- Mon Dec 21 2020 tv <tv> 4.14.1-1.mga8
+ Revision: 1662465
- update to 4.14.1 - Wed Dec 16 2020 tv <tv> 4.14.0-11.mga8
+ Revision: 1658002
- xenstore watch notifications lacking permission checks [XSA-115,
CVE-2020-29480] (rhbz#1908091)
- Xenstore: new domains inheriting existing node permissions [XSA-322,
CVE-2020-29481] (rhbz#1908095)
- Xenstore: wrong path length check [XSA-323, CVE-2020-29482] (rhbz#1908096)
- Xenstore: guests can crash xenstored via watchs [XSA-324, CVE-2020-29484]
(rhbz#1908088)
- Xenstore: guests can disturb domain cleanup [XSA-325, CVE-2020-29483]
(rhbz#1905648)
- oxenstored memory leak in reset_watches [XSA-330, CVE-2020-29485]
(rhbz#1908000)
- undue recursion in x86 HVM context switch code [XSA-348, CVE-2020-29566]
(rhbz#1908085)
- oxenstored: node ownership can be changed by unprivileged clients
[XSA-352, CVE-2020-29486] (rhbz#1908002)
- oxenstored: permissions not checked on root node [XSA-353, CVE-2020-29479]
(rhbz#1908003)
- infinite loop when cleaning up IRQ vectors [XSA-356, CVE-2020-29567]
(rhbz#1907932)
- FIFO event channels control block related ordering [XSA-358,
CVE-2020-29570] (rhbz#1907931)
- FIFO event channels control structure ordering [XSA-359, CVE-2020-29571]
(rhbz#1908089)
- Work around another gcc-11 stringop-overflow diagnostic - Wed Nov 25 2020 tv <tv> 4.14.0-10.mga8
+ Revision: 1649191
- stack corruption from XSA-346 change [XSA-355] - Mon Nov 23 2020 tv <tv> 4.14.0-9.mga8
+ Revision: 1648810
- Support zstd compressed kernels (dom0 only) based on linux kernel code - Wed Nov 11 2020 tv <tv> 4.14.0-8.mga8
+ Revision: 1644447
- Information leak via power sidechannel [XSA-351, CVE-2020-28368]
(#1897146) - Wed Nov 4 2020 tv <tv> 4.14.0-7.mga8
+ Revision: 1642581
- revised patch for XSA-286 (mitigating performance impact)
- Work around gcc-11 stringop-overflow diagnostics as well - Thu Oct 29 2020 tv <tv> 4.14.0-6.1.mga8
+ Revision: 1640521
- updage grub2 config when (un)installing hypervisor
- x86 PV guest INVLPG-like flushes may leave stale TLB entries
[XSA-286, CVE-2020-27674] (#1891092)
- some fixes for gcc 11
- switch to systemd macros, use them in the sub pkgs
- drop the requires on grub (useless)
- drop the requires on kmod (already in basesystem)
- drop obsolete BR on texi2html ghostscript tetex-latex
- requires kpartx
- fix license - Wed Oct 21 2020 tv <tv> 4.14.0-5.mga8
+ Revision: 1637766
- create a xen-licenses collecting all sub licenses
- split runtime in order to minimize deps
- add xen-hypervisor-abi provides
- do not hard requires the full qemu stack (deps!) - Tue Oct 20 2020 tv <tv> 4.14.0-4.mga8
+ Revision: 1637400
- x86: Race condition in Xen mapping code [XSA-345]
- undue deferral of IOMMU TLB flushes [XSA-346]
- unsafe AMD IOMMU page table updates [XSA-347]
- do not require non existing kernel-server on arm - Wed Sep 23 2020 tv <tv> 4.14.0-3.mga8
+ Revision: 1629525
- x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (rhbz#1881619)
- Missing unlock in XENMEM_acquire_resource error path [XSA-334,
CVE-2020-25598] (rhbz#1881616)
- race when migrating timers between x86 HVM vCPU-s [XSA-336,
CVE-2020-25604] (rhbz#1881618)
- PCI passthrough code reading back hardware registers [XSA-337,
CVE-2020-25595] (rhbz#1881587)
- once valid event channels may not turn invalid [XSA-338, CVE-2020-25597]
(rhbz#1881588)
- x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596]
(rhbz#1881617)
- Missing memory barriers when accessing/allocating an event channel [XSA-340,
CVE-2020-25603] (rhbz#1881583)
- out of bounds event channels available to 32-bit x86 domains [XSA-342,
CVE-2020-25600] (rhbz#1881582)
- races with evtchn_reset() [XSA-343, CVE-2020-25599] (rhbz#1881581)
- lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344,
CVE-2020-25601] (rhbz#1881586) - Tue Aug 25 2020 tv <tv> 4.14.0-2.mga8
+ Revision: 1618903
- QEMU: usb: out-of-bounds r/w access issue [XSA-335, CVE-2020-14364]
(rhbz#1871850) - Sat Aug 1 2020 tv <tv> 4.14.0-1.mga8
+ Revision: 1610277
- update to 4.14.0
remove or adjust patches now included or superceded upstream
adjust xen.hypervisor.config
bison and flex packages now needed for hypervisor build
/usr/bin/vchan-socket-proxy and /usr/sbin/xenhypfs have been added
with associated libraries and man page
- revise documentation build dependencies
drop tex, texinfo, ghostscript, graphviz, discount
add perl(Pod::Html) perl(File::Find)
- additional build dependency for ocaml on perl(Data::Dumper) - Wed Jul 8 2020 tv <tv> 4.13.1-3.mga8
+ Revision: 1603032
- incorrect error handling in event channel port allocation leads to
DoS [XSA-317, CVE-2020-15566] (#1854465)
- inverted code paths in x86 dirty VRAM tracking leads to DoS
[XSA-319, CVE-2020-15563] (#1854463)
- xen: insufficient cache write-back under VT-d leads to DoS
[XSA-321, CVE-2020-15565] (#1854467)
- missing alignment check in VCPUOP_register_vcpu_info leads to DoS
[XSA-327, CVE-2020-15564] (#1854458)
- non-atomic modification of live EPT PTE leads to DoS
[XSA-328, CVE-2020-15567] (#1854464) - Thu Jun 11 2020 tv <tv> 4.13.1-2.mga8
+ Revision: 1592274
- Special Register Buffer speculative side channel [XSA-320] - Tue May 19 2020 tv <tv> 4.13.1-1.mga8
+ Revision: 1586256
- update to 4.13.1 - Wed May 6 2020 tv <tv> 4.13.0-21.mga8
+ Revision: 1581249
- force gcc >= 10
- build aarch64 hypervisor with -mno-outline-atomics to fix gcc 10 build - Wed Apr 15 2020 tv <tv> 4.13.0-19.mga8
+ Revision: 1567543
- multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741]
(rhbz#1823912, rhbz#1823914)
- Missing memory barriers in read-write unlock paths [XSA-314,
CVE-2020-11739] (rhbz#1823784)
- Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (rhbz#1823926)
- Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742]
(rhbz#1823943) - Sun Apr 12 2020 tv <tv> 4.13.0-18.mga8
+ Revision: 1566923
- try even harder to fix armv7 - Sun Apr 12 2020 tv <tv> 4.13.0-17.mga8
+ Revision: 1566914
- try harder to fix armv7 - Sun Apr 12 2020 tv <tv> 4.13.0-16.mga8
+ Revision: 1566910
- try to fix build on arm - Fri Apr 10 2020 tv <tv> 4.13.0-15.mga8
+ Revision: 1566161
- rebuild for brltty 6.1 - Tue Mar 10 2020 tv <tv> 4.13.0-14.mga8
+ Revision: 1555341
- setting for --with-system-ipxe should be a rom file (rhbz#1778516)
- add weak depends on ipxe-roms-qemu and qemu-system-x86-core
- build flask/xenpolicy - Fri Feb 28 2020 umeabot <umeabot> 4.13.0-13.mga8
+ Revision: 1551376
- Rebuild for ocaml 4.10.0 final - Thu Feb 20 2020 umeabot <umeabot> 4.13.0-12.mga8
+ Revision: 1546201
- Mageia 8 Mass Rebuild - Fri Jan 31 2020 pterjan <pterjan> 4.13.0-11.mga8
+ Revision: 1486154
- Fix build on armv8l machines (by using arm32 rather than arm64) - Fri Jan 31 2020 tv <tv> 4.13.0-10.mga8
+ Revision: 1486013
- use linux32 to hide the 64bitness of the build host & not build ACPI stuff
- enable do disable ocaml support if needed - Fri Jan 31 2020 tv <tv> 4.13.0-9.mga8
+ Revision: 1485972
- use --disable-qemu-traditional on armv7
- restore XEN_TARGET_ARCH=arm32 - Fri Jan 31 2020 tv <tv> 4.13.0-8.mga8
+ Revision: 1485925
- try to workaround armv7 failing on 64bit aarch64 build host - Fri Jan 31 2020 tv <tv> 4.13.0-7.mga8
+ Revision: 1485849
- try to workaround armv7 build failure - Tue Jan 28 2020 tv <tv> 4.13.0-6.mga8
+ Revision: 1484597
- tag some files as %config
- move oxenstored into ocaml-xen
- update %descr - Thu Jan 23 2020 tv <tv> 4.13.0-5.mga8
+ Revision: 1482247
- build fixes for OCaml 4.10.0 and gcc 10 - Fri Jan 17 2020 pterjan <pterjan> 4.13.0-4.mga8
+ Revision: 1481223
- Attempt again to fix armv7hl build - Fri Jan 17 2020 pterjan <pterjan> 4.13.0-3.mga8
+ Revision: 1481222
- Attempt to fix armv7hl build - Wed Jan 15 2020 tv <tv> 4.13.0-2.mga8
+ Revision: 1478033
- arm: a CPU may speculate past the ERET instruction [XSA-312]
- add weak requires for perl (/etc/xen/scripts/locking.sh) - Fri Dec 20 2019 tv <tv> 4.13.0-1.mga8
+ Revision: 1469043
- update config file
- update to 4.13.0
- remove patches now included or superceded upstream
- adjust xen.hypervisor.config
- /usr/sbin/xen-tmem-list-parse has been removed
- pkgconfig files have moved to %{_libdir}/pkgconfig
- /usr/sbin/xen-ucode has been added (x86 only)
- fix build with OCaml 4.09.0 - Thu Dec 12 2019 tv <tv> 4.12.1-6.mga8
+ Revision: 1466026
- denial of service in find_next_bit() [XSA-307, CVE-2019-19581,
CVE-2019-19582] (#1782211)
- denial of service in HVM/PVH guest userspace code [XSA-308,
CVE-2019-19583] (#1782206)
- privilege escalation due to malicious PV guest [XSA-309, CVE-2019-19578]
(#1782210)
- Further issues with restartable PV type change operations [XSA-310,
CVE-2019-19580] (#1782207)
- vulnerability in dynamic height handling for AMD IOMMU pagetables
[XSA-311, CVE-2019-19577] (#1782208)
- add patches needed to apply XSA-311 - Wed Nov 27 2019 tv <tv> 4.12.1-5.mga8
+ Revision: 1463124
- Device quarantine for alternate pci assignment methods [XSA-306] - Wed Nov 13 2019 tv <tv> 4.12.1-4.mga8
+ Revision: 1459858
- add missing XSA-299 patches
- x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207]
- TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] - Sun Nov 3 2019 tv <tv> 4.12.1-3.mga8
+ Revision: 1457483
- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420]
- missing descriptor table limit checking in x86 PV emulation [XSA-298,
CVE-2019-18425]
- Issues with restartable PV type change operations [XSA-299, CVE-2019-18421]
(#1767726)
- add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423]
- passed through PCI devices may corrupt host memory after deassignment
[XSA-302, CVE-2019-18424] (#1767731)
- ARM: Interrupts are unconditionally unmasked in exception handlers
[XSA-303, CVE-2019-18422] - Sun Sep 15 2019 tv <tv> 4.12.1-2.mga8
+ Revision: 1441507
- rebuild with new rpm linked perl-URPM - Fri Aug 9 2019 tv <tv> 4.12.1-1.mga8
+ Revision: 1428475
- new release - Thu Jul 4 2019 tv <tv> 4.12.0-3.mga8
+ Revision: 1418400
- Unlimited Arm Atomics Operations [XSA-295] (#1720760)
- some debug files are now properly packaged in debuginfo rpms
- fix HVM DomU boot on some chipsets
- fix expected FTBFS with Python 3.8 (#1704807) - Wed May 15 2019 tv <tv> 4.12.0-2.mga7
+ Revision: 1397871
- Microarchitectural Data Sampling speculative side channel [XSA-297,
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091]
- additional patches so above applies cleanly - Sun Apr 14 2019 tv <tv> 4.12.0-1.mga7
+ Revision: 1389949
- reeable i586 but disable cross compiling hypervisor for now
- fix filelist for aarch64
- temporary disable i586
- update to 4.12.0
- remove patches for issues now fixed upstream
- replace xen.use.fedora.ipxe.patch with --with-system-ipxe
- drop xen.glibcfix.patch xen.gcc8.temp.fix.patch which are no longer needed
- rediff patches
- xen.hypervisor.config refresh
- kdd is now xen-kdd, xenmon.py is now xenmon, fsimage.so is now xenfsimage.so
fs libdir is now xenfsimage libdir
- xen-ringwatch xen-bugtool have been dropped
- remove remaining traces of efiming and efi_flags logic
- switch from python2 to python3 - Wed Mar 6 2019 tv <tv> 4.11.1-1.mga7
+ Revision: 1372036
- enable to disable building docs
- update to 4.11.1
- construct ovmf.bin from edk2-ovmf package (rhbz#1656651)
- xen: various flaws (rhbz#1685577)
grant table transfer issues on large hosts [XSA-284]
race with pass-through device hotplug [XSA-285]
x86: steal_page violates page_struct access discipline [XSA-287]
x86: Inconsistent PV IOMMU discipline [XSA-288]
missing preemption in x86 PV page table unvalidation [XSA-290]
x86/PV: page type reference counting issue with failed IOMMU update [XSA-291]
x86: insufficient TLB flushing when using PCID [XSA-292]
x86: PV kernel context switch corruption [XSA-293]
x86 shadow: Insufficient TLB flushing when using PCID [XSA-294]
remove patches for issues now fixed upstream
adjust xen.use.fedora.ipxe.patch