4.1 migration. 

 -- Chuck Short <zulcss@ubuntu.com>  Sat, 04 Jun 2011 15:37:17 -0400

xen (4.1.0-3ubuntu3) oneiric; urgency=low

  * debian/control: Use python2.7 as a build dependency. 

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 31 May 2011 14:50:03 -0400

xen (4.1.0-3ubuntu2) oneiric; urgency=low

  * debian/control: 
     + Move to python 2.7. 
     + Xen 3.3 -> Xen4.1 migration:
       - libxenstore3.0: Conflict and replaces libxen3.
       - libxen-dev: Conflict and replaces libxen3-dev.
       - xenstore-tuils: Conflict and replaces libxen3
       - xen-utils-4.1: Confflict and replaces libxen3, python-xen3.3, 
         and xen-utils-3.3

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 31 May 2011 13:15:08 -0400

xen (4.1.0-3ubuntu1) oneiric; urgency=low

  * Make sure the LDFLAGS value passed is suitable for use by ld,
    rather than gcc.
  * Import a set of gcc 4.6 related build fixes from upstream hg.
    (disable-unused-but-not-set-error.patch,
     ioapic-uninitialised-variables.patch,
     patches/xc-dom-restore-set-but-not-used.patch,
     xc-tmem-set-but-not-used.patch)

 -- Soren Hansen <soren@ubuntu.com>  Thu, 26 May 2011 14:27:18 +0200

xen (4.1.0-3) unstable; urgency=low

  * Add ghostscript to build-deps.
  * Enable qemu-dm build.
    - Add qemu as another orig tar.
    - Remove blktap1, bluetooth and sdl support from qemu.
    - Recommend qemu-keymaps and qemu-utils.

 -- Bastian Blank <waldi@debian.org>  Thu, 28 Apr 2011 15:20:45 +0200

xen (4.1.0-2) unstable; urgency=low

  * Re-enable hvmloader:
    - Use packaged ipxe.
  * Workaround incompatibility with xenstored of Xen 4.0.

 -- Bastian Blank <waldi@debian.org>  Fri, 15 Apr 2011 11:38:25 +0200

xen (4.1.0-1) unstable; urgency=low

  * New upstream release.

 -- Bastian Blank <waldi@debian.org>  Sun, 27 Mar 2011 18:09:28 +0000

xen (4.1.0~rc6-1) unstable; urgency=low

  * New upstream release candidate.
  * Build documentation using pdflatex.
  * Use python 2.6. (closes: #596545)
  * Fix lintian override.
  * Install new tools: xl, xenpaging.
  * Enable blktap2.
    - Use own md5 implementation.
    - Fix includes.
    - Fix linking of blktap2 binaries.
    - Remove optimization setting.
  * Temporarily disable hvmloader, wants to download ipxe.
  * Remove xenstored pid check from xl.

 -- Bastian Blank <waldi@debian.org>  Thu, 17 Mar 2011 16:12:45 +0100

xen (4.0.1-2) unstable; urgency=low

  * Fix races in memory management.
  * Make sure that frame-table compression leaves enough alligned.
  * Disable XSAVE support. (closes: #595490)
  * Check for dying domain instead of raising an assertion.
  * Add C6 state with EOI errata for Intel.
  * Make some memory management interrupt safe. Unsure if really needed.
  * Raise bar for inter-socket migrations on mostly-idle systems.
  * Fix interrupt handling for legacy routed interrupts.
  * Allow to set maximal domain memory even during a running change.
  * Support new partition name in pygrub. (closes: #599243)
  * Fix some comparisions "< 0" that may be optimized away.
  * Check for MWAIT support before using it.
  * Fix endless loop on interrupts on Nehalem cpus.
  * Don't crash upon direct GDT/LDT access. (closes: #609531)
    CVE-2010-4255  
  * Don't loose timer ticks after domain restore.
  * Reserve some space for IOMMU area in dom0. (closes: #608715)
  * Fix hypercall arguments after trace callout.
  * Fix some error paths in vtd support. Memory leak.
  * Reinstate ACPI DMAR table.

 -- Bastian Blank <waldi@debian.org>  Wed, 12 Jan 2011 15:01:40 +0100

xen (4.0.1-1) unstable; urgency=low

  * New upstream release.
    - Fix IOAPIC S3 with interrupt remapping enabled.

 -- Bastian Blank <waldi@debian.org>  Fri, 03 Sep 2010 17:14:28 +0200

xen (4.0.1~rc6-1) unstable; urgency=low

  * New upstream release candidate.
    - Add some missing locks for page table walk.
    - Fix NMU injection into guest.
    - Fix ioapic updates for vt-d.
    - Add check for GRUB2 commandline behaviour.
    - Fix handling of invalid kernel images.
    - Allow usage of powernow.
  * Remove lowlevel python modules usage from pygrub. (closes: #588811)

 -- Bastian Blank <waldi@debian.org>  Tue, 17 Aug 2010 23:15:34 +0200

xen (4.0.1~rc5-1) unstable; urgency=low

  * New upstream release candidate.

 -- Bastian Blank <waldi@debian.org>  Mon, 02 Aug 2010 17:06:27 +0200

xen (4.0.1~rc3-1) unstable; urgency=low

  * New upstream release candidate.
  * Call dh_pyversion with the correct version.
  * Restart xen daemon on upgrade.

 -- Bastian Blank <waldi@debian.org>  Wed, 30 Jun 2010 16:30:47 +0200

xen (4.0.0-2) unstable; urgency=low

  * Fix python dependency. (closes: #586666)
    - Use python-support.
    - Hardcode to use python 2.5 for now.

 -- Bastian Blank <waldi@debian.org>  Mon, 21 Jun 2010 17:23:16 +0200

xen (4.0.0-1) unstable; urgency=low

  * Update to unstable.
  * Fix spelling in README.
  * Remove unnecessary build-depends.
  * Fixup xend to use different filename lookup.

 -- Bastian Blank <waldi@debian.org>  Thu, 17 Jun 2010 11:16:55 +0200

xen (4.0.0-1~experimental.2) experimental; urgency=low

  * Merge changes from 3.4.3-1.

 -- Bastian Blank <waldi@debian.org>  Fri, 28 May 2010 12:58:12 +0200

xen (4.0.0-1~experimental.1) experimental; urgency=low

  * New upstream version.
  * Rename source package to xen.
  * Build depend against iasl and uuid-dev.
  * Disable blktap2 support, it links against OpenSSL.
  * Update copyright file.

 -- Bastian Blank <waldi@debian.org>  Thu, 06 May 2010 15:47:38 +0200

xen-3 (3.4.3-1) unstable; urgency=low

  * New upstream version.
  * Disable blktap support, it is unusable with current kernels.
  * Disable libaio, was only used by blktap.
  * Drop device creation support. (closes: #583283)

 -- Bastian Blank <waldi@debian.org>  Fri, 28 May 2010 11:43:18 +0200

xen-3 (3.4.3~rc6-1) unstable; urgency=low

  * New upstream release candidate.
    - Relocate multiboot modules. (closes: #580045)
    - Support grub2 in pygrub. (closes: #573311)

 -- Bastian Blank <waldi@debian.org>  Sat, 08 May 2010 11:32:29 +0200

xen-3 (3.4.3~rc3-2) unstable; urgency=low

  * Again list the complete version in the hypervisor.
  * Fix path detection for bootloader, document it. (closes: #481105)
  * Rewrite README.

 -- Bastian Blank <waldi@debian.org>  Thu, 08 Apr 2010 16:14:58 +0200

xen-3 (3.4.3~rc3-1) unstable; urgency=low

  * New upstream release candidate.
  * Use 3.0 (quilt) source format.
  * Always use current python version.

 -- Bastian Blank <waldi@debian.org>  Mon, 01 Mar 2010 22:14:22 +0100

xen-3 (3.4.2-2) unstable; urgency=low

  * Remove Jeremy T. Bouse from uploaders.
  * Export blktap lib and headers.
  * Build amd64 hypervisor on i386. (closes: #366315)

 -- Bastian Blank <waldi@debian.org>  Sun, 22 Nov 2009 16:54:47 +0100

xen-3 (3.4.2-1) unstable; urgency=low

  * New upstream version.
  * Strip hvmloader by hand.
  * Remove extra license file from libxen-dev.

 -- Bastian Blank <waldi@debian.org>  Mon, 16 Nov 2009 20:57:07 +0100

xen-3 (3.4.1-1) unstable; urgency=low

  * New upstream version.

 -- Bastian Blank <waldi@debian.org>  Fri, 21 Aug 2009 21:34:38 +0200

xen-3 (3.4.0-2) unstable; urgency=low

  * Add symbols file for libxenstore3.0. (closes: #536173)
  * Document that ioemu is currently unsupported. (closes: #536175)
  * Fix location of fsimage plugins. (closes: #536174)

 -- Bastian Blank <waldi@debian.org>  Sat, 18 Jul 2009 18:05:35 +0200

xen-3 (3.4.0-1) unstable; urgency=low

  [ Bastian Blank ]
  * New upstream version.
  * Remove ioemu for now. (closes: #490409, #496367)
  * Remove non-pae hypervisor.
  * Use debhelper compat level 7.
  * Make the init script start all daemons.

 -- Bastian Blank <waldi@debian.org>  Tue, 30 Jun 2009 22:33:22 +0200

xen-3 (3.2.1-2) unstable; urgency=low

  * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
  * Fix missing checks in pvfb code.
    See CVE-2008-1952. (closes: #487095)
  * Add support for loading bzImage files. (closes: #474509)
  * Enable TLS support in ioemu code.
  * Drop libcrypto usage because of GPL-incompatibility.
  * Remove AES code from blktap drivers. Considered broken.

 -- Bastian Blank <waldi@debian.org>  Sat, 28 Jun 2008 11:30:43 +0200

xen-3 (3.2.1-1) unstable; urgency=low

  * New upstream version.
  * Set rpath relative to ${ORIGIN}.
  * Add lintian override to xen-utils package.

 -- Bastian Blank <waldi@debian.org>  Thu, 22 May 2008 14:01:47 +0200

xen-3 (3.2.0-5) unstable; urgency=low

  * Provide correct directory to dh_pycentral.

 -- Bastian Blank <waldi@debian.org>  Mon, 14 Apr 2008 21:43:49 +0200

xen-3 (3.2.0-4) unstable; urgency=low

  * Pull in newer xen-utils-common.
  * Fix missing size checks in the ioemu block driver. (closes: #469654)
    See: CVE-2008-0928

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Mar 2008 14:21:38 +0100

xen-3 (3.2.0-3) unstable; urgency=low

  * Clean environment for build.
  * Add packages libxenstore3.0 and xenstore-utils.
  * Move docs package in docs section to match overwrites.
  * Make the hypervisor only recommend the utils.
  * Cleanup installation. (closes: #462989)

 -- Bastian Blank <waldi@debian.org>  Tue, 12 Feb 2008 12:40:56 +0000

xen-3 (3.2.0-2) unstable; urgency=low

  * Fix broken patch. (closes: #462522)

 -- Bastian Blank <waldi@debian.org>  Sat, 26 Jan 2008 17:21:52 +0000

xen-3 (3.2.0-1) unstable; urgency=low

  * New upstream version.
  * Add package libxen-dev. Including public headers and static libs.
    (closes: #402249)
  * Don't longer install xenfb, removed upstream.

 -- Bastian Blank <waldi@debian.org>  Tue, 22 Jan 2008 12:51:49 +0000

xen-3 (3.1.2-2) unstable; urgency=low

  * Add missing rpath definitions.
  * Fix building of pae version.

 -- Bastian Blank <waldi@debian.org>  Sat, 08 Dec 2007 12:07:42 +0000

xen-3 (3.1.2-1) unstable; urgency=high

  * New upstream release:
    - Move shared file into /var/run. (closes: #447795)
      See CVE-2007-3919.
    - x86: Fix various problems with debug-register handling. (closes: #451626)
      See CVE-2007-5906.

 -- Bastian Blank <waldi@debian.org>  Sat, 24 Nov 2007 13:24:45 +0000

xen-3 (3.1.1-1) unstable; urgency=low

  * New upstream release:
    - Don't use exec with untrusted values in pygrub. (closes: #444430)
      See CVE-2007-4993.

 -- Bastian Blank <waldi@debian.org>  Fri, 19 Oct 2007 16:02:37 +0000

xen-3 (3.1.0-2) unstable; urgency=low

  * Switch to texlive for documentation.
  * Drop unused transfig.
  * Drop unused latex features from documentation.
  * Build depend against gcc-multilib for amd64. (closes: #439662)

 -- Bastian Blank <waldi@debian.org>  Fri, 31 Aug 2007 08:15:50 +0000

xen-3 (3.1.0-1) unstable; urgency=low

  [ Julien Danjou ]
  * New upstream version.

  [ Ralph Passgang ]
  * Added graphviz to Build-Indeps

  [ Bastian Blank ]
  * Upstream removed one part of the version. Do it also.
  * Merge utils packages.
  * Install blktap support.
  * Install pygrub.
  * Install xenfb tools.
  * xenconsoled startup is racy, wait a little bit.

 -- Bastian Blank <waldi@debian.org>  Mon, 20 Aug 2007 15:05:08 +0000

xen-3.0 (3.0.4-1-1) unstable; urgency=low

  [ Bastian Blank ]
  * New upstream version (closes: #394411)

  [ Guido Trotter ]
  * Actually try to build and release xen 3.0.4
  * Update build dependencies

 -- Guido Trotter <ultrotter@debian.org>  Wed, 23 May 2007 11:57:29 +0100

xen-3.0 (3.0.3-0-2) unstable; urgency=medium

  [Bastian Blank]
  * Remove device recreate code.
  * Remove build dependency on linux-support-X

  [ Guido Trotter ]
  * Add missing build dependency on zlib1g-dev (closes: #396557)
  * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
    (closes: #396561, #396567)

 -- Guido Trotter <ultrotter@debian.org>  Thu,  2 Nov 2006 16:38:02 +0000

xen-3.0 (3.0.3-0-1) unstable; urgency=low

  * New upstream version.

 -- Bastian Blank <waldi@debian.org>  Fri, 20 Oct 2006 11:04:35 +0000

xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low

  * New upstream snapshot.
  * Ignore update-grub errors. (closes: #392534)

 -- Bastian Blank <waldi@debian.org>  Sat, 14 Oct 2006 13:09:53 +0000

xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low

  * New upstream snapshot.
  * Rename ioemu package to include the complete version.
  * Fix name of hypervisor. (closes: #391771)

 -- Bastian Blank <waldi@debian.org>  Mon,  9 Oct 2006 12:48:13 +0000

xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low

  * New upstream snapshot.
  * Rename hypervisor and utils packages to include the complete version.
  * Redo build environment.

 -- Bastian Blank <waldi@debian.org>  Mon,  4 Sep 2006 18:43:12 +0000

xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low

  [ Guido Trotter ]
  * Update xen-utils' README.Debian (closes: #372524)

  [ Bastian Blank ]
  * Adopt new python policy. (closes: #380990)
  * Add patch to make new kernels working on the hypervisor.

 -- Bastian Blank <waldi@debian.org>  Tue, 15 Aug 2006 19:20:08 +0000

xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low

  [ Guido Trotter ]
  * Update Standards Version
  * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)

  [ Bastian Blank ]
  * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)

 -- Guido Trotter <ultrotter@debian.org>  Wed, 31 May 2006 10:50:05 +0200

xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low

  * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
    descriptions, specifying what the difference between the two packages is
    (closes: #366019)
  * Merge upstream fixes trunk

 -- Guido Trotter <ultrotter@debian.org>  Thu, 18 May 2006 15:25:02 +0200

xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low

  * Merge upstream fixes trunk
    - This includes a fix for CVE-2006-1056

 -- Guido Trotter <ultrotter@debian.org>  Thu, 27 Apr 2006 17:34:03 +0200

xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low

  * Merge upstream fixes trunk
  * Fix PAE disabled in pae build (Closes: #364875) 

 -- Julien Danjou <acid@debian.org>  Wed, 26 Apr 2006 13:19:39 +0200

xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low

  [ Guido Trotter ]
  * Merge upstream fixes trunk

  [ Bastian Blank ]
  * debian/patches/libdir.dpatch: Update to make xm save work

 -- Julien Danjou <acid@debian.org>  Mon, 24 Apr 2006 18:02:07 +0200

xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low

  * Merge upstream bug fixes
  * Fix bug with xend init.d script

 -- Julien Danjou <acid@debian.org>  Wed, 12 Apr 2006 17:35:35 +0200

xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low

  * New upstream release
  * Fix copyright file

 -- Julien Danjou <acid@debian.org>  Mon, 10 Apr 2006 17:02:55 +0200

xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low

  * The "preserve our homes" release
  * Now cooperatively maintained by the Debian Xen Team
  * New upstream release (closes: #327493, #342249)
  * Build depend on transfig (closes: #321157)
  * Use gcc rather than gcc-3.4 to compile (closes: #323698)
  * Split xen-hypervisor-3.0 and xen-utils-3.0
  * Build both normal and pae hypervisor packages
  * Change maintainer and add uploaders field
  * Add force-reload support for init script xendomains
  * Remove dependency against bash
  * Bump standards version to 3.6.2.2
  * xen-utils-3.0 conflicts and replaces xen
  * Add dpatch structure to the package
  * Remove build-dependency on gcc (it's build essential anyway)
  * Make SrvServer.py not executable
  * Create NEWS.Debian file with important upgrade notices
  * Update copyright file
  * Remove the linux-patch-xen package
  * Removed useless build-dependencies: libncurses5-dev, wget
  * Changed xendomains config path to /etc/default
  * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
    xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
    xen-hypervisor
  * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
    xen2 -> xen3 don't fail because of a running xen2 hypervisor
  * Updated the "Replaces & Conflicts"
  * Install only and correctly udev files
  * Compile date is no more in current locale
  * Add patch which add the debian version and maintainer in the version
    string and removes the banner.
  * Don't install unusable cruft in xen-utils
  * Remove libxen packages (no stable API/ABI)

 -- Julien Danjou <acid@debian.org>  Wed,  5 Apr 2006 16:05:07 +0200

xen (2.0.6-1) unstable; urgency=low

  * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
    python-install.patch, disable-html-docs.patch.
  * New upstream released.  Closes: #311336.
  * Remove comparison to UML from xen short description.  Closes: #317066.
  * Make packages conflicts with 1.2 doc debs.  Closes: #304285.
  * Add iproute to xen depends, as it uses /bin/ip.  Closes: #300488,
    #317468.

 -- Adam Heath <doogie@brainfood.com>  Wed, 06 Jul 2005 12:35:50 -0500

xen (2.0.5-3) experimental; urgency=low

  * Change priority/section to match the overrides file.

 -- Adam Heath <doogie@brainfood.com>  Fri, 18 Mar 2005 12:43:50 -0600

xen (2.0.5-2) experimental; urgency=low

  * Mike McCallister <mike+debian@metalogue.com>,
    Tommi Virtanen <tv@debian.org>, Tom Hibbert <tom@nsp.co.nz>:
    Fix missing '.' in update-rc.d call in xen.postinst.  Closes: #299384

 -- Adam Heath <doogie@brainfood.com>  Fri, 18 Mar 2005 11:39:56 -0600

xen (2.0.5-1) experimental; urgency=low

  * New upstream.
  * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
    as they have been applied upstream(in various forms).
  * xend now starts at priority 20, stops at 21, while xendomains starts
    at 21, and stops at 20.

 -- Adam Heath <doogie@brainfood.com>  Fri, 11 Mar 2005 14:33:33 -0600

xen (2.0.4-4) experimental; urgency=low

  * Bah, major booboo.  Add /boot to debian/xen.install, so xen.gz will
    get shipped.  Reported by Clint Adams <schizo@debian.org>.

 -- Adam Heath <doogie@brainfood.com>  Tue, 15 Feb 2005 13:00:57 -0600

xen (2.0.4-3) experimental; urgency=low

  * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
    xen-docs.  Reported by Tupshin Harper <tupshin@tupshin.com>.

 -- Adam Heath <doogie@brainfood.com>  Sun, 06 Feb 2005 01:22:45 -0600

xen (2.0.4-2) experimental; urgency=low

  * Fix kernel patch generation.  It was broken when I integrated with
    debian's kernel source.  I used a symlink, and diff doesn't follow
    those.

 -- Adam Heath <doogie@brainfood.com>  Sat, 05 Feb 2005 18:16:35 -0600

xen (2.0.4-1) experimental; urgency=low

  * New upstream.
  * xen.deb can now install on a plain kernel; that is, the init scripts
    exit successfully if /proc/xen/privcmd doesn't exist.  This allows
    for dual-boot setups.
  * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm.  xend
    xfrd are daemons, and take little if any options.  I've not had a need
    to use xenperf nor xensv yet.  xm has nice built in help(xm help).
  * Upstream now requires either linux 2.4.29, or 2.6.10.  Since 2.4.29 is
    not yet in debian, disable the 2.4 patch generation.  Closes: #271245.
  * Not certain how the kernel-patch-xen was empty.  It's not now, with
    the repackaging.  Closes: #272299.
  * Xen no longer produces kernel images, so problems about missing features
    are no longer valid.  Closes: #253924.
  * Acknowledge nmu bugs:
    * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
      #243048.

 -- Adam Heath <doogie@brainfood.com>  Sat, 05 Feb 2005 18:04:27 -0600

xen (2.0.3-0.1) unstable; urgency=low

  * Changes from Tommi Virtanen:
    * Added dh-kpatches and libcurl3-dev to Build-Depends.
    * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
    * Add xmexample1 and xmexample2 to xen/doc/examples.

 -- Adam Heath <doogie@brainfood.com>  Wed, 26 Jan 2005 10:55:07 -0600

xen (2.0.3-0) unstable; urgency=low

  * New upstream.  Closes: #280733.
  * Repackaged from scratch.
  * Using unreleased patch management system.  See debian/README.build.
    * After extracting the .dsc, there are no special steps needed
    * Those wanting to change the source, use the normal procedures for
      any package, including using interdiff(or other tool) to send a
      patch to me or the bts.
  * No longer try to do anything fancy with regard to the layout of the
    built kernels.  Now, only patches are distributed.  Please make use of
    the xen support in kernel-package.
  * Early preview release to #debian-devel.

 -- Adam Heath <doogie@brainfood.com>  Tue, 25 Jan 2005 13:24:54 -0600

xen (1.2-4.1) unstable; urgency=high

  * NMU
  * Remove gcc-3.2 from Build-Depends as isn't used during build
    (Closes: #243048)

 -- Frank Lichtenheld <djpig@debian.org>  Sat, 21 Aug 2004 17:42:28 +0200

xen (1.2-4) unstable; urgency=low

  * Added xen-docs.README.Debian, which explains the kernel image layout,
    and contains references on the locations differ from what is mentioned
    by the upstream documentation.  Closes: #230345.

 -- Adam Heath <doogie@brainfood.com>  Fri, 26 Mar 2004 17:36:41 -0600

xen (1.2-3) unstable; urgency=low

  * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
    Build-Depends-Indep.

 -- Adam Heath <doogie@brainfood.com>  Tue, 23 Mar 2004 20:14:39 -0600

xen (1.2-2) unstable; urgency=low

  * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
  * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
    /usr/lib/kernels.
  * Add kernel-patch-nfs-swap deb.
  * Apply additional patches to kernel-image-xen:
    * nfs-group
    * nfs-swap

 -- Adam Heath <doogie@brainfood.com>  Thu, 04 Mar 2004 12:47:47 -0600

xen (1.2-1) unstable; urgency=low

  * Initial version.

 -- Adam Heath <doogie@brainfood.com>  Tue, 02 Mar 2004 13:21:52 -0600
