SQLite format 3@ +.B  M2 @YindexpkgIdpackages)CREATE INDEX pkgId ON packages (pkgId)KeindexkeychangechangelogCREATE INDEX keychange ON changelog (pkgKey) /triggerremove_changelogspackagesCREATE TRIGGER remove_changelogs AFTER DELETE ON packages BEGIN DELETE FROM changelog WHERE pkgKey = old.pkgKey; ENDv;tablechangelogchangelogCREATE TABLE changelog ( pkgKey INTEGER, author TEXT, date INTEGER, changelog TEXT)^tablepackagespackagesCREATE TABLE packages ( pkgKey INTEGER PRIMARY KEY, pkgId TEXT)Q{tabledb_infodb_infoCREATE TABLE db_info (dbversion INTEGER, checksum TEXT) E 2922921976be944943fc3b0d0ee915e5610cd85058d587a6aed2afa252c460c9wv8  `Y= ^ A F 8 xl>o^`{_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CRik van Riel 2-20050520B@- qemu device model for VMXT_ORik van Riel 2-20050519B- apply some VMX related bugfixesU_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicatesk_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7CheA@- initial rpm release _ |  b 5 D /L*W]}$^:wIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794)x4wBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ORik van Riel 2-20050823C - upgrade to today's Xen snapshot y = X 8 PqL\1,#hTimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user ^b}  Z ) e(GG!^@psDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%Jeremy Katz - 3.0.2-28D,@- fix a typoYa_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it. W5 j  l  4st{OVi MW" yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+Jeremy Katz - 3.0.3-3E<- fix the buildJt]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501) - < > jyleo"ykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs d- : C  U i 7eQ1@"h@csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandle [ P $ @ 8\'$RFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.  : {%=CMJ\dmQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBSyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd ~  A Q %pV~TxmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599)_u}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;Michael Young - 4.1.2-13OXA- fix a packaging error&hoaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd $  HMlfYyMichael Young P- correct disabling of xendomains.service on uninstall/muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletes W ? d)!oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987)mMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmt  . = %l&&mcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398)'%meMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches  dTW#@$@:m#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide`9mWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335) 0  p ) 60`ImYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738) ] | _ w (VQjn ]?[mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_Michael Young U- gcc 5 bug is fixed so remove workaroundlOomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7CheA@- initial rpm release$`m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CRik van Riel 2-20050520B@- qemu device model for VMXT{_ORik van Riel 2-20050519B- apply some VMX related bugfixesUz_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_CJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%Jeremy Katz - 3.0.2-28D,@- fix a typoYA_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+Jeremy Katz - 3.0.3-3E<- fix the buildJT]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslScIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;Michael Young - 4.1.0-1M- update to 4.1.0 finalB3yMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;Michael Young - 4.1.2-13OXA- fix a packaging error&HoaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyMichael Young P- correct disabling of xendomains.service on uninstall/emuMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/muMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_Michael Young U- gcc 5 bug is fixed so remove workaroundl/omMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7CheA@- initial rpm release$@m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{__Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CRik van Riel 2-20050520B@- qemu device model for VMXT[_ORik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_CJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%Jeremy Katz - 3.0.2-28D,@- fix a typoY!_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1myMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!mMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;Michael Young - 4.1.0-1M- update to 4.1.0 finalByMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;Michael Young - 4.1.2-13OXA- fix a packaging error&(oaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyMichael Young P- correct disabling of xendomains.service on uninstall/EmuMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'emeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_Michael Young U- gcc 5 bug is fixed so remove workaroundlomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7CheA@- initial rpm release$ m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CRik van Riel 2-20050520B@- qemu device model for VMXT;_ORik van Riel 2-20050519B- apply some VMX related bugfixesU:_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/Juan Quintela - 3.0.2-31Df- re-enable ia64.N_CJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%Jeremy Katz - 3.0.2-28D,@- fix a typoY_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+Jeremy Katz - 3.0.3-3E<- fix the buildJ]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#ODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBsyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;Michael Young - 4.1.2-13OXA- fix a packaging error&oaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~mMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyMichael Young P- correct disabling of xendomains.service on uninstall/%muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_Michael Young U- gcc 5 bug is fixed so remove workaroundloomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7CheA@- initial rpm release$m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4wBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CRik van Riel 2-20050520B@- qemu device model for VMXT_ORik van Riel 2-20050519B- apply some VMX related bugfixesU_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%Jeremy Katz - 3.0.2-28D,@- fix a typoYa_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+Jeremy Katz - 3.0.3-3E<- fix the buildJt]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBSyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;Michael Young - 4.1.2-13OXA- fix a packaging error&hoaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyMichael Young P- correct disabling of xendomains.service on uninstall/muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_Michael Young U- gcc 5 bug is fixed so remove workaroundlOomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_} Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_ Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_ Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_ Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_ Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI' Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic! Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI% Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_ Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+ Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI; Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7 CheA@- initial rpm release$`m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N  Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w# Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1 Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg- Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_ Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_# Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C Rik van Riel 2-20050520B@- qemu device model for VMXT{_O Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI] Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_# Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g? Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_ Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]] Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/ Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a! Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![ Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{ Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww= Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs} Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3 Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/ Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7 Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_) Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_% Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{ Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_ Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__ Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7 Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i' Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i' Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5 Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_] Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7 Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_ Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+ Jeremy Katz - 3.0.3-3E<- fix the buildJT]= Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq# Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{ Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1 Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{} Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{ Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1 Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/ Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy] Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly- Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy) Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7 Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7 Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5 Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[ Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  = Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w) Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy; Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{ Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[ Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_ Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m) Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m) Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5 Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g% David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m% Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/ Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[ Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c- Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build. Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{ Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m- Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m; Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2 Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3 Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{ Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo! Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo! Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo; Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m= Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m# Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m% Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7 Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3 Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{ Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy Michael Young P- correct disabling of xendomains.service on uninstall/emu Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m; Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m; Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m- Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1 Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9 Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild. Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1 Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583) Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[ Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/ Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m% Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m- Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/ Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m= Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m% Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o' Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3 Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m# Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{ Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m? Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m] Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m; Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3 Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1 Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_ Michael Young U- gcc 5 bug is fixed so remove workaroundl/om Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s} Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7 Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m= Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_} Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_ Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_ Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_ Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_ Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI' Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic! Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI% Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_ Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+ Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI; Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7 CheA@- initial rpm release$@m_ Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw# Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1 Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag- Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__ Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_# Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C Rik van Riel 2-20050520B@- qemu device model for VMXT[_O Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI] Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_# Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g? Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_ Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]] Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/ Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a! Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[ Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{ Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw= Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s} Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3 Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/ Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7 Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_) Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_% Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{ Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._ Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__ Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7 Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i' Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i' Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5 Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?] Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7 Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_ Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+ Jeremy Katz - 3.0.3-3E<- fix the buildJ4]= Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q# Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{ Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1 Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{} Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{ Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1 Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/ Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy] Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy- Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy) Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7 Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7 Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5 Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[ Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am = Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw) Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy; Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{ Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[ Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_ Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m) Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m) Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5 Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg% David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm% Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/ Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[ Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c- Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{ Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m- Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm; Michael Young - 4.1.0-1M- update to 4.1.0 finalBy Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3 Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0 Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{ Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B, Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o! Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o! Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o; Michael Young - 4.1.2-13OXA- fix a packaging error&(oa Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m= Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m# Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m% Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7 Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3 Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{ Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy Michael Young P- correct disabling of xendomains.service on uninstall/Emu Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm; Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am; Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m- Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1 Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9 Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1 Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[ Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/ Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm% Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm- Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/ Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm= Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm% Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o' Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3 Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm# Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{ Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m? Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm] Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm; Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3 Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2. Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_ Michael Young U- gcc 5 bug is fixed so remove workaroundlom Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us} Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7 Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m= Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7CheA@- initial rpm release$ m_ Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CRik van Riel 2-20050520B@- qemu device model for VMXT;_ORik van Riel 2-20050519B- apply some VMX related bugfixesU:_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/Juan Quintela - 3.0.2-31Df- re-enable ia64.N_CJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%Jeremy Katz - 3.0.2-28D,@- fix a typoY_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+Jeremy Katz - 3.0.3-3E<- fix the buildJ]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#ODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBsyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;Michael Young - 4.1.2-13OXA- fix a packaging error&oaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~mMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyMichael Young P- correct disabling of xendomains.service on uninstall/%muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_Michael Young U- gcc 5 bug is fixed so remove workaroundloomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7CheA@- initial rpm release$m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4wBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CRik van Riel 2-20050520B@- qemu device model for VMXT_ORik van Riel 2-20050519B- apply some VMX related bugfixesU_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%Jeremy Katz - 3.0.2-28D,@- fix a typoYa_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+Jeremy Katz - 3.0.3-3E<- fix the buildJt]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBSyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;Michael Young - 4.1.2-13OXA- fix a packaging error&hoaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyMichael Young P- correct disabling of xendomains.service on uninstall/muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_Michael Young U- gcc 5 bug is fixed so remove workaroundlOomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7CheA@- initial rpm release$`m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CRik van Riel 2-20050520B@- qemu device model for VMXT{_ORik van Riel 2-20050519B- apply some VMX related bugfixesUz_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_CJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%Jeremy Katz - 3.0.2-28D,@- fix a typoYA_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+Jeremy Katz - 3.0.3-3E<- fix the buildJT]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslScIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;Michael Young - 4.1.0-1M- update to 4.1.0 finalB3yMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;Michael Young - 4.1.2-13OXA- fix a packaging error&HoaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyMichael Young P- correct disabling of xendomains.service on uninstall/emuMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/muMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_Michael Young U- gcc 5 bug is fixed so remove workaroundl/omMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7CheA@- initial rpm release$@m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{__Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CRik van Riel 2-20050520B@- qemu device model for VMXT[_ORik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_CJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%Jeremy Katz - 3.0.2-28D,@- fix a typoY!_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1myMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!mMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;Michael Young - 4.1.0-1M- update to 4.1.0 finalByMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;Michael Young - 4.1.2-13OXA- fix a packaging error&(oaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyMichael Young P- correct disabling of xendomains.service on uninstall/EmuMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'emeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_Michael Young U- gcc 5 bug is fixed so remove workaroundlomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_URik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_ERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7CheA@- initial rpm release$ m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_ORik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CRik van Riel 2-20050520B@- qemu device model for VMXT;_ORik van Riel 2-20050519B- apply some VMX related bugfixesU:_QRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/Juan Quintela - 3.0.2-31Df- re-enable ia64.N_CJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%Jeremy Katz - 3.0.2-28D,@- fix a typoY_YJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+Jeremy Katz - 3.0.3-3E<- fix the buildJ]=Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#ODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[ATomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Ejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;Michael Young - 4.1.0-1M- update to 4.1.0 finalBsyMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;Michael Young - 4.1.2-13OXA- fix a packaging error&oaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAMichael Young - 4.1.3-5P~- rebuild for ocaml update~mMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyMichael Young P- correct disabling of xendomains.service on uninstall/%muMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_Michael Young U- gcc 5 bug is fixed so remove workaroundloomMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}.Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_.Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_.Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U.Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_.Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S.Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E.Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_.Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i.Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y.Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO.Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y.Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'.Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!.Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg.Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%.Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM.Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_.Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+.Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy.Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;.Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7.CheA@- initial rpm release$m_Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4w.Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y. - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq. - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w.Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y.Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu.Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q. - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-.Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A.Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q.Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#.Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I.Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO.Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1.Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s.Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG.Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG.Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO.Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU.Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-.Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O.Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_.Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#.Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y.Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C.Rik van Riel 2-20050520B@- qemu device model for VMXT_O.Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q.Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI].Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#.Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ .Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkm.Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?.Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS.Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_.Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko.Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]].Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s.Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk.Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q.Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/.Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!.Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q.Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[.Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y.Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q.Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q.Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ .Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y.Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{.Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI.Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w.Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=.Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO.Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s.Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s.Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}.Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis.Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iie.Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3.Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i.Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/.Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C.Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7.Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_).Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%.Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y.Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y.Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{.Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o.Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_.Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g.Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ .Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ .Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__.Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7.Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'.Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU.Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM.Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim.Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'.Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS.Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q.Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5.Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q.Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y.Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4Y.Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqU.Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev].Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y.Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw.Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y.Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7.Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye.Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI.Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_.Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM.Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo.Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+.Jeremy Katz - 3.0.3-3E<- fix the buildJt]=.Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#.Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W.Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{.Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps.Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig.Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm.Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M.Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yW.Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1.Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO.Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S.Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g.Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}.Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{.Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1.Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/.Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo.Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y].Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y.Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY.Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-.Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk.Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y).Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO.Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k.Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails.Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7.Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7.Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5.Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO.Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[.Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7c.Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eA.Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA.Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci.Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu.Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c.Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce.Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A.Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI.Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE.Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =.Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G.Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq.Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m.Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w).Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M.Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc.Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} .Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w.Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w.Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;.Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk.Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o .Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y.Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{.Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA.Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg.Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY.Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM.Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[.Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1Omy.Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_.Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm).Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E.jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm.Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm .Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm).Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm.Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5.Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI.Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%.David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW.Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%.Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg.Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc .Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs.Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/.Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce.Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[.Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-.Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA.Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW.Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9.Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c .Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wam.Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m.Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{.Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO.Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC.Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg.Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m .Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K.Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms.Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-.Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm.Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm.Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG.Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;.Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy.Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR.Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm .Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm.Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}E.Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to.Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY.Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ.Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3.Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp.Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe.Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno.Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{.Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl.Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!.Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!.Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;.Michael Young - 4.1.2-13OXA- fix a packaging error&hoa.Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok.Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI.Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI.Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ.Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY.Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm.Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQ.Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW.Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY.Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=.Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#.Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK.Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW.Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%.Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm.Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG.Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA.Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm.Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw.Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHm.Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7.Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3.Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma.Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC.Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma.Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{.Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m .Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m.Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok.Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m.Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi.Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi.Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma.Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy.Michael Young P- correct disabling of xendomains.service on uninstall/mu.Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk.Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym .Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%me.Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG.Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;.Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m.Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;.Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI.Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m .Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG.Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-.Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc.Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1.Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9.Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC.Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0..Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S.Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc.Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW.Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mW.Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m.Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC.Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG.Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC.Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4.Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1.Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me.Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA.Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu.Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m.Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)..Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[.Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/.Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%.Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-.Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m .Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW.Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO.Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc.Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImY.Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU.Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE.Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/.Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=.Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%.Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG.Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo.Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'.Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m.Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc.Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma.Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3.Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m.Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg.Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#.Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[m.Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{.Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?.Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm.Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm].Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;.Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma.Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm.Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3.Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC.Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q.Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_.Michael Young U- gcc 5 bug is fixed so remove workaroundlOom.Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}.Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG.Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA.Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7.Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=.Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}/Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_/Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_/Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U/Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_/Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S/Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E/Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_/Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i/Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y/Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO/Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y/Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'/Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!/Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg/Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%/Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM/Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_/Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+/Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy/Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;/Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7/CheA@- initial rpm release$`m_.Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy.Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o.Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa.Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o .Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw/Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y/ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq/ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w/Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY/Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu/Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q/ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N /Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A/Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q/Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#/Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I/Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO/Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1/Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs/Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG/Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG/Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO/Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU/Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-/Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O/Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_/Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#/Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y/Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C/Rik van Riel 2-20050520B@- qemu device model for VMXT{_O/Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q/Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]/Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#/Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ /Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km/Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?/Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS/Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_/Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko/Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]/Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s/Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k/Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q/Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]//Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!/Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q/Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![/Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y/Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ/Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ/Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ /Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y/Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{/Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI/Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw/Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=/Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO/Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs/Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws/Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}/Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis/Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie/Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3/Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i/Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi//Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C/Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7/Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)/Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%/Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y/Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y/Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{/Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o/Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_/Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g/Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ /Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ /Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__/Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7/Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'/Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU/Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM/Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im/Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'/Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS/Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q/Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5/Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q/Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y/Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY/Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U/Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]/Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y/Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw/Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y/Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7/Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye/Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI/Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_/Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM/Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo/Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+/Jeremy Katz - 3.0.3-3E<- fix the buildJT]=/Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#/Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W/Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{/Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps/Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig/Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm/Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M/Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW/Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1/Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO/Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S/Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g/Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}/Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{/Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1/Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy//Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo/Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]/Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny/Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY/Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-/Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk/Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)/Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO/Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk/Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg/Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7/Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7/Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5/Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO/Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[/Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc/Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA/Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA/Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci/Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu/Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c/Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace/Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A/Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI/Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE/Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =/Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G/Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq/Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m/Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)/Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M/Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc/Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} /Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w/Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w/Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;/Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk/Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo /Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey/Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{/Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA/Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg/Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY/Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM/Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[/Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my/Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_/Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)/Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E/jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm/Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m /Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)/Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m/Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5/Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI/Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%/David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW/Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%/Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg/Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c /Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs/Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k//Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace/Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[/Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-/Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA/Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW/Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build./Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c /Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm/Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m/Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{/Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO/Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC/Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg/Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m /Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K/Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms/Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-/Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m/Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m/Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG/Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;/Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y/Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2/Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m /Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m/Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E/Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To/Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY/Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ/Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3/Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP/Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe/Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo/Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{/Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL/Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!/Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!/Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;/Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa/Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok/Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI/Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI/Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ/Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY/Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm/Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ/Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW/Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY/Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=/Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#/Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK/Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW/Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%/Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm/Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG/Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA/Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm/Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw/Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm/Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7/Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3/Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma/Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC/Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma/Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{/Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm /Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm/Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok/Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm/Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi/Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi/Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma/Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy/Michael Young P- correct disabling of xendomains.service on uninstall/emu/Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk/Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm /Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me/Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG/Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;/Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m/Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;/Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI/Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m /Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG/Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-/Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc/Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1/Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9/Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC/Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x/Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S/Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc/Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW/Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW/Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m/Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC/Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG/Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC/Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild./Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1/Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme/Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA/Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu/Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m/Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)/Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[/Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m//Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%/Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-/Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m /Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW/Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO/Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc/Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY/Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU/Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE/Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m//Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=/Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%/Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG/Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o/Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'/Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m/Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc/Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema/Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3/Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m/Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg/Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#/Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m/Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{/Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?/Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m/Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]/Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;/Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma/Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m/Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3/Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC/Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1/Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_/Michael Young U- gcc 5 bug is fixed so remove workaroundl/om/Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}/Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG/Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA/Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7/Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=/Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}0Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_0Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_0Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U0Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_0Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S0Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E0Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_0Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i0Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y0Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO0Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y0Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'0Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!0Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg0Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%0Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM0Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_0Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+0Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy0Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;0Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A70CheA@- initial rpm release$@m_/Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy/Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o/Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa/Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o /Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw0Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y0 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq0 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY0Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu0Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q0 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm0Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA0Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq0Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#0Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI0Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO0Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw10Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs0Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG0Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG0Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO0Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU0Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-0Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O0Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__0Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#0Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y0Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C0Rik van Riel 2-20050520B@- qemu device model for VMXT[_O0Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q0Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]0Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#0Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ 0Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km0Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?0Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS0Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_0Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko0Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]0Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s0Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk0Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q0Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/0Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!0Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q0Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[0Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y0Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ0Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q0Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ 0Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y0Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{0Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI0Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw0Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=0Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO0Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs0Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus0Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}0Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is0Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie0Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i30Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i0Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/0Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C0Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_70Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)0Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%0Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y0Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y0Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{0Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o0Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._0Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g0Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ 0Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ 0Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__0Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_70Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'0Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU0Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM0Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him0Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'0Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS0Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q0Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_50Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q0Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y0Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY0Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U0Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]0Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y0Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw0Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y0Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y70Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye0Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI0Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_0Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM0Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo0Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+0Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=0Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#0Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W0Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{0Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s0Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig0Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i0Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m0Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M0Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW0Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX10Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO0Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S0Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g0Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}0Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{0Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw10Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/0Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo0Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]0Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny0Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY0Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-0Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk0Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)0Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO0Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk0Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG0Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F70Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E70Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D50Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO0Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[0Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc0Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA0Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA0Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci0Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu0Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc0Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce0Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A0Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI0Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE0Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =0Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G0Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq0Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m0Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)0Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M0Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc0Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} 0Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew0Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w0Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;0Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk0Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao 0Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y0Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{0Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA0Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg0Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY0Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM0Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[0Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my0Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_0Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)0Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E0jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm0Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m 0Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)0Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m0Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY50Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI0Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%0David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW0Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%0Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg0Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc 0Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs0Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/0Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce0Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[0Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-0Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA0Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW0Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y0Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc 0Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m0Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m0Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{0Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO0Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC0Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg0Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m 0Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K0Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms0Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-0Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m0Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um0Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG0Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;0Michael Young - 4.1.0-1M- update to 4.1.0 finalBy0Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd0Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm 0Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm0Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E0Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o0Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY0Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ0Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o30Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start00Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe0Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o0Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{0Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,0Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!0Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!0Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;0Michael Young - 4.1.2-13OXA- fix a packaging error&(oa0Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok0Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI0Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI0Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ0Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY0Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m0Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ0Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW0Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY0Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=0Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#0Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK0Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW0Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%0Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m0Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG0Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA0Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m0Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw0Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm0Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm70Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm30Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma0Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC0Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma0Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{0Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm 0Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm0Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok0Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm0Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi0Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi0Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma0Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy0Michael Young P- correct disabling of xendomains.service on uninstall/Emu0Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk0Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm 0Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme0Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG0Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;0Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm0Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;0Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI0Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m 0Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG0Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-0Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc0Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m10Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm90Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC0Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X0Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S0Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc0Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW0Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW0Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm0Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC0Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG0Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC0Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t0Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso10Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme0Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA0Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu0Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om0Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n0Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[0Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/0Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%0Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-0Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim 0Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW0Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO0Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc0Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY0Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU0Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE0Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/0Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=0Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%0Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG0Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo0Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'0Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm0Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc0Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma0Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m30Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m0Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg0Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#0Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m0Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{0Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?0Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm0Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]0Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;0Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma0Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m0Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm30Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC0Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.0Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_0Michael Young U- gcc 5 bug is fixed so remove workaroundlom0Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}0Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG0Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA0Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m70Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=0Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}1Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_1Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_1Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_U1Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_1Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_S1Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_E1Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_1Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._i1Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_Y1Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cO1Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_Y1Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'1Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!1Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cg1Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%1Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IM1Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_1Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+1Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#Iy1Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;1Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!71CheA@- initial rpm release$ m_0Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy0Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello0Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa0Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o 0Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTw1Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y1 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq1 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPY1Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwu1Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q1 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NM1Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LA1Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:Kq1Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#1Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaII1Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwO1Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw11Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFs1Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsG1Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsG1Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwO1Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoU1Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-1Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_O1Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_1Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#1Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_y1Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_C1Rik van Riel 2-20050520B@- qemu device model for VMXT;_O1Rik van Riel 2-20050519B- apply some VMX related bugfixesU:_Q1Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]1Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#1Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ 1Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkm1Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?1Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgS1Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_1Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jiko1Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]1Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]s1Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfk1Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]q1Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/1Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!1Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]Q1Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[1Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{y1Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_Q1Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^Q1Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ 1Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{Y1Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{1Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwI1Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYw1Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=1Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwO1Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVs1Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUs1Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}1Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk is1Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ie1Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i31Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_i1Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/1Juan Quintela - 3.0.2-31Df- re-enable ia64.N_C1Jeremy Katz - 3.0.2-31DA- update to changeset 11405H_71Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)1Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%1Jeremy Katz - 3.0.2-28D,@- fix a typoY_Y1Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_Y1Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{1Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_o1Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_1Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_g1Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ 1Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ 1Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__1Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_71Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'1Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveU1Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umM1Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htim1Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'1Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmS1Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_Q1Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_51Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]q1Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]Y1Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!Y1Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq U1Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]1Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNy1Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyw1Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>y1Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy71Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ye1Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yI1Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_1Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayM1Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqo1Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+1Jeremy Katz - 3.0.3-3E<- fix the buildJ]=1Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#1Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_W1Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{1Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@s1Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eig1Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<i1Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} m1Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _M1Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yW1Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ811Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yO1Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{S1Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{g1Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}1Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{1Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w11Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/1Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yo1Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]1Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).y1Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yY1Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-1Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+sk1Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)1Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yO1Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(k1Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'1Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&71Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%71Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$51Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#O1Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[1Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWc1Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeA1Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcA1Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTci1Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScu1Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}Rc1Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQce1Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[A1Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcI1Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcE1Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =1Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{G1Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0Ksq1Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}m1Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)1Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}M1Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwc1Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} 1Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):Ew1Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{w1Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;1Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoByk1Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo 1Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@y1Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{1Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yA1Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=yg1Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yY1Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yM1Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[1Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omy1Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_1Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)1Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1E1jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmm1Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm 1Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)1Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hm1Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY51Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmI1Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%1David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmW1Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%1Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmg1Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac 1Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cs1Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/1Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ce1Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[1Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-1Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cA1Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcW1Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Y1Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc 1Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wm1Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesm1Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{1Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mO1Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mC1Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mg1Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m 1Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}K1Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynyms1Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-1Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wm1Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvm1Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumG1Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;1Michael Young - 4.1.0-1M- update to 4.1.0 finalBsy1Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdr1Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm 1Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpm1Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}E1Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?o1Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oY1Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQ1Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo31Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start1Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oe1Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xo1Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{1Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B 1Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!1Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!1Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;1Michael Young - 4.1.2-13OXA- fix a packaging error&oa1Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjok1Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeoI1Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmI1Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQ1Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mY1Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdm1Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQ1Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mW1Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mY1Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=1Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#1Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmK1Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mW1Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%1Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Cm1Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmG1Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmA1Michael Young - 4.1.3-5P~- rebuild for ocaml update~m1Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmw1Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4m1Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m71Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m31Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1ma1Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mC1Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/ma1Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{1Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m 1Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,m1Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+ok1Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*m1Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mi1Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mi1Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'ma1Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&Yy1Michael Young P- correct disabling of xendomains.service on uninstall/%mu1Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mk1Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m 1Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'Eme1Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmG1Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;1Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]Bm1Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;1Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mI1Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m 1Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oG1Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-1Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mc1Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m11Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m91Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mC1Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.81Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}S1Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mc1Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oW1Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmW1Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?Xm1Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoC1Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoG1Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoC1Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.T1Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo11Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRme1Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmA1Michael Young - 4.4.0-8S@- rebuild for ocaml update/Pmu1Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=Om1Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)N1Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[1Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/1Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%1Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-1Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm 1Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoW1Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmO1Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&Fmc1Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imY1Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmU1Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmE1Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/1Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=1Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%1Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coG1Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybo1Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'1Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`m1Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mc1Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^ma1Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m31Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\m1Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mg1Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#1Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{m1Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{1Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?1Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxm1Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]1Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;1Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%uma1Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tm1Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm31Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroC1Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.q1Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_1Michael Young U- gcc 5 bug is fixed so remove workaroundloom1Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}1Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoG1Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmA1Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km71Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=1Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}2Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_2Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_2Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U2Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_2Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S2Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E2Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_2Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i2Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y2Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO2Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y2Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'2Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!2Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg2Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%2Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM2Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_2Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+2Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy2Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;2Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"72CheA@- initial rpm release$m_1Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy1Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~o1Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oa1Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o 1Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4w2Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y2 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq2 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w2Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y2Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu2Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q2 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-2Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A2Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q2Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#2Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I2Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO2Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w12Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s2Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG2Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG2Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO2Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU2Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-2Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O2Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_2Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#2Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y2Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C2Rik van Riel 2-20050520B@- qemu device model for VMXT_O2Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q2Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]2Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#2Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ 2Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkm2Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?2Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS2Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_2Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko2Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]2Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s2Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk2Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q2Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/2Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!2Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q2Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[2Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y2Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q2Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q2Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ 2Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y2Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{2Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI2Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w2Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=2Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO2Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s2Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s2Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}2Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis2Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iie2Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi32Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i2Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/2Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C2Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_72Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)2Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%2Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y2Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y2Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{2Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o2Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_2Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g2Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ 2Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ 2Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__2Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_72Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'2Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU2Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM2Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim2Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'2Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS2Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q2Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_52Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q2Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y2Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4Y2Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqU2Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]2Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y2Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw2Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y2Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y72Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye2Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI2Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_2Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM2Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo2Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+2Jeremy Katz - 3.0.3-3E<- fix the buildJt]=2Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#2Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W2Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{2Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps2Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig2Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm2Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M2Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yW2Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ12Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO2Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S2Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g2Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}2Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{2Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w12Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/2Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo2Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]2Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y2Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY2Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-2Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk2Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)2Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO2Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k2Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails2Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\72Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\72Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[52Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO2Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[2Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7c2Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eA2Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA2Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci2Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu2Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c2Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce2Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A2Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI2Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE2Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =2Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G2Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq2Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m2Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)2Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M2Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc2Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} 2Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w2Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w2Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;2Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk2Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o 2Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y2Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{2Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA2Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg2Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY2Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM2Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[2Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1Omy2Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_2Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)2Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E2jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm2Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm 2Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)2Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm2Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY52Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI2Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%2David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW2Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%2Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg2Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc 2Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs2Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/2Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce2Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[2Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-2Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA2Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW2Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.92Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c 2Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wam2Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m2Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{2Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO2Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC2Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg2Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m 2Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K2Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms2Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-2Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm2Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm2Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG2Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;2Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy2Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR2Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm 2Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm2Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}E2Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to2Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY2Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ2Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo32Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp2Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe2Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno2Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{2Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl2Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!2Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!2Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;2Michael Young - 4.1.2-13OXA- fix a packaging error&hoa2Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok2Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI2Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI2Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ2Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY2Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm2Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQ2Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW2Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY2Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=2Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#2Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK2Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW2Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%2Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm2Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG2Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA2Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm2Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw2Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHm2Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m72Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m32Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma2Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC2Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma2Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{2Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m 2Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m2Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok2Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m2Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi2Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi2Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma2Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy2Michael Young P- correct disabling of xendomains.service on uninstall/mu2Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk2Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym 2Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%me2Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG2Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;2Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m2Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;2Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI2Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m 2Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG2Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-2Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc2Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm12Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m92Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC2Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.2Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S2Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc2Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW2Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mW2Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m2Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC2Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG2Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC2Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.42Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o12Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me2Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA2Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu2Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m2Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).2Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[2Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/2Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%2Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-2Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m 2Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW2Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO2Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc2Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImY2Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU2Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE2Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/2Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=2Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%2Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG2Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo2Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'2Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m2Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc2Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma2Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m32Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m2Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg2Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#2Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[m2Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{2Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?2Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm2Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]2Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;2Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma2Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm2Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm32Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC2Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q2Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_2Michael Young U- gcc 5 bug is fixed so remove workaroundlOom2Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}2Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG2Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA2Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km72Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=2Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}3Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_3Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_3Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U3Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_3Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S3Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E3Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_3Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i3Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y3Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO3Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y3Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'3Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!3Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg3Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%3Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM3Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_3Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+3Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy3Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;3Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a73CheA@- initial rpm release$`m_2Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy2Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o2Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa2Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o 2Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw3Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y3 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq3 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w3Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY3Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu3Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q3 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N 3Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A3Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q3Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#3Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I3Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO3Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw13Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs3Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG3Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG3Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO3Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU3Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-3Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O3Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_3Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#3Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y3Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C3Rik van Riel 2-20050520B@- qemu device model for VMXT{_O3Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q3Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]3Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#3Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ 3Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km3Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?3Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS3Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_3Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko3Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]3Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s3Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k3Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q3Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/3Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!3Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q3Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![3Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y3Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ3Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ3Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ 3Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y3Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{3Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI3Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw3Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=3Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO3Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs3Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws3Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}3Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis3Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie3Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi33Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i3Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/3Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C3Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_73Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)3Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%3Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y3Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y3Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{3Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o3Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_3Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g3Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ 3Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ 3Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__3Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_73Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'3Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU3Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM3Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im3Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'3Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS3Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q3Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_53Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q3Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y3Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY3Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U3Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]3Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y3Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw3Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y3Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y73Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye3Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI3Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_3Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM3Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo3Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+3Jeremy Katz - 3.0.3-3E<- fix the buildJT]=3Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#3Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W3Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{3Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps3Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig3Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm3Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M3Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW3Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx13Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO3Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S3Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g3Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}3Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{3Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw13Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/3Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo3Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]3Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny3Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY3Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-3Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk3Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)3Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO3Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk3Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg3Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f73Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e73Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d53Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO3Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[3Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc3Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA3Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA3Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci3Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu3Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c3Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace3Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A3Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI3Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE3Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =3Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G3Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq3Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m3Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)3Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M3Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc3Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} 3Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w3Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w3Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;3Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk3Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo 3Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey3Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{3Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA3Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg3Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY3Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM3Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[3Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my3Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_3Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)3Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E3jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm3Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m 3Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)3Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m3Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y53Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI3Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%3David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW3Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%3Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg3Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c 3Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs3Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/3Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace3Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[3Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-3Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA3Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW3Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.3Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c 3Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm3Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m3Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{3Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO3Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC3Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg3Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m 3Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K3Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms3Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-3Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m3Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m3Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG3Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;3Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y3Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd23Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m 3Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m3Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E3Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To3Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY3Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ3Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo33Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP3Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe3Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo3Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{3Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL3Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!3Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!3Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;3Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa3Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok3Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI3Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI3Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ3Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY3Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm3Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ3Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW3Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY3Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=3Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#3Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK3Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW3Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%3Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm3Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG3Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA3Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm3Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw3Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm3Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm73Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm33Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma3Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC3Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma3Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{3Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm 3Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm3Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok3Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm3Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi3Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi3Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma3Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy3Michael Young P- correct disabling of xendomains.service on uninstall/emu3Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk3Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm 3Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me3Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG3Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;3Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m3Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;3Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI3Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m 3Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG3Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-3Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc3Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m13Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm93Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC3Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x3Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S3Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc3Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW3Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW3Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m3Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC3Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG3Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC3Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.3Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo13Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme3Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA3Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu3Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m3Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)3Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[3Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/3Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%3Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-3Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m 3Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW3Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO3Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc3Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY3Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU3Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE3Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/3Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=3Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%3Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG3Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o3Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'3Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m3Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc3Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema3Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m33Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m3Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg3Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#3Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m3Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{3Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?3Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m3Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]3Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;3Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma3Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m3Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m33Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC3Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.13Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_3Michael Young U- gcc 5 bug is fixed so remove workaroundl/om3Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}3Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG3Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA3Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m73Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=3Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}4Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_4Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_4Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U4Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_4Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S4Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E4Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_4Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i4Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y4Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO4Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y4Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'4Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!4Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg4Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%4Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM4Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_4Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+4Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy4Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;4Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A74CheA@- initial rpm release$@m_3Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy3Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o3Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa3Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o 3Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw4Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y4 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq4 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY4Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu4Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q4 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm4Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA4Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq4Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#4Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI4Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO4Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw14Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs4Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG4Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG4Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO4Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU4Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-4Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O4Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__4Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#4Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y4Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C4Rik van Riel 2-20050520B@- qemu device model for VMXT[_O4Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q4Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]4Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#4Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ 4Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km4Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?4Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS4Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_4Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko4Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]4Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s4Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk4Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q4Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/4Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!4Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q4Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[4Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y4Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ4Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q4Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ 4Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y4Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{4Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI4Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw4Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=4Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO4Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs4Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus4Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}4Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is4Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie4Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i34Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i4Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/4Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C4Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_74Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)4Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%4Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y4Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y4Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{4Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o4Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._4Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g4Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ 4Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ 4Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__4Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_74Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'4Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU4Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM4Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him4Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'4Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS4Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q4Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_54Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q4Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y4Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY4Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U4Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]4Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y4Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw4Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y4Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y74Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye4Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI4Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_4Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM4Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo4Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+4Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=4Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#4Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W4Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{4Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s4Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig4Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i4Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m4Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M4Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW4Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX14Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO4Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S4Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g4Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}4Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{4Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw14Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/4Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo4Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]4Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny4Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY4Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-4Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk4Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)4Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO4Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk4Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG4Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F74Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E74Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D54Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO4Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[4Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc4Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA4Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA4Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci4Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu4Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc4Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce4Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A4Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI4Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE4Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =4Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G4Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq4Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m4Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)4Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M4Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc4Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} 4Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew4Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w4Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;4Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk4Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao 4Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y4Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{4Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA4Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg4Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY4Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM4Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[4Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my4Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_4Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)4Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E4jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm4Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m 4Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)4Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m4Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY54Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI4Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%4David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW4Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%4Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg4Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc 4Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs4Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/4Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce4Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[4Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-4Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA4Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW4Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y4Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc 4Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m4Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m4Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{4Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO4Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC4Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg4Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m 4Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K4Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms4Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-4Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m4Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um4Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG4Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;4Michael Young - 4.1.0-1M- update to 4.1.0 finalBy4Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd4Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm 4Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm4Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E4Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o4Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY4Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ4Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o34Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start04Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe4Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o4Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{4Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,4Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!4Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!4Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;4Michael Young - 4.1.2-13OXA- fix a packaging error&(oa4Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok4Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI4Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI4Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ4Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY4Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m4Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ4Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW4Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY4Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=4Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#4Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK4Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW4Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%4Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m4Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG4Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA4Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m4Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw4Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm4Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm74Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm34Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma4Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC4Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma4Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{4Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm 4Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm4Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok4Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm4Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi4Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi4Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma4Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy4Michael Young P- correct disabling of xendomains.service on uninstall/Emu4Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk4Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm 4Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme4Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG4Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;4Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm4Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;4Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI4Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m 4Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG4Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-4Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc4Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m14Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm94Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC4Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X4Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S4Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc4Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW4Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW4Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm4Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC4Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG4Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC4Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t4Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso14Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme4Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA4Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu4Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om4Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n4Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[4Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/4Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%4Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-4Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim 4Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW4Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO4Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc4Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY4Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU4Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE4Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/4Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=4Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%4Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG4Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo4Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'4Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm4Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc4Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma4Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m34Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m4Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg4Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#4Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m4Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{4Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?4Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm4Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]4Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;4Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma4Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m4Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm34Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC4Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.4Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_4Michael Young U- gcc 5 bug is fixed so remove workaroundlom4Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}4Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG4Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA4Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m74Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=4Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}5Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_5Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_5Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_U5Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_5Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_S5Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_E5Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_5Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._i5Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_Y5Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cO5Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_Y5Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'5Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!5Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cg5Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%5Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IM5Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_5Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+5Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#Iy5Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;5Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!75CheA@- initial rpm release$ m_4Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy4Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello4Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa4Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o 4Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTw5Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y5 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq5 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPY5Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwu5Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q5 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NM5Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LA5Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:Kq5Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#5Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaII5Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwO5Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw15Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFs5Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsG5Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsG5Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwO5Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoU5Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-5Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_O5Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_5Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#5Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_y5Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_C5Rik van Riel 2-20050520B@- qemu device model for VMXT;_O5Rik van Riel 2-20050519B- apply some VMX related bugfixesU:_Q5Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]5Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#5Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ 5Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkm5Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?5Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgS5Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_5Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jiko5Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]5Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]s5Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfk5Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]q5Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/5Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!5Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]Q5Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[5Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{y5Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_Q5Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^Q5Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ 5Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{Y5Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{5Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwI5Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYw5Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=5Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwO5Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVs5Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUs5Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}5Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk is5Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ie5Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i35Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_i5Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/5Juan Quintela - 3.0.2-31Df- re-enable ia64.N_C5Jeremy Katz - 3.0.2-31DA- update to changeset 11405H_75Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)5Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%5Jeremy Katz - 3.0.2-28D,@- fix a typoY_Y5Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_Y5Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{5Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_o5Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_5Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_g5Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ 5Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ 5Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__5Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_75Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'5Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveU5Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umM5Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htim5Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'5Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmS5Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_Q5Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_55Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]q5Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]Y5Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!Y5Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq U5Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]5Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNy5Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyw5Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>y5Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy75Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ye5Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yI5Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_5Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayM5Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqo5Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+5Jeremy Katz - 3.0.3-3E<- fix the buildJ]=5Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#5Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_W5Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{5Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@s5Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eig5Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<i5Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} m5Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _M5Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yW5Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ815Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yO5Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{S5Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{g5Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}5Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{5Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w15Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/5Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yo5Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]5Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).y5Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yY5Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-5Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+sk5Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)5Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yO5Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(k5Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'5Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&75Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%75Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$55Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#O5Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[5Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWc5Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeA5Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcA5Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTci5Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScu5Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}Rc5Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQce5Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[A5Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcI5Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcE5Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =5Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{G5Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0Ksq5Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}m5Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)5Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}M5Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwc5Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} 5Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):Ew5Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{w5Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;5Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoByk5Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo 5Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@y5Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{5Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yA5Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=yg5Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yY5Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yM5Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[5Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omy5Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_5Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)5Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1E5jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmm5Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm 5Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)5Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hm5Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY55Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmI5Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%5David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmW5Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%5Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmg5Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac 5Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cs5Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/5Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ce5Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[5Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-5Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cA5Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcW5Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Y5Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc 5Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wm5Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesm5Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{5Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mO5Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mC5Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mg5Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m 5Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}K5Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynyms5Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-5Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wm5Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvm5Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumG5Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;5Michael Young - 4.1.0-1M- update to 4.1.0 finalBsy5Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdr5Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm 5Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpm5Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}E5Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?o5Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oY5Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQ5Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo35Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start5Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oe5Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xo5Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{5Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B 5Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!5Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!5Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;5Michael Young - 4.1.2-13OXA- fix a packaging error&oa5Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjok5Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeoI5Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmI5Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQ5Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mY5Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdm5Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQ5Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mW5Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mY5Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=5Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#5Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmK5Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mW5Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%5Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Cm5Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmG5Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmA5Michael Young - 4.1.3-5P~- rebuild for ocaml update~m5Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmw5Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4m5Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m75Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m35Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1ma5Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mC5Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/ma5Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{5Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m 5Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,m5Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+ok5Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*m5Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mi5Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mi5Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'ma5Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&Yy5Michael Young P- correct disabling of xendomains.service on uninstall/%mu5Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mk5Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m 5Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'Eme5Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmG5Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;5Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]Bm5Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;5Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mI5Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m 5Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oG5Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-5Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mc5Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m15Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m95Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mC5Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.85Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}S5Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mc5Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oW5Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmW5Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?Xm5Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoC5Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoG5Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoC5Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.T5Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo15Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRme5Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmA5Michael Young - 4.4.0-8S@- rebuild for ocaml update/Pmu5Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=Om5Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)N5Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[5Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/5Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%5Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-5Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm 5Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoW5Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmO5Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&Fmc5Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imY5Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmU5Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmE5Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/5Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=5Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%5Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coG5Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybo5Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'5Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`m5Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mc5Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^ma5Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m35Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\m5Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mg5Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#5Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{m5Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{5Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?5Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxm5Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]5Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;5Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%uma5Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tm5Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm35Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroC5Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.q5Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_5Michael Young U- gcc 5 bug is fixed so remove workaroundloom5Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}5Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoG5Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmA5Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km75Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=5Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}6Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_6Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_6Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U6Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_6Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S6Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E6Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_6Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i6Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y6Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO6Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y6Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'6Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!6Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg6Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%6Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM6Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_6Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+6Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy6Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;6Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"76CheA@- initial rpm release$m_5Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy5Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~o5Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oa5Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o 5Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4w6Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y6 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq6 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w6Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y6Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu6Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q6 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-6Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A6Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q6Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#6Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I6Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO6Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w16Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s6Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG6Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG6Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO6Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU6Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-6Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O6Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_6Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#6Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y6Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C6Rik van Riel 2-20050520B@- qemu device model for VMXT_O6Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q6Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]6Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#6Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ 6Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkm6Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?6Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS6Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_6Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko6Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]6Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s6Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk6Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q6Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/6Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!6Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q6Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[6Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y6Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q6Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q6Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ 6Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y6Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{6Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI6Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w6Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=6Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO6Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s6Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s6Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}6Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis6Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iie6Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi36Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i6Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/6Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C6Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_76Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)6Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%6Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y6Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y6Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{6Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o6Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_6Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g6Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ 6Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ 6Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__6Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_76Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'6Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU6Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM6Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim6Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'6Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS6Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q6Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_56Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q6Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y6Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4Y6Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqU6Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]6Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y6Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw6Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y6Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y76Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye6Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI6Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_6Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM6Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo6Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+6Jeremy Katz - 3.0.3-3E<- fix the buildJt]=6Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#6Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W6Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{6Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps6Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig6Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm6Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M6Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yW6Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ16Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO6Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S6Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g6Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}6Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{6Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w16Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/6Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo6Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]6Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y6Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY6Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-6Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk6Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)6Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO6Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k6Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails6Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\76Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\76Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[56Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO6Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[6Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7c6Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eA6Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA6Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci6Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu6Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c6Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce6Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A6Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI6Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE6Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =6Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G6Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq6Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m6Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)6Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M6Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc6Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} 6Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w6Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w6Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;6Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk6Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o 6Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y6Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{6Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA6Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg6Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY6Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM6Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[6Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1Omy6Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_6Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)6Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E6jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm6Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm 6Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)6Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm6Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY56Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI6Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%6David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW6Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%6Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg6Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc 6Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs6Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/6Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce6Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[6Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-6Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA6Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW6Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.96Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c 6Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wam6Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m6Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{6Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO6Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC6Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg6Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m 6Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K6Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms6Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-6Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm6Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm6Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG6Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;6Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy6Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR6Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm 6Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm6Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}E6Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to6Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY6Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ6Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo36Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp6Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe6Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno6Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{6Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl6Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!6Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!6Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;6Michael Young - 4.1.2-13OXA- fix a packaging error&hoa6Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok6Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI6Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI6Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ6Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY6Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm6Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQ6Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW6Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY6Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=6Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#6Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK6Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW6Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%6Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm6Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG6Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA6Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm6Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw6Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHm6Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m76Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m36Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma6Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC6Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma6Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{6Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m 6Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m6Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok6Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m6Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi6Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi6Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma6Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy6Michael Young P- correct disabling of xendomains.service on uninstall/mu6Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk6Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym 6Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%me6Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG6Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;6Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m6Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;6Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI6Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m 6Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG6Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-6Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc6Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm16Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m96Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC6Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.6Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S6Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc6Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW6Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mW6Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m6Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC6Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG6Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC6Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.46Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o16Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me6Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA6Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu6Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m6Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).6Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[6Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/6Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%6Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-6Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m 6Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW6Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO6Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc6Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImY6Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU6Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE6Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/6Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=6Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%6Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG6Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo6Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'6Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m6Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc6Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma6Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m36Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m6Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg6Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#6Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[m6Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{6Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?6Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm6Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]6Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;6Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma6Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm6Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm36Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC6Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q6Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_6Michael Young U- gcc 5 bug is fixed so remove workaroundlOom6Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}6Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG6Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA6Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km76Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=6Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}7Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_7Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_7Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U7Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_7Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S7Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E7Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_7Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i7Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y7Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO7Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y7Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'7Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!7Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg7Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%7Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM7Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_7Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+7Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy7Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;7Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a77CheA@- initial rpm release$`m_6Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy6Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o6Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa6Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o 6Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw7Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y7 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq7 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w7Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY7Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu7Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q7 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N 7Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A7Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q7Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#7Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I7Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO7Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw17Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs7Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG7Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG7Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO7Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU7Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-7Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O7Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_7Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#7Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y7Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C7Rik van Riel 2-20050520B@- qemu device model for VMXT{_O7Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q7Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]7Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#7Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ 7Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km7Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?7Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS7Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_7Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko7Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]7Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s7Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k7Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q7Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/7Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!7Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q7Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![7Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y7Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ7Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ7Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ 7Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y7Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{7Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI7Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw7Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=7Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO7Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs7Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws7Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}7Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis7Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie7Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi37Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i7Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/7Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C7Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_77Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)7Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%7Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y7Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y7Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{7Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o7Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_7Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g7Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ 7Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ 7Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__7Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_77Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'7Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU7Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM7Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im7Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'7Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS7Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q7Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_57Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q7Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y7Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY7Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U7Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]7Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y7Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw7Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y7Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y77Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye7Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI7Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_7Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM7Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo7Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+7Jeremy Katz - 3.0.3-3E<- fix the buildJT]=7Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#7Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W7Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{7Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps7Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig7Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm7Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M7Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW7Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx17Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO7Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S7Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g7Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}7Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{7Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw17Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/7Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo7Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]7Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny7Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY7Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-7Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk7Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)7Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO7Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk7Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg7Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f77Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e77Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d57Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO7Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[7Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc7Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA7Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA7Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci7Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu7Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c7Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace7Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A7Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI7Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE7Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =7Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G7Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq7Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m7Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)7Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M7Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc7Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} 7Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w7Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w7Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;7Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk7Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo 7Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey7Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{7Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA7Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg7Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY7Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM7Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[7Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my7Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_7Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)7Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E7jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm7Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m 7Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)7Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m7Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y57Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI7Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%7David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW7Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%7Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg7Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c 7Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs7Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/7Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace7Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[7Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-7Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA7Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW7Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.7Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c 7Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm7Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m7Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{7Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO7Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC7Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg7Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m 7Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K7Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms7Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-7Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m7Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m7Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG7Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;7Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y7Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd27Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m 7Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m7Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E7Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To7Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY7Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ7Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo37Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP7Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe7Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo7Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{7Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL7Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!7Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!7Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;7Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa7Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok7Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI7Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI7Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ7Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY7Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm7Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ7Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW7Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY7Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=7Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#7Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK7Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW7Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%7Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm7Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG7Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA7Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm7Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw7Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm7Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm77Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm37Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma7Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC7Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma7Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{7Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm 7Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm7Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok7Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm7Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi7Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi7Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma7Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy7Michael Young P- correct disabling of xendomains.service on uninstall/emu7Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk7Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm 7Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me7Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG7Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;7Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m7Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;7Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI7Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m 7Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG7Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-7Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc7Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m17Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm97Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC7Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x7Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S7Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc7Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW7Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW7Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m7Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC7Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG7Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC7Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.7Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo17Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme7Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA7Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu7Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m7Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)7Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[7Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/7Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%7Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-7Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m 7Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW7Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO7Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc7Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY7Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU7Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE7Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/7Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=7Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%7Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG7Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o7Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'7Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m7Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc7Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema7Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m37Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m7Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg7Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#7Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m7Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{7Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?7Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m7Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]7Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;7Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma7Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m7Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m37Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC7Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.17Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_7Michael Young U- gcc 5 bug is fixed so remove workaroundl/om7Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}7Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG7Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA7Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m77Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=7Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}8Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_8Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_8Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U8Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_8Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S8Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E8Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_8Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i8Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y8Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO8Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y8Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'8Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!8Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg8Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%8Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM8Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_8Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+8Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy8Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;8Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A78CheA@- initial rpm release$@m_7Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy7Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o7Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa7Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o 7Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw8Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y8 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq8 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY8Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu8Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q8 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm8Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA8Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq8Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#8Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI8Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO8Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw18Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs8Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG8Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG8Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO8Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU8Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-8Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O8Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__8Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#8Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y8Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C8Rik van Riel 2-20050520B@- qemu device model for VMXT[_O8Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q8Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]8Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#8Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ 8Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km8Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?8Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS8Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_8Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko8Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]8Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s8Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk8Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q8Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/8Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!8Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q8Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[8Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y8Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ8Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q8Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ 8Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y8Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{8Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI8Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw8Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=8Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO8Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs8Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus8Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}8Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is8Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie8Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i38Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i8Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/8Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C8Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_78Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)8Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%8Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y8Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y8Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{8Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o8Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._8Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g8Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ 8Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ 8Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__8Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_78Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'8Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU8Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM8Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him8Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'8Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS8Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q8Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_58Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q8Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y8Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY8Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U8Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]8Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y8Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw8Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y8Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y78Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye8Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI8Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_8Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM8Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo8Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+8Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=8Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#8Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W8Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{8Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s8Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig8Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i8Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m8Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M8Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW8Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX18Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO8Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S8Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g8Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}8Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{8Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw18Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/8Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo8Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]8Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny8Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY8Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-8Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk8Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)8Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO8Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk8Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG8Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F78Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E78Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D58Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO8Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[8Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc8Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA8Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA8Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci8Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu8Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc8Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce8Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A8Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI8Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE8Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =8Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G8Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq8Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m8Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)8Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M8Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc8Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} 8Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew8Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w8Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;8Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk8Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao 8Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y8Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{8Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA8Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg8Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY8Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM8Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[8Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my8Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_8Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)8Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E8jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm8Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m 8Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)8Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m8Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY58Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI8Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%8David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW8Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%8Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg8Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc 8Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs8Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/8Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce8Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[8Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-8Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA8Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW8Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y8Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc 8Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m8Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m8Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{8Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO8Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC8Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg8Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m 8Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K8Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms8Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-8Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m8Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um8Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG8Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;8Michael Young - 4.1.0-1M- update to 4.1.0 finalBy8Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd8Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm 8Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm8Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E8Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o8Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY8Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ8Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o38Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start08Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe8Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o8Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{8Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,8Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!8Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!8Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;8Michael Young - 4.1.2-13OXA- fix a packaging error&(oa8Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok8Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI8Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI8Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ8Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY8Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m8Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ8Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW8Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY8Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=8Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#8Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK8Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW8Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%8Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m8Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG8Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA8Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m8Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw8Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm8Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm78Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm38Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma8Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC8Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma8Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{8Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm 8Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm8Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok8Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm8Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi8Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi8Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma8Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy8Michael Young P- correct disabling of xendomains.service on uninstall/Emu8Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk8Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm 8Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme8Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG8Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;8Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm8Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;8Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI8Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m 8Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG8Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-8Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc8Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m18Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm98Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC8Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X8Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S8Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc8Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW8Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW8Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm8Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC8Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG8Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC8Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t8Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso18Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme8Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA8Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu8Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om8Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n8Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[8Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/8Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%8Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-8Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim 8Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW8Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO8Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc8Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY8Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU8Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE8Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/8Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=8Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%8Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG8Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo8Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'8Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm8Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc8Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma8Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m38Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m8Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg8Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#8Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m8Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{8Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?8Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm8Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]8Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;8Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma8Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m8Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm38Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC8Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.8Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_8Michael Young U- gcc 5 bug is fixed so remove workaroundlom8Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}8Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG8Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA8Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m78Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=8Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}9Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_9Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_9Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_U9Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_9Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_S9Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_E9Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_9Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._i9Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_Y9Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cO9Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_Y9Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'9Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!9Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cg9Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%9Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IM9Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_9Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+9Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#Iy9Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;9Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!79CheA@- initial rpm release$ m_8Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy8Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello8Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa8Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o 8Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) 8t.\ D r , Z  B p *X@n(V>l&T<D8 eccf6c8192bc0e1160858b34696397680cd773a4aa1fbe1cbf9d0106d0b01cd6D7 42b9be441e0c47313b885c7f6609204a4fa4c40203f6e9efa05a30d7404d3191D6 079ba3370f726cf6c18aaa2a6c4daac4b71e967c888d4577172ab927c699905eD5 e9190571c3cd9c9241312944c55e327534195f3cd14027633ad474f94afea784D4 19faba1a490c1b4953a47997631feaa7a1f9eb5dfc803f503cf7dcba4f3be983D3 31bb9f247c00784e9faaa370fb39266e8af782722f189459eabcc0360e9ec801D2 f3bb1dd637ee89101ec8f498f0bdc094abffd615a3192740ba017843163f909cD1 6184d3317d229ec7502aedbc858e31fea58b5a62b1a1b63f7facdad9a3e38047D0 d7b71772b1fe931347b89f665675475aa17b180ede6c75af7eda4ac0e318bb28D/ 809d4519c458a39ce142de41a8cf40b7a04e173565118f0374e148b58ac1e170D. 94a986b4f8d26c588aaf3d6539280e92925830414ae10ca2cbad271d93c37abbD- a28601eb0dcd250f4ea8eb1f00e3a8ce728e03821eb4c98dd79e911f545f99d4D, 96f9d44c53075d914c789feed50ed0f1697808a3664ec22beb01e57d5800ca33D+ 3dcdf75a3b183f389163d99d0bb9933686d6c198bd5bc69c5f65f7dc49149907D* 4c4ba747dad0006161062b12331a86e8c74c30e6e658602bce47641445069f56D) 5193c421c041e53ef838f65f5793dfc155eda1667d6afd86065132229571f448D( 0941ae05d6e4404cb16595fa951b30795908c9a71a4cca5a9a14d71931e07ab2D' e04b1514cba2a26270f5e89956e06b3a22850be6535463fe91150195828410b6D& 49829edad17460db9993523ac2cea9c455d41d19c31ed245b57527f52ef0a25bD% aa0100eff4eaf086b38c290c0b4d765e573505225bd0ec94eaeef642b5d7d7ecD$ 717d0b305c3d478abba476dc352075741a5611259fbf0246d1d54b65482b2607D# 62e8d83ad9b7a60775dfc05057c03277e8ca424ed194bca8832e9bda2352283cD" 2370239b754e3cf049e7a4defaa7e12d394eece1ce240fd74e4b3261c375a880D! aa86559a2f79878ec1918d33d7746083c999ae2571d1c48ce8a31caffd534601D  cd9d227af93112c73ffe5d567970249649cc946a831c51b327f7382c7875e33bD ac8651197a99be643fde4df3ce94688efd4b4f95c9f3c1cfe778304f25fb1f54D 93ef1fe77da95c51e91c23cc9e1db9b29bf17db12f99fbad0e0b95b162dc9f41D af37b3009bf358bca5ecb60c37f537660d4f867ba19772731d9eda894199f1daD db3532de23f191b4e6b52dff7e0602d94d91b8fb7d413dd1ba7a116fcd7392a7D 00c9c3d1162ae286903cf1b19de7fc8a1e6100fb872ce869fda052ea8a5bc540D 0baa3ff17da005342555f4c60a6f6cd92295c72f470164dfadb87dd620c2f5bdD 575125ad8683653c1b88fc59d9c363cdc592fb14fe53d145601244c60c91b5e0D 0bdb7cf60900768754b46fa64dea9fac21ad27d6573f4ebc8355835fc13a3ae9D 757594908ca13c9a88661e7edd113c70966c41c3796eac8cd8e8c0590e6eac94D 2a1392b03402c6b95bab79f6add02e0c0c4e63ec604e314b25d905f0c4509206D 97849cb3cf25dd9315d68946b054e5a9232e82be7e3741383459158d3395030eD 90447e30b11ae3fcc64f175d6ef3b1e0370fb7c390c5f4e13b23710ec6c4751aD 86f88e4acc520470367f59f7ea89902aed45e411e69d3e10f1bbb080abbb50b0D 96c64b936c0632ebcbd15304d5aa7d3c833afc73e11d33d6dbe932ca290b0039D 55288eb65a91602d13c10ef1af6eaa7ce550d581c762f6c04980fbf2e333c7a6D 75ef01d0600fd0375b442af468061fc9a94b99483605a3cb1caab07ef9d13983D a0e220d3d59d5fa85958f7a6f174fdcd90e8c2d4a49794b35b414178e6b6a88bD efd487fae15b37c821170806f3f9dd0e24397d52ee25acfe35b2369853520544D  d4d0cd2e254d8ab4b0d4657d702e3a6c72cd8e4457be2b50ee1d8a3dc72b2b72D  a88854e47822fe1f69171e8746ffbc0d761c939cddf4c96e004142c099a9daf2D  2b5fa6bd3e3d57ec8264dc7cf091c12cdd45095f9507befc08f38c7884f3cb23D  41b66e2d339921d1f45daee9a879fa4ddb4d709e9f68580da9a0213332ccd2d8D  dc94d448cad5a4d1623b21490081762ff53af4823424bf55a4abb75e0acd7ca1D c815fe5f763224655725056bac4a1e37bc961f2e2cf420a3745a62f28746e36fD 68ee25ca2fb0794a54e6f78513494587b5ea9883f60ae7202ebac6bd432bdb85D b74b48458524d5989509fe130fe7459ed47c62847e6d7eeb1d93e18cbe371c20D f3ccf5e2ad3eb98e3d75c92403014b2f0759112791daad8a5b5396870b315eeaD a57646363d1fa2d853196c89a0deb315efdd4423caf6a101cc18bef5e3de6cbeD 78bd2c094f358a6ed4d11df01fff665c31ccff7ad8d9e34e6cec414b9a54a6fdD 228c41b8c20e411050f5f1323fbd75f7e054069bf4da0e06043728036cd4b5feD 60391aab05dc27008fe7368946bee3c4cb48901b7b50bcde897bcd1f0c774de8 7t.\ D r , Z  B p *X@n(V>l&T<Do a1606a782fcc2ef110e682a3446e8346dea6a48fb858f7e6c5e1fb5de3773fbaDn 9b7b05818fb4820994a0ff2c38be22836b840421dacf0316a488944b27d6bcd2Dm a246d0fabf20a0fa170d16b54702f4b512a922c50290159333f144f9f7a66699Dl e82b245a9937eabb303623c83fb675d85eb7179d706728b3e31886e674a0112eDk d8895cef6bf9dea9758a764448c0ce2fb2000c416c356ebf66c34a81ef1fccb0Dj b3195e1bf47b7862d97fd3377e3013a649ef9dcbbdff0479e3cd58ec250f1becDi 4d68502982e4fdb5f1cc0535d04f8a7c15c33655251882cdeafaf54faff61367Dh 18ebd2936c7c2384de72a02e96706320dbd121ce62871e41bba0b1a5adcc891eDg 4ee1d083288df4d6b204ee0d0b3e068ecbb78557775fb99a9e891e85bf40ad9eDf d5f4f85c655ad4984e0f8d9ae27dcdf335e47079c7fcd66f79c1e3032e5ad636De 2581eb27be9010b6eef489454b4bcc7b7f2fe1694a5ba1662bddda09cc7cb8c4Dd 3c4f6c14fcda5357585b05d86e05a2652736c91f28678162d6bfeec1b28c1f93Dc 0e34c2d232d6199d84c1357bff51c83ee882dd49dfa1ed6a564415de1982e80fDb 3c69cc692aee33034d1e6a2e366b215ea89d800ad9568a7493a643691c407e72Da a9e25497e45b6f0f1f4c131c05b245868bc2e82752dc47f574d9faf549d05b9eD` 9821bb53f2920ad79668d130ba6a0961b7abf3580122d1baec635df9110d6e68D_ 090c5908e9d62742b7416ec06e18ff1ae39cbbe2d002a8376af1050e8e60fb78D^ 913abf590d4ad0c7739901adf073652c4a400fc59ca2ea55276347fd13356ffdD] dccc65ff766526e726d8ee5acd27dffa268d057a29896668c9a28f88a548f669D\ 8aa233b599fd36d05fe7d27eca3ddab045980b7598dc387a5136a8c277a64612D[ 2f5ef1acc9b692661b64a92699397019b2edaa6a99682b9d32ca4c673d10f794DZ 43b2476a4890f901841e0f148b3efc7b6fdd84b7daeb512840aabd89a3cb68a1DY fb5d3ef4b7594f236de6bd1248841e5d9e4111bd2eff9ba1beb8e8636a7887d4DX 4e11fd73ab5603becf8cb27a662b3964b2e19b0e3f1aa0c947d8be47309100a4DW 1eae6512e4294ec9c9c8fd7c542850357fbdef9d6c3c4fde278a97c1b4505732DV 32f0dfaa40a3c45c4a3d42d08ab42e986c410b8d0ff1626f4577dc61dbe6d488DU 6a608ef5e9899967b559b89ccb870d48a50137cfe3d3080f708d1c4f4facebfbDT e748778eaa7ab72421ec882d2819e33509af85df5a0c995ca8042f0193385b99DS 332371be43cb56de7836a7960751f59ca1f00b85ea698601827921a364894ef2DR 5d9ba6e98a7173c75d5e117e533e1ab03f6558ec1eab1cc8adb9e1ada53384d4DQ dee5f3eae85b5944b301778386e2fbe0022954fe59f6d68ac696d3236836f479DP 0930bea6e1e33357483557fa0a3791e5d6f9fb7dbc999dbf63edf48c85b8b88cDO efca3540cb63f22e41b172f6ee078b00b536695d758fd342fefe6325d06651d6DN e5d458a634713ceb532b03a4c9ee32d891edd5020ecc7d65b81f73308e629115DM 465bf55797eacb8d02731120a4c505c9c63b50cd643b977c66f8c2360ed81865DL 172095f8baf032e8d8fbe0a93a05fe37fd69be5611aabc22a9b3a38145c14fbdDK ce3d42d23af6c283d1a4b7a2d97d1feea91245fd07e39ed063b5cddbecaab570DJ 0329865a4d8bc00280650a04e9e4589f38a52ad5ac8f96fc69a6bbb9da992094DI 3bee173bb3649ed9156aff7c6d5eccac37ae120bf6df642a4156a96844c159d9DH a53575652582e1a68103e5a4cc4a0e72f1ac8c8f3bddd17d3d74432aa3613d40DG 9764cadd0c7e3de6ef43b21bd7c3101b2f55ed9e8f77bb1a9535c0b53ab419b1DF ac86108689a14f94909cb2da45342c1f8f172ae61b973be2bb4a6366eabfd162DE f1bcc226c49b98b890d65ea33d4c10ddf316c95df1ac0074de48c203cb8e6338DD 69fa5c633fb38b77b6494e0b797bb43ad1a042639b8ec36e129fb4ed695879b8DC 6724bf83a92bd05d177efe90160af409eaf60bb6ecccdfa645a67bf103209631DB 47b38ca999c8e59e2dfa518fecb40cfe9b950bd906a3e6da6a8c29377b10adc8DA 06c7a6af0199aabafc5d8492b661ad49df1ea56a795b0c4f7cda707ef277f211D@ 740a7e3fa48555366e0e3226f80421f9f8f295db531b0e20b408284ca06636d1D? e2e7a1ffc9dd8e58f832370fa31a8ec72bd4ec8f9223b8a20b07cdf7f21e8961D> eb2a63094ee8d1fdba3957a7e49704a512c8f684695db02ff9f0f64f9f4e6ae0D= 9c00d5d7c081f82946a12ac97e64e57a60c5d37c840bec91609006dcefb0dd99D< 717112d6c0f8c9ef967da96993b76834e856929b63b2b3665c29b3898afa0cddD; adf81dea018edb8bc35e16f0b5e4ce469cf479129014f8e6b249074ba0ac8579D: 1d162b05f26784e29c0356ba79ac51ff53217a25b00f242a9525261c579a946fD9 c71ae478811e0b3a8c749844695a2aab8d9572aae36e5b6347ca77386fd4ff95 I C  / ?iN] 0CxTw9Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y9 - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq9 - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPY9Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwu9Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q9 - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NM9Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LA9Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:Kq9Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#9Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaII9Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwO9Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw19Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFs9Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsG9Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsG9Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwO9Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoU9Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-9Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_O9Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_9Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#9Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_y9Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_C9Rik van Riel 2-20050520B@- qemu device model for VMXT;_O9Rik van Riel 2-20050519B- apply some VMX related bugfixesU:_Q9Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]9Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#9Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ 9Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkm9Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?9Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgS9Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_9Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jiko9Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]9Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]s9Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfk9Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]q9Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/9Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!9Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]Q9Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[9Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{y9Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_Q9Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^Q9Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ 9Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{Y9Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{9Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwI9Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYw9Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=9Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwO9Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVs9Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUs9Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}9Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk is9Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ie9Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i39Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_i9Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/9Juan Quintela - 3.0.2-31Df- re-enable ia64.N_C9Jeremy Katz - 3.0.2-31DA- update to changeset 11405H_79Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)9Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%9Jeremy Katz - 3.0.2-28D,@- fix a typoY_Y9Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_Y9Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{9Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_o9Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_9Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_g9Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ 9Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ 9Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__9Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_79Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'9Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveU9Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umM9Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htim9Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'9Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmS9Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_Q9Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_59Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]q9Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]Y9Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!Y9Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq U9Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]9Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNy9Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyw9Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>y9Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy79Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ye9Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yI9Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_9Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayM9Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqo9Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+9Jeremy Katz - 3.0.3-3E<- fix the buildJ]=9Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#9Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_W9Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{9Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@s9Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eig9Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<i9Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} m9Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _M9Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yW9Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ819Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yO9Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{S9Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{g9Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}9Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{9Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w19Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/9Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yo9Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]9Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).y9Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yY9Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-9Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+sk9Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)9Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yO9Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(k9Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'9Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&79Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%79Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$59Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#O9Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[9Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWc9Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeA9Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcA9Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTci9Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScu9Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}Rc9Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQce9Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[A9Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcI9Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcE9Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =9Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{G9Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0Ksq9Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}m9Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)9Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}M9Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwc9Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} 9Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):Ew9Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{w9Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;9Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoByk9Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo 9Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@y9Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{9Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yA9Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=yg9Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yY9Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yM9Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[9Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omy9Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_9Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)9Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1E9jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmm9Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm 9Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)9Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hm9Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY59Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmI9Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%9David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmW9Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%9Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmg9Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac 9Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cs9Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/9Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ce9Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[9Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-9Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cA9Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcW9Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Y9Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc 9Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wm9Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesm9Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{9Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mO9Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mC9Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mg9Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m 9Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}K9Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynyms9Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-9Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wm9Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvm9Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumG9Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;9Michael Young - 4.1.0-1M- update to 4.1.0 finalBsy9Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdr9Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm 9Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpm9Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}E9Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?o9Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oY9Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQ9Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo39Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start9Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oe9Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xo9Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{9Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B 9Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!9Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!9Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;9Michael Young - 4.1.2-13OXA- fix a packaging error&oa9Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjok9Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeoI9Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmI9Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQ9Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mY9Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdm9Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQ9Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mW9Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mY9Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=9Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#9Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmK9Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mW9Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%9Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Cm9Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmG9Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmA9Michael Young - 4.1.3-5P~- rebuild for ocaml update~m9Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmw9Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4m9Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m79Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m39Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1ma9Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mC9Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/ma9Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{9Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m 9Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,m9Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+ok9Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*m9Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mi9Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mi9Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'ma9Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&Yy9Michael Young P- correct disabling of xendomains.service on uninstall/%mu9Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mk9Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m 9Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'Eme9Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmG9Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;9Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]Bm9Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;9Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mI9Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m 9Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oG9Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-9Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mc9Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m19Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m99Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mC9Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.89Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}S9Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mc9Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oW9Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmW9Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?Xm9Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoC9Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoG9Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoC9Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.T9Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo19Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRme9Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmA9Michael Young - 4.4.0-8S@- rebuild for ocaml update/Pmu9Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=Om9Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)N9Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[9Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/9Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%9Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-9Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm 9Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoW9Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmO9Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&Fmc9Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imY9Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmU9Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmE9Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/9Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=9Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%9Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coG9Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybo9Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'9Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`m9Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mc9Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^ma9Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m39Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\m9Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mg9Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#9Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{m9Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{9Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?9Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxm9Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]9Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;9Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%uma9Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tm9Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm39Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroC9Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.q9Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_9Michael Young U- gcc 5 bug is fixed so remove workaroundloom9Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}9Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoG9Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmA9Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km79Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=9Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}:Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_:Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_:Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U:Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_:Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S:Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E:Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_:Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i:Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y:Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO:Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y:Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I':Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!:Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg:Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%:Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM:Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_:Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+:Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy:Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;:Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7:CheA@- initial rpm release$m_9Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy9Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~o9Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oa9Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o 9Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4w:Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y: - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq: - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w:Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y:Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu:Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q: - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-:Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A:Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q:Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#:Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I:Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO:Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1:Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s:Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG:Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG:Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO:Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU:Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-:Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O:Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_:Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#:Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y:Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C:Rik van Riel 2-20050520B@- qemu device model for VMXT_O:Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q:Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]:Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#:Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ :Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkm:Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?:Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS:Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_:Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko:Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]:Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s:Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk:Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q:Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/:Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!:Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q:Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[:Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y:Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q:Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q:Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ :Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y:Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{:Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI:Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w:Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=:Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO:Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s:Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s:Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}:Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis:Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iie:Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3:Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i:Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/:Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C:Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7:Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_):Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%:Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y:Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y:Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{:Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o:Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_:Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g:Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ :Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ :Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__:Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7:Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi':Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU:Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM:Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim:Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si':Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS:Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q:Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5:Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q:Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y:Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4Y:Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqU:Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]:Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y:Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw:Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y:Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7:Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye:Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI:Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_:Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM:Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo:Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+:Jeremy Katz - 3.0.3-3E<- fix the buildJt]=:Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#:Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W:Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{:Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps:Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig:Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm:Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M:Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yW:Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1:Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO:Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S:Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g:Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}:Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{:Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1:Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/:Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo:Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]:Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y:Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY:Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-:Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk:Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y):Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO:Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k:Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails:Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7:Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7:Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5:Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO:Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[:Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7c:Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eA:Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA:Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci:Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu:Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c:Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce:Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A:Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI:Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE:Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =:Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G:Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq:Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m:Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w):Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M:Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc:Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} :Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w:Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w:Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;:Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk:Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o :Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y:Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{:Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA:Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg:Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY:Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM:Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[:Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1Omy:Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_:Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm):Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E:jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm:Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm :Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm):Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm:Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5:Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI:Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%:David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW:Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%:Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg:Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc :Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs:Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/:Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce:Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[:Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-:Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA:Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW:Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9:Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c :Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wam:Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m:Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{:Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO:Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC:Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg:Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m :Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K:Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms:Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-:Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm:Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm:Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG:Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;:Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy:Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR:Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm :Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm:Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}E:Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to:Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY:Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ:Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3:Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp:Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe:Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno:Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{:Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl:Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!:Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!:Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;:Michael Young - 4.1.2-13OXA- fix a packaging error&hoa:Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok:Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI:Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI:Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ:Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY:Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm:Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQ:Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW:Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY:Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=:Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#:Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK:Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW:Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%:Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm:Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG:Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA:Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm:Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw:Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHm:Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7:Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3:Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma:Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC:Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma:Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{:Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m :Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m:Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok:Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m:Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi:Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi:Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma:Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy:Michael Young P- correct disabling of xendomains.service on uninstall/mu:Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk:Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym :Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%me:Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG:Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;:Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m:Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;:Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI:Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m :Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG:Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-:Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc:Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1:Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9:Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC:Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.:Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S:Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc:Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW:Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mW:Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m:Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC:Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG:Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC:Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4:Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1:Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me:Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA:Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu:Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m:Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).:Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[:Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/:Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%:Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-:Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m :Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW:Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO:Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc:Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImY:Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU:Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE:Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/:Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=:Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%:Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG:Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo:Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao':Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m:Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc:Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma:Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3:Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m:Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg:Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#:Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[m:Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{:Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?:Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm:Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]:Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;:Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma:Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm:Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3:Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC:Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q:Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_:Michael Young U- gcc 5 bug is fixed so remove workaroundlOom:Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}:Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG:Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA:Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7:Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=:Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_};Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_;Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_;Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U;Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_;Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S;Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E;Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_;Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i;Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y;Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO;Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y;Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI';Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!;Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg;Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%;Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM;Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_;Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+;Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy;Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;;Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7;CheA@- initial rpm release$`m_:Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy:Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o:Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa:Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o :Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw;Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y; - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq; - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w;Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY;Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu;Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q; - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N ;Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A;Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q;Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#;Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I;Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO;Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1;Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs;Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG;Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG;Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO;Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU;Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-;Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O;Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_;Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#;Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y;Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C;Rik van Riel 2-20050520B@- qemu device model for VMXT{_O;Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q;Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI];Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#;Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ ;Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km;Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?;Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS;Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_;Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko;Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]];Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s;Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k;Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q;Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/;Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!;Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q;Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![;Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y;Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ;Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ;Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ ;Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y;Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{;Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI;Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw;Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=;Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO;Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs;Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws;Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs};Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis;Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie;Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3;Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i;Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/;Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C;Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7;Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_);Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%;Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y;Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y;Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{;Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o;Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_;Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g;Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ ;Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ ;Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__;Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7;Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i';Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU;Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM;Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im;Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i';Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS;Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q;Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5;Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q;Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y;Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY;Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U;Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_];Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y;Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw;Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y;Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7;Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye;Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI;Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_;Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM;Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo;Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+;Jeremy Katz - 3.0.3-3E<- fix the buildJT]=;Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#;Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W;Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{;Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps;Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig;Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm;Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M;Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW;Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1;Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO;Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S;Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g;Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{};Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{;Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1;Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/;Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo;Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy];Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny;Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY;Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-;Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk;Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy);Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO;Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk;Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg;Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7;Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7;Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5;Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO;Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[;Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc;Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA;Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA;Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci;Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu;Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c;Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace;Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A;Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI;Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE;Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =;Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G;Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq;Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m;Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w);Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M;Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc;Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} ;Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w;Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w;Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;;Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk;Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo ;Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey;Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{;Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA;Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg;Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY;Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM;Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[;Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my;Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_;Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m);Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E;jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm;Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m ;Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m);Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m;Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5;Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI;Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%;David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW;Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%;Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg;Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c ;Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs;Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/;Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace;Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[;Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-;Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA;Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW;Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.;Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c ;Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm;Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m;Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{;Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO;Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC;Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg;Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m ;Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K;Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms;Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-;Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m;Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m;Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG;Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;;Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y;Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2;Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m ;Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m;Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E;Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To;Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY;Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ;Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3;Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP;Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe;Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo;Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{;Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL;Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!;Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!;Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;;Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa;Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok;Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI;Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI;Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ;Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY;Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm;Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ;Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW;Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY;Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=;Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#;Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK;Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW;Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%;Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm;Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG;Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA;Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm;Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw;Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm;Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7;Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3;Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma;Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC;Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma;Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{;Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm ;Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm;Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok;Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm;Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi;Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi;Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma;Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy;Michael Young P- correct disabling of xendomains.service on uninstall/emu;Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk;Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm ;Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me;Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG;Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;;Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m;Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;;Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI;Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m ;Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG;Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-;Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc;Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1;Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9;Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC;Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x;Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S;Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc;Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW;Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW;Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m;Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC;Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG;Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC;Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.;Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1;Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme;Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA;Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu;Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m;Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583);Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[;Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/;Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%;Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-;Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m ;Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW;Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO;Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc;Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY;Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU;Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE;Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/;Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=;Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%;Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG;Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o;Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o';Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m;Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc;Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema;Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3;Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m;Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg;Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#;Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m;Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{;Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?;Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m;Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m];Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;;Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma;Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m;Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3;Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC;Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1;Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_;Michael Young U- gcc 5 bug is fixed so remove workaroundl/om;Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s};Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG;Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA;Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7;Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=;Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_} 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_ 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_ 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_ 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_ 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y 2-20050207B- upgrade to last night's Xen snapshotVLcO 2-20050201.1AoA- move everything to /var/lib/xenYK_Y 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic! - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMAn@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_A(@- upgrade to new snapshot of xen-unstablexDI+A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyA@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7 - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy;Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o;Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa;Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o ;Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y< - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq< - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q< - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm - 3.0-0.20051206.fc5.2C@- rebuilt lA - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw# - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiICu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1 - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag- 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O 2-20050823C - upgrade to today's Xen snapshot{__ 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_# 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y 2-20050522B- change default display method for VMX domains to SDLN\_C 2-20050520B@- qemu device model for VMXT[_O 2-20050519B- apply some VMX related bugfixesUZ_Q 2-20050424Bl- upgrade to last night's snapshotQYI]B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_# 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km - 3.0.2-7DW@- more initscript patch to report status #184452 g? - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_ - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]] - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/ - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a! - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[ - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{ - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw= - 3.0-0.20060130.fc5.5C- fix build for new udevawwO - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s} - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3 - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/ - 3.0.2-31Df- re-enable ia64.N%_C - 3.0.2-31DA- update to changeset 11405H$_7 - 3.0.2-30D@- fix pvfb for x86_64#_) - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_% - 3.0.2-28D,@- fix a typoY!_Y - 3.0.2-27D- add support for paravirt framebuffer _Y - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{ - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._ - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__ - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7 - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i' - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU 3.0.2-16D- Fix network-bridge error (#199414)mM - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him - 3.0.2-14D5- Compile fix: don't #include i' - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5 - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?] - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7 - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_ - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+ - 3.0.3-3E<- fix the buildJ4]= - 3.0.3-2Ex@- rebuild for python 2.5H3q# - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{ - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1 - 3.1.2-2.fc9GY5- Rebuild for depsaWyO - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{} - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{ - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1 - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/ - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy] - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy- - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy) - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7 - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7 - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5 - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[ - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA - 3.3.1-11IV@- fix python 2.6 warnings.ucA - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A - 3.3.1-2Is- rebuild with new opensslSocI - 3.3.1-1Ie- update to xen 3.3.1 release.ncE - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am = - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw) - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy; - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{ - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[ - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_ - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m) - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m) - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg% - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm% - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/ - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[ - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c- - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA - 3.4.1-1J|@- update to 3.4.1 release.zcW - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{ - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m- - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm; - 4.1.0-1M- update to 4.1.0 finalBy - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3 - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0 - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{ - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B, - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o! - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o! - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o; - 4.1.2-13OXA- fix a packaging error&(oa - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok - 4.1.2-11ONA- put the systemd files back in the right place&oI - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI - 4.1.2-9O?- move xen-watchdog to systemd\$mQ - 4.1.2-8O2c- relocate systemd files for fc17+`#mY - 4.1.2-7O1@- move xend and xenconsoled to systemd"m - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m= - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m# - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m% - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA - 4.1.3-5P~- rebuild for ocaml update~7m - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7 - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3 - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{ - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyP- correct disabling of xendomains.service on uninstall/Emu - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm; - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am; - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m- - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1 - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9 - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC - 4.4.0-14TA- Bump release and rebuild.XvoG - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1 - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA - 4.4.0-8S@- rebuild for ocaml update/pmu - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[ - 4.4.0-4Sp- add systemd preset support (#1094938) lm/ - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm% - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm- - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/ - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm= - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm% - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o' - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3 - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm# - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{ - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m? - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm] - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm; - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3 - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC - 4.5.0-13UA- Rebuild for ocaml-4.02.2. - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_U- gcc 5 bug is fixed so remove workaroundlom - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us} - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7 - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m= - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}=Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_=Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_=Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_U=Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_=Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_S=Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_E=Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_=Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._i=Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_Y=Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cO=Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_Y=Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'=Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!=Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cg=Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%=Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IM=Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_=Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+=Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#Iy=Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;=Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7=CheA@- initial rpm release$ m_ - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTw=Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y= - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq= - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPY=Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwu=Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q= - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NM=Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LA=Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:Kq=Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#=Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaII=Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwO=Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1=Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFs=Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsG=Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsG=Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwO=Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoU=Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-=Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_O=Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_=Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#=Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_y=Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_C=Rik van Riel 2-20050520B@- qemu device model for VMXT;_O=Rik van Riel 2-20050519B- apply some VMX related bugfixesU:_Q=Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]=Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#=Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ =Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkm=Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?=Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgS=Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_=Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jiko=Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]=Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]s=Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfk=Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]q=Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/=Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!=Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]Q=Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[=Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{y=Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_Q=Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^Q=Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ =Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{Y=Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{=Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwI=Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYw=Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw==Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwO=Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVs=Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUs=Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}=Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk is=Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ie=Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3=Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_i=Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/=Juan Quintela - 3.0.2-31Df- re-enable ia64.N_C=Jeremy Katz - 3.0.2-31DA- update to changeset 11405H_7=Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)=Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%=Jeremy Katz - 3.0.2-28D,@- fix a typoY_Y=Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_Y=Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{=Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_o=Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_=Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_g=Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ =Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ =Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__=Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7=Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'=Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveU=Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umM=Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htim=Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'=Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmS=Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_Q=Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5=Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]q=Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]Y=Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!Y=Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq U=Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]=Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNy=Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyw=Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>y=Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7=Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ye=Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yI=Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_=Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayM=Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqo=Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+=Jeremy Katz - 3.0.3-3E<- fix the buildJ]==Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#=Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_W=Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{=Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@s=Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eig=Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<i=Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} m=Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _M=Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yW=Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81=Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yO=Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{S=Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{g=Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}=Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{=Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1=Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/=Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yo=Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]=Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).y=Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yY=Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-=Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+sk=Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)=Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yO=Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(k=Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'=Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7=Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7=Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5=Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#O=Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[=Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWc=Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeA=Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcA=Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTci=Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScu=Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}Rc=Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQce=Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[A=Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcI=Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcE=Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM ==Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{G=Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0Ksq=Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}m=Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)=Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}M=Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwc=Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} =Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):Ew=Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{w=Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;=Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoByk=Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo =Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@y=Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{=Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yA=Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=yg=Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yY=Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yM=Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[=Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omy=Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_=Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)=Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1E=jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmm=Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm =Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)=Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hm=Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5=Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmI=Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%=David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmW=Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%=Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmg=Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac =Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cs=Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/=Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ce=Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[=Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-=Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cA=Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcW=Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Y=Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc =Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wm=Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesm=Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{=Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mO=Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mC=Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mg=Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m =Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}K=Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynyms=Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-=Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wm=Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvm=Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumG=Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;=Michael Young - 4.1.0-1M- update to 4.1.0 finalBsy=Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdr=Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm =Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpm=Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}E=Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?o=Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oY=Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQ=Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3=Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start=Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oe=Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xo=Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{=Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B =Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!=Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!=Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;=Michael Young - 4.1.2-13OXA- fix a packaging error&oa=Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjok=Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeoI=Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmI=Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQ=Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mY=Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdm=Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQ=Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mW=Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mY=Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm==Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#=Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmK=Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mW=Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%=Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Cm=Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmG=Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmA=Michael Young - 4.1.3-5P~- rebuild for ocaml update~m=Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmw=Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4m=Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7=Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3=Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1ma=Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mC=Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/ma=Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{=Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m =Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,m=Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+ok=Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*m=Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mi=Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mi=Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'ma=Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&Yy=Michael Young P- correct disabling of xendomains.service on uninstall/%mu=Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mk=Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m =Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'Eme=Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmG=Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;=Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]Bm=Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;=Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mI=Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m =Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oG=Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-=Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mc=Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1=Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9=Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mC=Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8=Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}S=Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mc=Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oW=Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmW=Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?Xm=Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoC=Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoG=Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoC=Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.T=Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1=Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRme=Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmA=Michael Young - 4.4.0-8S@- rebuild for ocaml update/Pmu=Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=Om=Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)N=Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[=Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/=Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%=Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-=Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm =Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoW=Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmO=Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&Fmc=Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imY=Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmU=Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmE=Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/=Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem==Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%=Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coG=Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybo=Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'=Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`m=Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mc=Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^ma=Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3=Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\m=Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mg=Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#=Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{m=Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{=Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?=Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxm=Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]=Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;=Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%uma=Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tm=Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3=Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroC=Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.q=Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_=Michael Young U- gcc 5 bug is fixed so remove workaroundloom=Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}=Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoG=Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmA=Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7=Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm==Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}>Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_>Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_>Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U>Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_>Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S>Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E>Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_>Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i>Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y>Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO>Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y>Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'>Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!>Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg>Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%>Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM>Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_>Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+>Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy>Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;>Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7>CheA@- initial rpm release$m_=Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy=Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~o=Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oa=Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o =Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4w>Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y> - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq> - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w>Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y>Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu>Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q> - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N->Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A>Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q>Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#>Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I>Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO>Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1>Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s>Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG>Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG>Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO>Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU>Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g->Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O>Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_>Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#>Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y>Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C>Rik van Riel 2-20050520B@- qemu device model for VMXT_O>Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q>Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]>Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#>Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ >Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkm>Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?>Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS>Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_>Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko>Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]>Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s>Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk>Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q>Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/>Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!>Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q>Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[>Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y>Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q>Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q>Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ >Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y>Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{>Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI>Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w>Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=>Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO>Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s>Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s>Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}>Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis>Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iie>Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3>Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i>Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/>Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C>Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7>Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)>Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%>Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y>Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y>Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{>Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o>Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_>Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g>Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ >Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ >Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__>Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7>Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'>Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU>Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM>Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim>Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'>Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS>Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q>Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5>Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q>Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y>Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4Y>Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqU>Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]>Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y>Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw>Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y>Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7>Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye>Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI>Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_>Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM>Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo>Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+>Jeremy Katz - 3.0.3-3E<- fix the buildJt]=>Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#>Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W>Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{>Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps>Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig>Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm>Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M>Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yW>Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1>Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO>Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S>Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g>Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}>Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{>Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1>Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/>Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo>Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]>Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y>Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY>Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y->Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk>Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)>Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO>Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k>Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails>Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7>Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7>Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5>Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO>Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[>Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7c>Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eA>Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA>Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci>Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu>Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c>Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce>Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A>Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI>Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE>Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =>Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G>Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq>Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m>Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)>Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M>Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc>Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} >Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w>Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w>Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;>Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk>Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o >Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y>Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{>Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA>Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg>Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY>Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM>Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[>Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1Omy>Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_>Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)>Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E>jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm>Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm >Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)>Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm>Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5>Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI>Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%>David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW>Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%>Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg>Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc >Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs>Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/>Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce>Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[>Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c->Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA>Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW>Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9>Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c >Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wam>Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m>Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{>Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO>Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC>Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg>Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m >Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K>Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms>Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm->Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm>Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm>Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG>Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;>Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy>Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR>Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm >Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm>Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}E>Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to>Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY>Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ>Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3>Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp>Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe>Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno>Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{>Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl>Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!>Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!>Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;>Michael Young - 4.1.2-13OXA- fix a packaging error&hoa>Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok>Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI>Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI>Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ>Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY>Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm>Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQ>Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW>Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY>Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=>Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#>Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK>Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW>Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%>Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm>Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG>Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA>Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm>Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw>Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHm>Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7>Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3>Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma>Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC>Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma>Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{>Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m >Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m>Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok>Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m>Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi>Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi>Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma>Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy>Michael Young P- correct disabling of xendomains.service on uninstall/mu>Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk>Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym >Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%me>Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG>Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;>Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m>Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;>Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI>Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m >Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG>Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m->Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc>Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1>Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9>Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC>Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.>Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S>Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc>Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW>Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mW>Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m>Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC>Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG>Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC>Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4>Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1>Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me>Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA>Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu>Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m>Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).>Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[>Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/>Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%>Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m->Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m >Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW>Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO>Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc>Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImY>Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU>Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE>Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/>Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=>Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%>Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG>Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo>Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'>Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m>Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc>Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma>Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3>Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m>Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg>Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#>Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[m>Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{>Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?>Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm>Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]>Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;>Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma>Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm>Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3>Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC>Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q>Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_>Michael Young U- gcc 5 bug is fixed so remove workaroundlOom>Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}>Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG>Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA>Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7>Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=>Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}?Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_?Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_?Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U?Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_?Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S?Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E?Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_?Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i?Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y?Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO?Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y?Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'?Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!?Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg?Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%?Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM?Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_?Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+?Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy?Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;?Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7?CheA@- initial rpm release$`m_>Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy>Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o>Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa>Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o >Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxw?Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y? - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq? - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w?Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY?Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu?Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q? - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N ?Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A?Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q?Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#?Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I?Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO?Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1?Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs?Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG?Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG?Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO?Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU?Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-?Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O?Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_?Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#?Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y?Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C?Rik van Riel 2-20050520B@- qemu device model for VMXT{_O?Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q?Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]?Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#?Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ ?Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-km?Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g??Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS?Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_?Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko?Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]?Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s?Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k?Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q?Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/?Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!?Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q?Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![?Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y?Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ?Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ?Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ ?Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y?Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{?Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI?Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw?Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=?Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO?Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs?Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws?Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}?Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis?Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%Iie?Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3?Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i?Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/?Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C?Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7?Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)?Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%?Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y?Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y?Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{?Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o?Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_?Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g?Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ ?Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ ?Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__?Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7?Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'?Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU?Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM?Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im?Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'?Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS?Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q?Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5?Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q?Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y?Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aY?Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`U?Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]?Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y?Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw?Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y?Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7?Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye?Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI?Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_?Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM?Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo?Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+?Jeremy Katz - 3.0.3-3E<- fix the buildJT]=?Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#?Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W?Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{?Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps?Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig?Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm?Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M?Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyW?Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1?Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO?Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S?Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g?Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}?Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{?Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1?Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/?Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo?Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]?Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny?Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY?Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-?Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk?Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)?Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO?Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk?Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg?Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7?Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7?Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5?Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO?Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[?Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xc?Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeA?Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA?Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci?Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu?Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c?Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace?Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A?Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI?Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE?Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =?Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G?Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq?Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m?Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)?Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M?Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc?Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} ?Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w?Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w?Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;?Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk?Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo ?Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey?Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{?Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA?Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg?Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY?Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM?Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[?Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/my?Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_?Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)?Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E?jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm?Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m ?Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)?Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m?Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5?Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI?Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%?David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW?Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%?Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg?Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c ?Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs?Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/?Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace?Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[?Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-?Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA?Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW?Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.?Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c ?Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAm?Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m?Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{?Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO?Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC?Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg?Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m ?Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K?Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms?Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-?Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m?Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m?Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG?Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;?Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y?Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2?Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m ?Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m?Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}E?Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To?Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY?Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ?Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3?Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP?Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe?Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo?Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{?Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL?Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!?Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!?Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;?Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa?Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok?Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI?Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI?Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ?Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY?Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm?Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQ?Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW?Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY?Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=?Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#?Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK?Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW?Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%?Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm?Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG?Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA?Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm?Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw?Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtm?Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7?Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3?Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma?Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC?Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma?Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{?Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm ?Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm?Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok?Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm?Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi?Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi?Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma?Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy?Michael Young P- correct disabling of xendomains.service on uninstall/emu?Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk?Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm ?Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'me?Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG?Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;?Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m?Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;?Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI?Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m ?Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG?Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-?Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc?Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1?Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9?Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC?Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x?Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S?Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc?Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW?Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mW?Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m?Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC?Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG?Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC?Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.?Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1?Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme?Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA?Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu?Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m?Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)?Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[?Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/?Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%?Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-?Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m ?Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW?Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO?Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc?Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mY?Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU?Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE?Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/?Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=?Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%?Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG?Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o?Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'?Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m?Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc?Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema?Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3?Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m?Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg?Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#?Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;m?Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{?Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m??Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m?Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]?Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;?Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma?Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m?Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3?Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC?Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1?Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_?Michael Young U- gcc 5 bug is fixed so remove workaroundl/om?Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}?Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG?Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA?Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7?Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=?Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}@Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_@Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_@Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U@Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_@Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S@Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E@Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_@Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i@Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y@Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO@Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y@Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'@Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!@Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg@Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%@Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM@Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_@Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+@Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy@Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;@Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7@CheA@- initial rpm release$@m_?Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy?Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o?Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa?Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o ?Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cxtw@Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y@ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq@ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY@Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu@Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q@ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm@Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA@Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq@Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#@Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI@Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO@Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1@Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs@Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG@Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG@Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO@Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU@Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-@Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O@Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__@Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#@Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y@Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C@Rik van Riel 2-20050520B@- qemu device model for VMXT[_O@Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q@Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]@Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#@Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ @Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i km@Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?@Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS@Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_@Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko@Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]@Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s@Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk@Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q@Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/@Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!@Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q@Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[@Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y@Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ@Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q@Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ @Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y@Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{@Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI@Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw@Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=@Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO@Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs@Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus@Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}@Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is@Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ie@Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3@Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i@Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/@Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C@Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7@Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)@Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%@Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y@Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y@Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{@Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o@Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._@Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g@Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ @Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ @Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__@Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7@Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'@Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU@Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM@Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him@Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'@Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS@Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q@Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5@Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q@Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y@Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AY@Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@U@Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]@Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y@Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw@Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y@Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7@Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye@Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI@Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_@Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM@Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo@Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+@Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=@Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#@Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W@Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{@Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s@Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig@Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i@Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m@Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M@Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyW@Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1@Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO@Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S@Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g@Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}@Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{@Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1@Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/@Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo@Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]@Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny@Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY@Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-@Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk@Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)@Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO@Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk@Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG@Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7@Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7@Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5@Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO@Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[@Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwc@Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveA@Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA@Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci@Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu@Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc@Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce@Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A@Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI@Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE@Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =@Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G@Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq@Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m@Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)@Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M@Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc@Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} @Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew@Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w@Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;@Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk@Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao @Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y@Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{@Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA@Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg@Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY@Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM@Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[@Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1my@Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_@Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)@Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E@jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm@Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m @Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)@Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m@Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5@Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI@Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%@David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW@Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%@Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg@Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc @Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs@Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/@Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce@Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[@Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-@Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA@Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW@Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y@Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc @Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!m@Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m@Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{@Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO@Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC@Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg@Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m @Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K@Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms@Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-@Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m@Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um@Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG@Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;@Michael Young - 4.1.0-1M- update to 4.1.0 finalBy@Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd@Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm @Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm@Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}E@Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o@Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY@Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ@Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3@Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0@Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe@Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o@Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{@Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,@Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!@Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!@Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;@Michael Young - 4.1.2-13OXA- fix a packaging error&(oa@Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok@Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI@Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI@Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ@Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY@Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m@Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQ@Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW@Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY@Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=@Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#@Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK@Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW@Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%@Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m@Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG@Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA@Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m@Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw@Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTm@Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7@Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3@Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma@Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC@Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma@Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{@Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm @Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm@Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok@Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm@Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi@Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi@Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma@Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy@Michael Young P- correct disabling of xendomains.service on uninstall/Emu@Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk@Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm @Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'eme@Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG@Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;@Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm@Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;@Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI@Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m @Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG@Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-@Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc@Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1@Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9@Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC@Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X@Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S@Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc@Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW@Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymW@Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm@Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC@Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG@Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC@Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t@Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1@Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme@Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA@Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu@Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om@Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n@Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[@Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/@Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%@Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-@Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim @Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW@Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO@Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc@Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mY@Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU@Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE@Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/@Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=@Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%@Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG@Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo@Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'@Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm@Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc@Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma@Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3@Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m@Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg@Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#@Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?m@Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{@Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?@Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm@Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]@Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;@Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma@Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m@Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3@Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC@Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.@Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_@Michael Young U- gcc 5 bug is fixed so remove workaroundlom@Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}@Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG@Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA@Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7@Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=@Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}ARik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_ARik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_ARik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UARik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_ARik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SARik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EARik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_ARik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iARik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YARik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOARik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YARik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'AJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!ARik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgAJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%ARik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMARik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_ARik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+ARik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyARik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;ARik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7ACheA@- initial rpm release$ m_@Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy@Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello@Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa@Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o @Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwABill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YA - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqA - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYABill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuAJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qA - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMAJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAAJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqADaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#AJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIAJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOAJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1AJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsAJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGAJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGAJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOAJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUARik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-ARik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OARik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_ARik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#ARik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yARik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CARik van Riel 2-20050520B@- qemu device model for VMXT;_OARik van Riel 2-20050519B- apply some VMX related bugfixesU:_QARik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]AJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#ARik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ ARik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmADaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?AStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSAStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_AJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoADaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]AJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sAJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkADaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qAJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/AJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!AStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QAJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[AStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yARik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QAStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QAStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ AJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YAJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{AJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIAJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwAJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=AJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOAJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsAJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsABill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}ADaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isAStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieAStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3AStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iAJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/AJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CAJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7AJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)AJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%AJeremy Katz - 3.0.2-28D,@- fix a typoY_YAJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YAJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{AJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oAJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_AJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gAJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ ARik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ AJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__AJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7AJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'AMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUAMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMADaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimAStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'AStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSADaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QAJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5AJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qAJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YAJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YADaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UADaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]ADaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyADaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywADaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yADaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7ADaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeADaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIADaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_ADaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMADaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoADaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+AJeremy Katz - 3.0.3-3E<- fix the buildJ]=AJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#ADaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WAJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{AStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sADaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigAStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iAStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mADaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MAJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWADaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81ARelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOADaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SADaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gADaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}ADaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{ADaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1AChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/ADaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoADaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]ADaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yADaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYADaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-ADaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skAMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)ADaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOADaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kADaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'ADaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7ADaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7ADaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5ADaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OADaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[ADaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcAGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAAGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAAGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciAGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuAGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcAGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceAGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AATomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIAGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEAGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =AIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GADaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqAMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mADaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)AMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MADaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcAMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} ADaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwAMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wADaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;ADaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykADaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo AMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yADaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{ADaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAADaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygADaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYADaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMADaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[ADaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyAMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_AMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)AMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EAjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmAMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm AMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)AMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmAMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5AMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIAMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%ADavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWAMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%AMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgAMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac AGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csAGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/AJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceAGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[AGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-AGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAAGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWAGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YAFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc AGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmAMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmAMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{AMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOAMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCAMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgAMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m AMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KAMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsAMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-AMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmAMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmAMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGAMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;AMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyAMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrAFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm AMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmAMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EAMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oAMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYAMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQAMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3AMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startAFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeAMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoAMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{AMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B AMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!AMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!AMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;AMichael Young - 4.1.2-13OXA- fix a packaging error&oaAMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokAMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIAMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIAMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQAMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYAMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmAMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQAMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWAMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYARichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=AMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#AMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKAMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWAMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%AMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmAMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGAMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAAMichael Young - 4.1.3-5P~- rebuild for ocaml update~mAMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwAMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mAMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7AMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3AMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maAMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCAMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maAMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{AMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m AMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mAMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okAMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mAMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miAMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miAMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maAMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyAMichael Young P- correct disabling of xendomains.service on uninstall/%muAMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkAMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m AMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeAMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGAMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;AMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmAMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;AMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIAMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m AMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGAMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-AMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcAMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1AMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9AMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCARichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8AFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SAMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcAMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWAMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWAMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmAMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCARichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGARichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCARichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TAFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1AMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeARichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAAMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuAMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmAMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NAFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[AMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/AMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%AMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-AMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm AMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWAMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOAMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcAMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYAMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUAMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEAMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/AMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=AMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%AMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGAMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboAMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'AMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mAMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcAMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maAMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3AMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mAMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgAMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#AMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mAMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{AMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?AMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmAMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]AMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;ARichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaAMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmAMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3AMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCARichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qAFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_AMichael Young U- gcc 5 bug is fixed so remove workaroundloomAMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}AMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGAMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAAMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7AMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=AMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}BRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_BRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_BRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UBRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_BRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SBRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EBRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_BRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iBRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YBRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOBRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YBRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'BJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!BRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgBJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%BRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMBRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_BRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+BRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyBRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;BRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7BCheA@- initial rpm release$m_AMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyAMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oAMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaAMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o AMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792)ztnhb\VPJD>82,& ~xrlf`ZTNHB<60*$  | v p j d ^ X R L F @ : 4 . ( "     z t n h b \ V P J D > 8 2 , &      ~ x r l f ` Z T N H B < 6 0 * $     | v p j d ^ X R L F @ : 4 . ( "     z t n h b \ V P J D > 8 2 , &     ~xrlf`ZTNHB<60*$ |vpjd^XRLF@:4.(" ztnhb\VPJD>82,& ~xrlf`ZTNHB<60*$ |vpjd^XRLF@:4.(" {iYE4"oW9! mT6 yeTB5!wYA+ tV;)tbUA/yaK-v[I9%uaO7kM4{iYE4"~o}W|9{!z ymxTu6ts ryqepToBn5m!lkwjYiAh+g fteVd;c)ba`t_b^U]A\/[ZyYaXKW-VUvT[SIR9Q%PONuMaLOK7JIHkGMF4ED{CiBYAE@4?">==82,& |vpjd^XRLF@:4.(" ztnhb\VPJD>82,&  ~ x r l f ` Z T N H B < 6 0 * $     | v p j d ^ X R L F @ : 4 . ( "     z t n h b \ V P J D > 8 2 , &      z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     }vohaZSLE>70)" zsle^ }vohaZSLE>70)" w vyuetTsBr5qpovnXm@l)k jtiVh;g)fedtcbbUa?`._^x]`\I[,ZYvX[WIV9U%TSRuQ_PNO6NMLiKLJ4IH{GiFYEED4C"BA@n?V>8= < {iYE4"oW9! mT6 yeTB5!wYA+ tV;)tbUA/yaK-v[I9%uaO7kM4;l:T9687 6y5e4T3B2510/v.X-@,)+ *t)V(;')&%$t#b"U!? .x`I,v[I9%u_N6  i L 4 {iYE4"nV8  lT6 yeTB5 wYA+ tV;)tbUA/yaK-v[I9%uaO7kM4{iYE4"oW9! mT6 yeTB5!wYA+ tV;)tbUA/yaK-v[I9%uaO7kM4{iYE4"oW~9}!| {mzTy6xw vyuetTsBr5q!pownYmAl+k jtiVh;g)fedtcbbUaA`/_^y]a\K[-ZYvX[WIV9U%TSRuQaPOO7NMLkKMJ4IH{GiFYEED4C"BA@o?W>9=!< ;m:T9687 6y5e4T3B251!0/w.Y-A,++ *t)V(;')&%$t#b"U!A /yaK-v[I9%uaO7  k M 4 I C  / ?iN] 0Cx4wBBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YB - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqB - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wBJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YBBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuBJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qB - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-BJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,ABJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qBDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#BJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IBJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOBJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1BJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sBJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGBJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGBJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOBJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUBRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-BRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OBRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_BRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#BRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yBRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CBRik van Riel 2-20050520B@- qemu device model for VMXT_OBRik van Riel 2-20050519B- apply some VMX related bugfixesU_QBRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]BJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#BRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ BRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmBDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?BStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSBStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_BJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoBDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]BJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sBJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkBDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qBJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/BJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!BStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QBJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[BStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yBRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QBStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QBStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ BJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YBJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{BJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIBJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wBJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=BJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOBJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sBJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sBBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}BDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisBStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieBStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3BStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iBJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/BJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CBJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7BJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)BJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%BJeremy Katz - 3.0.2-28D,@- fix a typoYa_YBJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YBJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{BJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oBJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_BJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gBJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ BRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ BJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__BJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7BJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'BMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUBMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMBDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimBStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'BStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSBDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QBJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5BJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qBJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YBJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YBDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUBDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]BDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yBDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywBDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yBDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7BDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeBDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIBDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_BDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMBDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoBDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+BJeremy Katz - 3.0.3-3E<- fix the buildJt]=BJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#BDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WBJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{BStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psBDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigBStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmBDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MBJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWBDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1BRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOBDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SBDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gBDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}BDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{BDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1BChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/BDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoBDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]BDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yBDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYBDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-BDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skBMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)BDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOBDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kBDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsBDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7BDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7BDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5BDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOBDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[BDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cBGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eABGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cABGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciBGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuBGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cBGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceBGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ABTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIBGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEBGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =BIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GBDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqBMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mBDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)BMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MBDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcBMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} BDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wBMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wBDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;BDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykBDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o BMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yBDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{BDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yABDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygBDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYBDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMBDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[BDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyBMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_BMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)BMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1EBjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmBMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm BMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)BMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmBMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5BMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIBMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%BDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWBMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%BMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgBMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc BGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csBGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/BJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceBGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[BGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-BGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cABGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWBGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9BFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c BGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamBMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mBMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{BMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOBMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCBMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgBMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m BMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KBMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsBMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-BMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmBMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmBMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGBMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;BMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyBMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRBFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm BMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmBMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}EBMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toBMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYBMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQBMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3BMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpBFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeBMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoBMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{BMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlBMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!BMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!BMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;BMichael Young - 4.1.2-13OXA- fix a packaging error&hoaBMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokBMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIBMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIBMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQBMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYBMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmBMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQBMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWBMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYBRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=BMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#BMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKBMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWBMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%BMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmBMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGBMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmABMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmBMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwBMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmBMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7BMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3BMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maBMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCBMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maBMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{BMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m BMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mBMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okBMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mBMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miBMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miBMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maBMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyBMichael Young P- correct disabling of xendomains.service on uninstall/muBMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkBMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym BMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meBMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGBMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;BMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mBMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;BMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIBMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m BMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGBMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-BMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcBMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1BMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9BMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCBRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.BFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SBMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcBMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWBMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWBMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mBMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCBRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGBRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCBRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4BFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1BMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meBRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mABMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muBMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mBMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).BFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[BMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/BMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%BMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-BMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m BMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWBMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOBMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcBMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYBMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUBMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEBMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/BMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=BMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%BMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGBMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoBMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'BMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mBMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcBMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maBMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3BMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mBMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgBMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#BMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mBMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{BMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?BMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmBMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]BMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;BRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaBMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmBMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3BMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCBRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QBFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_BMichael Young U- gcc 5 bug is fixed so remove workaroundlOomBMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}BMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGBMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmABMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7BMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=BMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}CRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_CRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_CRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UCRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_CRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SCRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_ECRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_CRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iCRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YCRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOCRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YCRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'CJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!CRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgCJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%CRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMCRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_CRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+CRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyCRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;CRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7CCheA@- initial rpm release$`m_BMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyBMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oBMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaBMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o BMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwCBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YC - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqC - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wCJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYCBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuCJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qC - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N CJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ACJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qCDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#CJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa ICJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOCJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1CJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsCJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGCJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGCJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOCJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUCRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-CRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OCRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_CRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#CRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yCRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CCRik van Riel 2-20050520B@- qemu device model for VMXT{_OCRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QCRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]CJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#CRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ CRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmCDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?CStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSCStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_CJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koCDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]CJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sCJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kCDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qCJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/CJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!CStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QCJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![CStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yCRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQCStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQCStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ CJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YCJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{CJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wICJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswCJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=CJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOCJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsCJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsCBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}CDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisCStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieCStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3CStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iCJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/CJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CCJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7CJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)CJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%CJeremy Katz - 3.0.2-28D,@- fix a typoYA_YCJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YCJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{CJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oCJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_CJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gCJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ CRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ CJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__CJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7CJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'CMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUCMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMCDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imCStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'CStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSCDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QCJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5CJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qCJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YCJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYCDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UCDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]CDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yCDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywCDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yCDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7CDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeCDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyICDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_CDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMCDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoCDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+CJeremy Katz - 3.0.3-3E<- fix the buildJT]=CJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#CDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WCJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{CStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsCDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigCStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmCDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MCJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWCDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1CRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOCDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SCDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gCDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}CDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{CDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1CChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/CDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoCDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]CDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyCDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYCDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-CDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskCMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)CDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOCDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkCDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgCDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7CDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7CDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5CDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOCDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[CDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcCGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeACGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cACGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciCGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuCGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cCGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceCGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[ACTomas Mraz - 3.3.1-2Is- rebuild with new opensslScICGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cECGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =CIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GCDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqCMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mCDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)CMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MCDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcCMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} CDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wCMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wCDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;CDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykCDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo CMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyCDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{CDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yACDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygCDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYCDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMCDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[CDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myCMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_CMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)CMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1ECjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmCMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m CMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)CMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mCMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5CMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mICMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%CDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWCMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%CMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgCMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c CGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csCGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/CJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceCGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[CGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-CGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcACGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWCGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.CFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c CGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmCMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mCMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{CMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOCMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCCMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgCMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m CMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KCMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msCMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-CMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mCMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mCMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGCMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;CMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yCMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2CFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m CMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mCMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}ECMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToCMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYCMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQCMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3CMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPCFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeCMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoCMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{CMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLCMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!CMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!CMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;CMichael Young - 4.1.2-13OXA- fix a packaging error&HoaCMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokCMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoICMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmICMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQCMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYCMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmCMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQCMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWCMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYCRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=CMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#CMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKCMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWCMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%CMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmCMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGCMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmACMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmCMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwCMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmCMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7CMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3CMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaCMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCCMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaCMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{CMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm CMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmCMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokCMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmCMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiCMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiCMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaCMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyCMichael Young P- correct disabling of xendomains.service on uninstall/emuCMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkCMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm CMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meCMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGCMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;CMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mCMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;CMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mICMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m CMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGCMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-CMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcCMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1CMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9CMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCCRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xCFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SCMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcCMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWCMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWCMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mCMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCCRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGCRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCCRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.CFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1CMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeCRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmACMichael Young - 4.4.0-8S@- rebuild for ocaml update/muCMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mCMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)CFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[CMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/CMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%CMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-CMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m CMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWCMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOCMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcCMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYCMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUCMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mECMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/CMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=CMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%CMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGCMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oCMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'CMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mCMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcCMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaCMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3CMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mCMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgCMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#CMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mCMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{CMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?CMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mCMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]CMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;CRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maCMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mCMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3CMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCCRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1CFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_CMichael Young U- gcc 5 bug is fixed so remove workaroundl/omCMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}CMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGCMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mACMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7CMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=CMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}DRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_DRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_DRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UDRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_DRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SDRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EDRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_DRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iDRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YDRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcODRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YDRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'DJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!DRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgDJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%DRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMDRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_DRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+DRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyDRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;DRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7DCheA@- initial rpm release$@m_CMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyCMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oCMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaCMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o CMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwDBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YD - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqD - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYDBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuDJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qD - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmDJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lADJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqDDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#DJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIDJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwODJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1DJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsDJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGDJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGDJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwODJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUDRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-DRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_ODRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__DRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#DRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yDRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CDRik van Riel 2-20050520B@- qemu device model for VMXT[_ODRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QDRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]DJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#DRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ DRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmDDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?DStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSDStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_DJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koDDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]DJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sDJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkDDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qDJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/DJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!DStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QDJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[DStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yDRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQDStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QDStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ DJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YDJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{DJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIDJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywDJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=DJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwODJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsDJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusDBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}DDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isDStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ieDStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3DStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iDJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/DJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CDJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7DJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)DJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%DJeremy Katz - 3.0.2-28D,@- fix a typoY!_YDJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YDJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{DJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oDJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._DJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gDJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ DRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ DJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__DJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7DJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'DMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUDMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMDDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himDStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'DStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSDDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QDJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5DJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qDJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YDJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYDDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@UDDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]DDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yDDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywDDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yDDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7DDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeDDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIDDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_DDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMDDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoDDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+DJeremy Katz - 3.0.3-3E<- fix the buildJ4]=DJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#DDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WDJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{DStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sDDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igDStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iDStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mDDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MDJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWDDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1DRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyODDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SDDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gDDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}DDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{DDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1DChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/DDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoDDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]DDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyDDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYDDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-DDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskDMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)DDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyODDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkDDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGDDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7DDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7DDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5DDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCODDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[DDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcDGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveADGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucADGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciDGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuDGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcDGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceDGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[ADTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIDGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEDGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =DIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GDDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqDMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mDDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)DMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MDDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcDMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} DDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewDMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wDDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;DDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykDDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao DMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yDDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{DDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yADDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygDDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYDDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMDDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[DDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1myDMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_DMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)DMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1EDjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmDMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m DMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)DMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mDMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5DMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIDMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%DDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWDMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%DMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgDMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc DGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsDGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/DJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceDGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[DGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-DGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cADGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWDGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yDFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc DGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!mDMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mDMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{DMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mODMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCDMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgDMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m DMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KDMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsDMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-DMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mDMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umDMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGDMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;DMichael Young - 4.1.0-1M- update to 4.1.0 finalByDMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdDFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm DMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmDMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}EDMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oDMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYDMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQDMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3DMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0DFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeDMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oDMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{DMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,DMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!DMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!DMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;DMichael Young - 4.1.2-13OXA- fix a packaging error&(oaDMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okDMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIDMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIDMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQDMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYDMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mDMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQDMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWDMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYDRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=DMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#DMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKDMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWDMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%DMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mDMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGDMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mADMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mDMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwDMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTmDMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7DMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3DMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaDMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCDMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaDMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{DMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm DMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmDMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokDMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmDMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiDMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiDMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaDMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyDMichael Young P- correct disabling of xendomains.service on uninstall/EmuDMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkDMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm DMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'emeDMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGDMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;DMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmDMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;DMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIDMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m DMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGDMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-DMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcDMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1DMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9DMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCDRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XDFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SDMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcDMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWDMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymWDMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmDMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCDRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGDRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCDRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tDFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1DMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeDRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmADMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuDMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omDMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nDFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[DMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/DMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%DMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-DMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim DMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWDMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmODMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcDMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mYDMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUDMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEDMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/DMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=DMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%DMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGDMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoDMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'DMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmDMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcDMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maDMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3DMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mDMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgDMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#DMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?mDMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{DMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?DMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmDMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]DMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;DRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maDMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mDMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3DMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCDRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.DFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_DMichael Young U- gcc 5 bug is fixed so remove workaroundlomDMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}DMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGDMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mADMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7DMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=DMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}ERik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_ERik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_ERik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UERik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_ERik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SERik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EERik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_ERik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iERik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YERik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOERik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YERik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'EJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!ERik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgEJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%ERik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMERik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_ERik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+ERik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyERik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;ERik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7ECheA@- initial rpm release$ m_DMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyDMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloDMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaDMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o DMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwEBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YE - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqE - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYEBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuEJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qE - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMEJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAEJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqEDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#EJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIEJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOEJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1EJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsEJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGEJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGEJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOEJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUERik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-ERik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OERik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_ERik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#ERik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yERik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CERik van Riel 2-20050520B@- qemu device model for VMXT;_OERik van Riel 2-20050519B- apply some VMX related bugfixesU:_QERik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]EJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#ERik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ ERik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmEDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?EStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSEStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_EJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoEDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]EJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sEJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkEDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qEJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/EJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!EStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QEJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[EStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yERik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QEStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QEStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ EJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YEJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{EJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIEJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwEJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=EJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOEJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsEJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsEBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}EDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isEStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieEStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3EStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iEJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/EJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CEJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7EJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)EJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%EJeremy Katz - 3.0.2-28D,@- fix a typoY_YEJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YEJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{EJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oEJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_EJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gEJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ ERik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ EJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__EJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7EJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'EMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUEMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMEDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimEStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'EStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSEDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QEJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5EJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qEJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YEJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YEDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UEDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]EDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyEDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywEDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yEDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7EDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeEDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIEDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_EDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMEDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoEDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+EJeremy Katz - 3.0.3-3E<- fix the buildJ]=EJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#EDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WEJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{EStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sEDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigEStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iEStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mEDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MEJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWEDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81ERelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOEDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SEDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gEDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}EDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{EDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1EChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/EDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoEDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]EDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yEDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYEDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-EDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skEMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)EDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOEDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kEDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'EDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7EDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7EDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5EDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OEDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[EDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcEGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAEGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAEGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciEGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuEGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcEGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceEGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AETomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIEGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEEGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =EIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GEDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqEMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mEDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)EMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MEDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcEMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} EDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwEMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wEDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;EDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykEDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo EMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yEDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{EDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAEDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygEDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYEDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMEDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[EDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyEMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_EMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)EMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EEjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmEMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm EMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)EMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmEMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5EMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIEMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%EDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWEMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%EMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgEMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac EGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csEGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/EJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceEGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[EGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-EGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAEGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWEGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YEFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc EGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmEMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmEMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{EMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOEMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCEMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgEMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m EMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KEMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsEMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-EMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmEMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmEMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGEMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;EMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyEMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrEFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm EMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmEMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EEMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oEMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYEMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQEMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3EMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startEFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeEMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoEMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{EMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B EMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!EMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!EMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;EMichael Young - 4.1.2-13OXA- fix a packaging error&oaEMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokEMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIEMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIEMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQEMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYEMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmEMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQEMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWEMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYERichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=EMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#EMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKEMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWEMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%EMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmEMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGEMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAEMichael Young - 4.1.3-5P~- rebuild for ocaml update~mEMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwEMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mEMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7EMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3EMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maEMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCEMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maEMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{EMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m EMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mEMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okEMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mEMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miEMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miEMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maEMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyEMichael Young P- correct disabling of xendomains.service on uninstall/%muEMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkEMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m EMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeEMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGEMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;EMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmEMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;EMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIEMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m EMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGEMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-EMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcEMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1EMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9EMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCERichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8EFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SEMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcEMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWEMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWEMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmEMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCERichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGERichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCERichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TEFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1EMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeERichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAEMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuEMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmEMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NEFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[EMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/EMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%EMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-EMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm EMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWEMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOEMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcEMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYEMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUEMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEEMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/EMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=EMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%EMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGEMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboEMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'EMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mEMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcEMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maEMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3EMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mEMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgEMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#EMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mEMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{EMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?EMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmEMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]EMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;ERichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaEMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmEMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3EMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCERichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qEFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_EMichael Young U- gcc 5 bug is fixed so remove workaroundloomEMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}EMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGEMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAEMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7EMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=EMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}FRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_FRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_FRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UFRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_FRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SFRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EFRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_FRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iFRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YFRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOFRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YFRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'FJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!FRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgFJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%FRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMFRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_FRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+FRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyFRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;FRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7FCheA@- initial rpm release$m_EMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyEMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oEMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaEMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o EMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4wFBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YF - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqF - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wFJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YFBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuFJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qF - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-FJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AFJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qFDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#FJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IFJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOFJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1FJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sFJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGFJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGFJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOFJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUFRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-FRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OFRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_FRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#FRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yFRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CFRik van Riel 2-20050520B@- qemu device model for VMXT_OFRik van Riel 2-20050519B- apply some VMX related bugfixesU_QFRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]FJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#FRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ FRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmFDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?FStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSFStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_FJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoFDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]FJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sFJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkFDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qFJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/FJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!FStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QFJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[FStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yFRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QFStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QFStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ FJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YFJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{FJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIFJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wFJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=FJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOFJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sFJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sFBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}FDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisFStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieFStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3FStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iFJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/FJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CFJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7FJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)FJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%FJeremy Katz - 3.0.2-28D,@- fix a typoYa_YFJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YFJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{FJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oFJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_FJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gFJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ FRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ FJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__FJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7FJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'FMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUFMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMFDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimFStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'FStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSFDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QFJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5FJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qFJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YFJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YFDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUFDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]FDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yFDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywFDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yFDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7FDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeFDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIFDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_FDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMFDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoFDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+FJeremy Katz - 3.0.3-3E<- fix the buildJt]=FJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#FDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WFJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{FStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psFDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigFStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmFDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MFJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWFDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1FRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOFDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SFDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gFDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}FDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{FDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1FChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/FDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoFDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]FDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yFDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYFDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-FDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skFMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)FDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOFDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kFDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsFDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7FDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7FDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5FDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOFDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[FDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cFGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eAFGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAFGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciFGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuFGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cFGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceFGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AFTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIFGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEFGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =FIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GFDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqFMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mFDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)FMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MFDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcFMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} FDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wFMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wFDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;FDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykFDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o FMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yFDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{FDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAFDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygFDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYFDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMFDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[FDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyFMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_FMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)FMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1EFjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmFMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm FMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)FMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmFMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5FMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIFMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%FDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWFMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%FMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgFMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc FGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csFGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/FJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceFGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[FGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-FGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAFGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWFGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9FFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c FGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamFMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mFMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{FMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOFMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCFMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgFMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m FMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KFMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsFMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-FMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmFMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmFMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGFMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;FMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyFMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRFFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm FMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmFMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}EFMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toFMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYFMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQFMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3FMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpFFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeFMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoFMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{FMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlFMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!FMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!FMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;FMichael Young - 4.1.2-13OXA- fix a packaging error&hoaFMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokFMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIFMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIFMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQFMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYFMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmFMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQFMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWFMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYFRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=FMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#FMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKFMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWFMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%FMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmFMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGFMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAFMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmFMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwFMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmFMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7FMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3FMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maFMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCFMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maFMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{FMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m FMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mFMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okFMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mFMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miFMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miFMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maFMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyFMichael Young P- correct disabling of xendomains.service on uninstall/muFMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkFMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym FMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meFMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGFMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;FMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mFMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;FMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIFMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m FMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGFMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-FMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcFMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1FMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9FMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCFRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.FFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SFMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcFMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWFMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWFMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mFMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCFRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGFRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCFRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4FFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1FMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meFRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAFMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muFMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mFMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).FFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[FMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/FMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%FMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-FMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m FMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWFMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOFMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcFMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYFMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUFMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEFMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/FMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=FMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%FMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGFMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoFMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'FMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mFMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcFMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maFMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3FMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mFMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgFMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#FMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mFMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{FMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?FMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmFMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]FMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;FRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaFMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmFMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3FMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCFRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QFFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_FMichael Young U- gcc 5 bug is fixed so remove workaroundlOomFMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}FMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGFMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAFMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7FMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=FMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}GRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_GRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_GRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UGRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_GRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SGRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EGRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_GRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iGRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YGRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOGRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YGRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'GJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!GRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgGJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%GRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMGRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_GRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+GRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyGRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;GRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7GCheA@- initial rpm release$`m_FMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyFMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oFMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaFMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o FMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwGBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YG - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqG - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wGJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYGBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuGJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qG - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N GJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AGJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qGDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#GJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IGJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOGJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1GJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsGJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGGJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGGJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOGJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUGRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-GRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OGRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_GRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#GRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yGRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CGRik van Riel 2-20050520B@- qemu device model for VMXT{_OGRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QGRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]GJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#GRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ GRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmGDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?GStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSGStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_GJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koGDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]GJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sGJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kGDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qGJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/GJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!GStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QGJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![GStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yGRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQGStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQGStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ GJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YGJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{GJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIGJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswGJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=GJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOGJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsGJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsGBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}GDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisGStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieGStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3GStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iGJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/GJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CGJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7GJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)GJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%GJeremy Katz - 3.0.2-28D,@- fix a typoYA_YGJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YGJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{GJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oGJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_GJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gGJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ GRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ GJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__GJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7GJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'GMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUGMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMGDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imGStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'GStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSGDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QGJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5GJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qGJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YGJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYGDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UGDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]GDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yGDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywGDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yGDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7GDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeGDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIGDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_GDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMGDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoGDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+GJeremy Katz - 3.0.3-3E<- fix the buildJT]=GJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#GDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WGJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{GStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsGDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigGStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmGDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MGJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWGDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1GRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOGDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SGDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gGDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}GDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{GDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1GChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/GDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoGDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]GDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyGDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYGDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-GDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskGMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)GDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOGDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkGDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgGDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7GDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7GDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5GDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOGDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[GDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcGGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeAGGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAGGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciGGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuGGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cGGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceGGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AGTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIGGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEGGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =GIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GGDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqGMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mGDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)GMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MGDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcGMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} GDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wGMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wGDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;GDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykGDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo GMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyGDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{GDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAGDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygGDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYGDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMGDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[GDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myGMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_GMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)GMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1EGjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmGMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m GMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)GMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mGMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5GMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIGMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%GDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWGMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%GMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgGMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c GGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csGGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/GJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceGGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[GGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-GGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAGGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWGGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.GFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c GGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmGMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mGMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{GMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOGMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCGMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgGMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m GMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KGMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msGMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-GMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mGMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mGMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGGMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;GMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yGMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2GFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m GMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mGMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}EGMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToGMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYGMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQGMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3GMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPGFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeGMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoGMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{GMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLGMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!GMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!GMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;GMichael Young - 4.1.2-13OXA- fix a packaging error&HoaGMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokGMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIGMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIGMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQGMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYGMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmGMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQGMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWGMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYGRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=GMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#GMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKGMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWGMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%GMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmGMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGGMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAGMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmGMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwGMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmGMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7GMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3GMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaGMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCGMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaGMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{GMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm GMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmGMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokGMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmGMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiGMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiGMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaGMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyGMichael Young P- correct disabling of xendomains.service on uninstall/emuGMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkGMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm GMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meGMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGGMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;GMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mGMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;GMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIGMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m GMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGGMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-GMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcGMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1GMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9GMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCGRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xGFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SGMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcGMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWGMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWGMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mGMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCGRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGGRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCGRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.GFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1GMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeGRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAGMichael Young - 4.4.0-8S@- rebuild for ocaml update/muGMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mGMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)GFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[GMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/GMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%GMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-GMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m GMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWGMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOGMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcGMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYGMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUGMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEGMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/GMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=GMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%GMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGGMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oGMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'GMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mGMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcGMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaGMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3GMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mGMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgGMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#GMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mGMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{GMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?GMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mGMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]GMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;GRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maGMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mGMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3GMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCGRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1GFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_GMichael Young U- gcc 5 bug is fixed so remove workaroundl/omGMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}GMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGGMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAGMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7GMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=GMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}HRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_HRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_HRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UHRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_HRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SHRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EHRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_HRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iHRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YHRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOHRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YHRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'HJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!HRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgHJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%HRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMHRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_HRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+HRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyHRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;HRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7HCheA@- initial rpm release$@m_GMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyGMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oGMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaGMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o GMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwHBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YH - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqH - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYHBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuHJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qH - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmHJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAHJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqHDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#HJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIHJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOHJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1HJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsHJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGHJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGHJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOHJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUHRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-HRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OHRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__HRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#HRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yHRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CHRik van Riel 2-20050520B@- qemu device model for VMXT[_OHRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QHRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]HJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#HRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ HRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmHDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?HStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSHStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_HJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koHDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]HJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sHJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkHDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qHJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/HJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!HStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QHJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[HStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yHRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQHStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QHStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ HJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YHJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{HJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIHJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywHJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=HJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOHJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsHJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusHBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}HDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isHStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ieHStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3HStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iHJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/HJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CHJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7HJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)HJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%HJeremy Katz - 3.0.2-28D,@- fix a typoY!_YHJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YHJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{HJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oHJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._HJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gHJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ HRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ HJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__HJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7HJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'HMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUHMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMHDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himHStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'HStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSHDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QHJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5HJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qHJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YHJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYHDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@UHDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]HDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yHDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywHDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yHDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7HDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeHDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIHDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_HDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMHDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoHDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+HJeremy Katz - 3.0.3-3E<- fix the buildJ4]=HJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#HDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WHJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{HStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sHDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igHStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iHStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mHDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MHJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWHDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1HRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOHDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SHDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gHDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}HDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{HDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1HChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/HDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoHDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]HDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyHDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYHDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-HDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskHMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)HDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOHDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkHDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGHDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7HDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7HDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5HDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOHDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[HDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcHGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveAHGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAHGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciHGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuHGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcHGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceHGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[AHTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIHGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEHGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =HIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GHDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqHMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mHDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)HMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MHDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcHMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} HDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewHMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wHDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;HDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykHDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao HMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yHDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{HDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAHDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygHDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYHDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMHDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[HDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1myHMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_HMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)HMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1EHjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmHMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m HMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)HMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mHMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5HMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIHMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%HDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWHMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%HMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgHMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc HGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsHGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/HJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceHGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[HGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-HGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAHGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWHGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yHFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc HGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!mHMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mHMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{HMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOHMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCHMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgHMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m HMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KHMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsHMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-HMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mHMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umHMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGHMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;HMichael Young - 4.1.0-1M- update to 4.1.0 finalByHMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdHFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm HMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmHMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}EHMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oHMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYHMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQHMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3HMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0HFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeHMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oHMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{HMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,HMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!HMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!HMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;HMichael Young - 4.1.2-13OXA- fix a packaging error&(oaHMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okHMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIHMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIHMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQHMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYHMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mHMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQHMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWHMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYHRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=HMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#HMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKHMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWHMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%HMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mHMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGHMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAHMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mHMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwHMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTmHMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7HMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3HMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaHMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCHMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaHMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{HMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm HMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmHMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokHMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmHMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiHMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiHMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaHMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyHMichael Young P- correct disabling of xendomains.service on uninstall/EmuHMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkHMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm HMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'emeHMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGHMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;HMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmHMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;HMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIHMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m HMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGHMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-HMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcHMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1HMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9HMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCHRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XHFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SHMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcHMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWHMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymWHMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmHMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCHRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGHRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCHRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tHFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1HMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeHRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAHMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuHMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omHMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nHFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[HMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/HMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%HMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-HMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim HMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWHMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOHMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcHMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mYHMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUHMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEHMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/HMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=HMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%HMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGHMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoHMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'HMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmHMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcHMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maHMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3HMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mHMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgHMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#HMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?mHMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{HMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?HMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmHMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]HMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;HRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maHMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mHMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3HMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCHRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.HFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_HMichael Young U- gcc 5 bug is fixed so remove workaroundlomHMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}HMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGHMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAHMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7HMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=HMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}IRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_IRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_IRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UIRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_IRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SIRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EIRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_IRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iIRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YIRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOIRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YIRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'IJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!IRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgIJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%IRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMIRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_IRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+IRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyIRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;IRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7ICheA@- initial rpm release$ m_HMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyHMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloHMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaHMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o HMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwIBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YI - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqI - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYIBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuIJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qI - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMIJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAIJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqIDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#IJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIIJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOIJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1IJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsIJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGIJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGIJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOIJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUIRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-IRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OIRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_IRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#IRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yIRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CIRik van Riel 2-20050520B@- qemu device model for VMXT;_OIRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QIRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]IJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#IRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ IRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmIDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?IStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSIStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_IJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoIDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]IJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sIJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkIDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qIJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/IJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!IStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QIJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[IStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yIRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QIStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QIStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ IJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YIJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{IJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIIJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwIJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=IJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOIJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsIJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsIBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}IDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isIStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieIStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3IStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iIJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/IJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CIJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7IJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)IJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%IJeremy Katz - 3.0.2-28D,@- fix a typoY_YIJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YIJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{IJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oIJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_IJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gIJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ IRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ IJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__IJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7IJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'IMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUIMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMIDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimIStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'IStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSIDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QIJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5IJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qIJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YIJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YIDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UIDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]IDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyIDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywIDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yIDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7IDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeIDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIIDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_IDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMIDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoIDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+IJeremy Katz - 3.0.3-3E<- fix the buildJ]=IJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#IDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WIJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{IStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sIDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigIStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iIStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mIDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MIJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWIDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81IRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOIDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SIDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gIDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}IDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{IDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1IChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/IDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoIDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]IDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yIDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYIDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-IDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skIMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)IDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOIDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kIDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'IDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7IDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7IDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5IDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OIDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[IDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcIGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAIGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAIGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciIGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuIGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcIGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceIGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AITomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIIGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEIGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =IIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GIDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqIMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mIDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)IMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MIDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcIMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} IDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwIMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wIDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;IDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykIDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo IMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yIDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{IDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAIDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygIDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYIDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMIDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[IDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyIMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_IMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)IMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EIjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmIMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm IMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)IMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmIMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5IMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIIMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%IDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWIMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%IMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgIMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac IGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csIGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/IJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceIGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[IGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-IGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAIGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWIGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YIFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc IGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmIMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmIMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{IMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOIMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCIMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgIMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m IMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KIMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsIMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-IMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmIMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmIMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGIMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;IMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyIMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrIFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm IMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmIMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EIMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oIMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYIMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQIMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3IMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startIFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeIMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoIMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{IMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B IMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!IMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!IMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;IMichael Young - 4.1.2-13OXA- fix a packaging error&oaIMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokIMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIIMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIIMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQIMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYIMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmIMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQIMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWIMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYIRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=IMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#IMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKIMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWIMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%IMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmIMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGIMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAIMichael Young - 4.1.3-5P~- rebuild for ocaml update~mIMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwIMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mIMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7IMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3IMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maIMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCIMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maIMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{IMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m IMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mIMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okIMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mIMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miIMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miIMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maIMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyIMichael Young P- correct disabling of xendomains.service on uninstall/%muIMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkIMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m IMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeIMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGIMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;IMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmIMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;IMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIIMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m IMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGIMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-IMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcIMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1IMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9IMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCIRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8IFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SIMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcIMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWIMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWIMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmIMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCIRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGIRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCIRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TIFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1IMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeIRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAIMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuIMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmIMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NIFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[IMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/IMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%IMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-IMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm IMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWIMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOIMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcIMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYIMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUIMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEIMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/IMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=IMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%IMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGIMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboIMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'IMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mIMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcIMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maIMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3IMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mIMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgIMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#IMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mIMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{IMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?IMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmIMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]IMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;IRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaIMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmIMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3IMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCIRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qIFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_IMichael Young U- gcc 5 bug is fixed so remove workaroundloomIMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}IMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGIMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAIMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7IMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=IMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}JRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_JRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_JRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UJRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_JRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SJRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EJRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_JRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iJRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YJRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOJRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YJRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'JJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!JRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgJJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%JRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMJRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_JRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+JRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyJRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;JRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7JCheA@- initial rpm release$m_IMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyIMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oIMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaIMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o IMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4wJBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YJ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqJ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wJJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YJBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuJJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qJ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-JJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AJJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qJDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#JJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IJJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOJJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1JJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sJJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGJJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGJJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOJJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUJRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-JRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OJRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_JRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#JRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yJRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CJRik van Riel 2-20050520B@- qemu device model for VMXT_OJRik van Riel 2-20050519B- apply some VMX related bugfixesU_QJRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]JJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#JRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ JRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmJDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?JStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSJStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_JJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoJDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]JJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sJJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkJDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qJJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/JJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!JStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QJJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[JStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yJRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QJStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QJStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ JJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YJJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{JJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIJJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wJJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=JJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOJJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sJJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sJBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}JDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisJStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieJStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3JStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iJJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/JJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CJJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7JJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)JJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%JJeremy Katz - 3.0.2-28D,@- fix a typoYa_YJJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YJJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{JJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oJJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_JJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gJJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ JRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ JJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__JJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7JJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'JMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUJMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMJDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimJStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'JStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSJDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QJJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5JJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qJJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YJJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YJDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUJDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]JDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yJDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywJDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yJDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7JDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeJDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIJDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_JDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMJDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoJDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+JJeremy Katz - 3.0.3-3E<- fix the buildJt]=JJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#JDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WJJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{JStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psJDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigJStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmJDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MJJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWJDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1JRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOJDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SJDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gJDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}JDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{JDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1JChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/JDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoJDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]JDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yJDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYJDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-JDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skJMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)JDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOJDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kJDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsJDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7JDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7JDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5JDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOJDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[JDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cJGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eAJGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAJGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciJGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuJGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cJGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceJGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AJTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIJGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEJGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =JIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GJDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqJMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mJDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)JMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MJDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcJMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} JDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wJMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wJDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;JDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykJDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o JMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yJDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{JDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAJDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygJDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYJDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMJDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[JDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyJMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_JMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)JMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1EJjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmJMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm JMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)JMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmJMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5JMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIJMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%JDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWJMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%JMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgJMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc JGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csJGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/JJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceJGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[JGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-JGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAJGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWJGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9JFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c JGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamJMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mJMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{JMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOJMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCJMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgJMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m JMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KJMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsJMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-JMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmJMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmJMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGJMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;JMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyJMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRJFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm JMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmJMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}EJMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toJMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYJMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQJMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3JMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpJFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeJMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoJMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{JMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlJMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!JMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!JMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;JMichael Young - 4.1.2-13OXA- fix a packaging error&hoaJMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokJMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIJMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIJMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQJMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYJMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmJMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQJMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWJMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYJRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=JMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#JMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKJMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWJMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%JMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmJMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGJMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAJMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmJMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwJMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmJMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7JMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3JMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maJMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCJMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maJMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{JMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m JMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mJMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okJMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mJMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miJMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miJMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maJMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyJMichael Young P- correct disabling of xendomains.service on uninstall/muJMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkJMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym JMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meJMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGJMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;JMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mJMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;JMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIJMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m JMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGJMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-JMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcJMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1JMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9JMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCJRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.JFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SJMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcJMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWJMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWJMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mJMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCJRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGJRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCJRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4JFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1JMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meJRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAJMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muJMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mJMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).JFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[JMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/JMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%JMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-JMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m JMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWJMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOJMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcJMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYJMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUJMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEJMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/JMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=JMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%JMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGJMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoJMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'JMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mJMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcJMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maJMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3JMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mJMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgJMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#JMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mJMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{JMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?JMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmJMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]JMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;JRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaJMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmJMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3JMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCJRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QJFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_JMichael Young U- gcc 5 bug is fixed so remove workaroundlOomJMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}JMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGJMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAJMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7JMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=JMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}KRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_KRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_KRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UKRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_KRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SKRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EKRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_KRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iKRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YKRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOKRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YKRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'KJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!KRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgKJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%KRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMKRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_KRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+KRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyKRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;KRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7KCheA@- initial rpm release$`m_JMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyJMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oJMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaJMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o JMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwKBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YK - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqK - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wKJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYKBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuKJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qK - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N KJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AKJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qKDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#KJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IKJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOKJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1KJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsKJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGKJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGKJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOKJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUKRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-KRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OKRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_KRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#KRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yKRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CKRik van Riel 2-20050520B@- qemu device model for VMXT{_OKRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QKRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]KJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#KRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ KRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmKDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?KStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSKStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_KJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koKDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]KJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sKJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kKDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qKJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/KJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!KStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QKJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![KStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yKRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQKStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQKStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ KJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YKJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{KJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIKJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswKJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=KJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOKJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsKJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsKBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}KDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisKStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieKStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3KStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iKJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/KJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CKJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7KJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)KJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%KJeremy Katz - 3.0.2-28D,@- fix a typoYA_YKJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YKJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{KJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oKJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_KJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gKJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ KRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ KJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__KJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7KJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'KMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUKMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMKDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imKStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'KStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSKDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QKJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5KJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qKJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YKJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYKDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UKDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]KDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yKDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywKDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yKDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7KDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeKDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIKDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_KDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMKDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoKDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+KJeremy Katz - 3.0.3-3E<- fix the buildJT]=KJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#KDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WKJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{KStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsKDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigKStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmKDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MKJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWKDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1KRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOKDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SKDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gKDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}KDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{KDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1KChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/KDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoKDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]KDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyKDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYKDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-KDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskKMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)KDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOKDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkKDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgKDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7KDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7KDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5KDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOKDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[KDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcKGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeAKGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAKGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciKGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuKGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cKGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceKGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AKTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIKGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEKGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =KIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GKDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqKMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mKDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)KMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MKDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcKMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} KDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wKMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wKDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;KDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykKDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo KMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyKDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{KDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAKDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygKDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYKDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMKDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[KDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myKMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_KMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)KMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1EKjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmKMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m KMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)KMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mKMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5KMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIKMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%KDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWKMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%KMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgKMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c KGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csKGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/KJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceKGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[KGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-KGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAKGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWKGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.KFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c KGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmKMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mKMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{KMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOKMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCKMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgKMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m KMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KKMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msKMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-KMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mKMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mKMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGKMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;KMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yKMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2KFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m KMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mKMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}EKMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToKMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYKMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQKMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3KMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPKFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeKMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoKMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{KMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLKMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!KMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!KMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;KMichael Young - 4.1.2-13OXA- fix a packaging error&HoaKMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokKMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIKMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIKMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQKMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYKMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmKMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQKMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWKMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYKRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=KMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#KMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKKMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWKMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%KMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmKMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGKMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAKMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmKMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwKMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmKMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7KMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3KMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaKMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCKMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaKMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{KMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm KMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmKMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokKMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmKMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiKMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiKMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaKMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyKMichael Young P- correct disabling of xendomains.service on uninstall/emuKMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkKMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm KMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meKMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGKMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;KMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mKMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;KMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIKMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m KMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGKMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-KMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcKMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1KMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9KMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCKRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xKFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SKMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcKMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWKMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWKMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mKMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCKRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGKRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCKRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.KFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1KMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeKRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAKMichael Young - 4.4.0-8S@- rebuild for ocaml update/muKMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mKMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)KFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[KMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/KMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%KMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-KMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m KMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWKMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOKMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcKMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYKMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUKMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEKMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/KMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=KMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%KMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGKMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oKMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'KMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mKMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcKMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaKMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3KMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mKMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgKMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#KMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mKMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{KMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?KMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mKMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]KMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;KRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maKMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mKMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3KMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCKRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1KFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_KMichael Young U- gcc 5 bug is fixed so remove workaroundl/omKMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}KMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGKMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAKMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7KMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=KMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}LRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_LRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_LRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_ULRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_LRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SLRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_ELRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_LRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iLRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YLRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOLRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YLRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'LJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!LRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgLJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%LRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMLRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_LRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+LRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyLRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;LRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7LCheA@- initial rpm release$@m_KMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyKMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oKMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaKMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o KMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwLBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YL - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqL - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYLBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuLJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qL - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmLJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lALJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqLDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#LJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiILJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOLJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1LJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsLJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGLJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGLJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOLJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boULRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-LRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OLRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__LRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#LRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yLRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CLRik van Riel 2-20050520B@- qemu device model for VMXT[_OLRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QLRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]LJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#LRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ LRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmLDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?LStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSLStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_LJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koLDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]LJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sLJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkLDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qLJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/LJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!LStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QLJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[LStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yLRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQLStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QLStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ LJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YLJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{LJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwILJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywLJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=LJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOLJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsLJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusLBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}LDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isLStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)ieLStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3LStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iLJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/LJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CLJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7LJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)LJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%LJeremy Katz - 3.0.2-28D,@- fix a typoY!_YLJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YLJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{LJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oLJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._LJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gLJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ LRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ LJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__LJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7LJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'LMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeULMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMLDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himLStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'LStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSLDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QLJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5LJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qLJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YLJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYLDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@ULDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]LDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yLDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywLDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yLDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7LDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeLDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yILDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_LDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMLDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoLDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+LJeremy Katz - 3.0.3-3E<- fix the buildJ4]=LJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#LDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WLJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{LStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sLDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igLStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iLStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mLDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MLJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWLDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1LRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOLDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SLDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gLDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}LDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{LDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1LChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/LDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoLDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]LDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyLDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYLDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-LDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskLMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)LDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOLDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkLDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGLDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7LDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7LDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5LDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOLDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[LDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcLGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveALGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucALGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciLGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuLGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcLGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceLGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[ALTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocILGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncELGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =LIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GLDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqLMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mLDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)LMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MLDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcLMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} LDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewLMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wLDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;LDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykLDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao LMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yLDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{LDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yALDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygLDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYLDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMLDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[LDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1myLMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_LMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)LMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1ELjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmLMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m LMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)LMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mLMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5LMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmILMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%LDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWLMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%LMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgLMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc LGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsLGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/LJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceLGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[LGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-LGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cALGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWLGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yLFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc LGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3w!mLMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mLMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{LMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOLMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCLMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgLMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m LMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KLMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsLMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-LMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mLMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umLMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGLMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;LMichael Young - 4.1.0-1M- update to 4.1.0 finalByLMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdLFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm LMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmLMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_5}ELMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oLMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYLMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQLMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3LMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0LFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeLMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oLMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{LMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,LMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!LMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!LMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;LMichael Young - 4.1.2-13OXA- fix a packaging error&(oaLMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okLMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oILMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mILMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQLMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYLMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mLMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}BmQLMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWLMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYLRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=LMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#LMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKLMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWLMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%LMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mLMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGLMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mALMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mLMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwLMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHTmLMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7LMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3LMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaLMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCLMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaLMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{LMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm LMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmLMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokLMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmLMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiLMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiLMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaLMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyLMichael Young P- correct disabling of xendomains.service on uninstall/EmuLMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkLMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm LMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'emeLMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGLMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;LMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmLMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;LMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mILMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m LMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGLMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-LMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcLMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1LMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9LMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCLRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XLFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SLMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcLMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWLMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`ymWLMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmLMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCLRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGLRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCLRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tLFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1LMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeLRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmALMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuLMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omLMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nLFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[LMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/LMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%LMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-LMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim LMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWLMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOLMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcLMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG ` mYLMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mULMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mELMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/LMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=LMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%LMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGLMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoLMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'LMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmLMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcLMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maLMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3LMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mLMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgLMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#LMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?mLMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{LMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?LMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmLMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]LMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;LRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maLMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mLMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3LMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCLRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.LFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_LMichael Young U- gcc 5 bug is fixed so remove workaroundlomLMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}LMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGLMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mALMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7LMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=LMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk6_}MRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_MRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_MRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UMRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_MRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SMRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EMRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_MRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iMRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YMRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOMRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YMRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'MJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!MRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgMJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%MRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMMRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_MRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+MRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyMRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;MRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7MCheA@- initial rpm release$ m_LMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyLMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloLMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaLMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o LMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxTwMBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YM - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqM - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYMBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuMJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qM - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMMJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAMJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqMDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#MJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIMJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOMJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1MJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsMJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGMJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGMJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOMJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUMRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-MRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OMRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_MRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#MRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yMRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CMRik van Riel 2-20050520B@- qemu device model for VMXT;_OMRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QMRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]MJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#MRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ MRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<imkmMDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452lg?MStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSMStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_MJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoMDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]MJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sMJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkMDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qMJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/MJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!MStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QMJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[MStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yMRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QMStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QMStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ MJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YMJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{MJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIMJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwMJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=MJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOMJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsMJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsMBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu s}MDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isMStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data% ieMStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3MStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iMJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/MJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CMJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7MJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)MJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%MJeremy Katz - 3.0.2-28D,@- fix a typoY_YMJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YMJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{MJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oMJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_MJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gMJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ MRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ MJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__MJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7MJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'MMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUMMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMMDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimMStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'MStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSMDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QMJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5MJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qMJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YMJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4!YMDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq UMDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]MDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyMDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywMDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yMDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7MDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeMDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIMDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_MDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMMDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoMDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+MJeremy Katz - 3.0.3-3E<- fix the buildJ]=MJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#MDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WMJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{MStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sMDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigMStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iMStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mMDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MMJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&9yWMDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ81MRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOMDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SMDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gMDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}MDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{MDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1MChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/MDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoMDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]MDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yMDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYMDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-MDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skMMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)MDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOMDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kMDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'MDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7MDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7MDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5MDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OMDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[MDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xWcMGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PVeAMGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAMGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciMGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuMGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcMGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceMGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AMTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIMGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEMGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =MIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GMDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqMMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mMDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)MMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MMDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcMMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} MDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwMMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wMDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;MDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykMDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo MMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yMDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{MDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAMDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygMDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYMDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMMDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[MDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1omyMMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$nm_MMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)MMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EMjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmMMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm MMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)MMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmMMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5MMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIMMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%MDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWMMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%MMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgMMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac MGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csMGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/MJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceMGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[MGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-MGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAMGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWMGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YMFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc MGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wmMMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmMMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{MMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOMMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCMMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgMMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m MMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KMMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsMMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-MMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmMMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmMMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGMMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;MMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyMMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrMFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm MMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmMMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_}EMMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oMMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYMMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQMMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3MMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startMFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeMMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoMMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{MMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B MMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!MMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!MMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;MMichael Young - 4.1.2-13OXA- fix a packaging error&oaMMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokMMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIMMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIMMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQMMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYMMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmMMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}"mQMMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWMMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYMRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=MMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#MMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKMMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWMMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%MMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmMMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGMMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAMMichael Young - 4.1.3-5P~- rebuild for ocaml update~mMMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwMMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cH4mMMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7MMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3MMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maMMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCMMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maMMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{MMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m MMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mMMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okMMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mMMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miMMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miMMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maMMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyMMichael Young P- correct disabling of xendomains.service on uninstall/%muMMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkMMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m MMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'EmeMMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGMMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;MMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmMMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;MMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIMMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m MMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGMMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-MMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcMMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1MMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9MMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCMRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8MFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SMMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcMMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWMMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`YmWMMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmMMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCMRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGMRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCMRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TMFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1MMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeMRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAMMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuMMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmMMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NMFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[MMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/MMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%MMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-MMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm MMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWMMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOMMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcMMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `imYMMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUMMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEMMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/MMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=MMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%MMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGMMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboMMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'MMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mMMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcMMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maMMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3MMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mMMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgMMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#MMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?{mMMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{MMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?MMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmMMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]MMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;MRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaMMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmMMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3MMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCMRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qMFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_MMichael Young U- gcc 5 bug is fixed so remove workaroundloomMMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}MMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGMMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAMMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7MMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=MMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqk_}NRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_NRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_NRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UNRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_NRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SNRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_ENRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_NRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iNRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YNRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cONRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YNRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'NJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!NRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgNJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%NRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMNRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_NRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+NRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyNRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;NRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7NCheA@- initial rpm release$m_MMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyMMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oMMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaMMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o MMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0Cx4wNBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YN - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqN - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wNJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YNBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuNJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qN - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-NJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,ANJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qNDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#NJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)INJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wONJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1NJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sNJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGNJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGNJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wONJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUNRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-NRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ONRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_NRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#NRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yNRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CNRik van Riel 2-20050520B@- qemu device model for VMXT_ONRik van Riel 2-20050519B- apply some VMX related bugfixesU_QNRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]NJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#NRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ NRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<iMkmNDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452Lg?NStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSNStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_NJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoNDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]NJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sNJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkNDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qNJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/NJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!NStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QNJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[NStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yNRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QNStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QNStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ NJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YNJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{NJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wINJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wNJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=NJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wONJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sNJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sNBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fuks}NDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisNStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%iieNStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3NStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iNJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/NJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CNJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7NJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)NJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%NJeremy Katz - 3.0.2-28D,@- fix a typoYa_YNJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YNJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{NJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oNJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_NJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gNJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ NRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ NJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__NJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7NJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'NMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUNMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMNDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimNStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'NStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSNDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QNJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5NJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qNJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YNJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4YNDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakqUNDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]NDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yNDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywNDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yNDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7NDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeNDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyINDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_NDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMNDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoNDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+NJeremy Katz - 3.0.3-3E<- fix the buildJt]=NJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#NDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WNJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{NStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psNDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigNStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmNDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MNJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yWNDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZ1NRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayONDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SNDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gNDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}NDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{NDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1NChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/NDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoNDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]NDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yNDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYNDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-NDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skNMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)NDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yONDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kNDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsNDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7NDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7NDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5NDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iONDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[NDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6x7cNGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.P6eANGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cANGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciNGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuNGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cNGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceNGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ANTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cINGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cENGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =NIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GNDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqNMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mNDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)NMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MNDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcNMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} NDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wNMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wNDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;NDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykNDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o NMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yNDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{NDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yANDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygNDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYNDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMNDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[NDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1OmyNMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$Nm_NMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)NMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1ENjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmNMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm NMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)NMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmNMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5NMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmINMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%NDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWNMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%NMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgNMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc NGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csNGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/NJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceNGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[NGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-NGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cANGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWNGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9NFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c NGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wamNMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mNMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r_m{NMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mONMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCNMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgNMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m NMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KNMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsNMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-NMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmNMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmNMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGNMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;NMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyNMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRNFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm NMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmNMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_u}ENMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toNMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYNMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQNMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3NMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpNFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeNMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoNMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{NMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlNMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!NMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!NMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;NMichael Young - 4.1.2-13OXA- fix a packaging error&hoaNMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokNMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoINMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemINMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQNMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYNMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmNMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}mQNMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWNMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYNRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=NMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#NMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKNMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWNMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%NMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmNMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGNMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmANMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmNMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwNMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHmNMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7NMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3NMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maNMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCNMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maNMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{NMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m NMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mNMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okNMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mNMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miNMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miNMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maNMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyNMichael Young P- correct disabling of xendomains.service on uninstall/muNMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkNMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym NMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'%meNMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGNMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;NMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mNMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;NMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mINMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m NMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGNMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-NMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcNMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1NMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9NMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCNRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.NFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SNMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcNMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWNMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`9mWNMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mNMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCNRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGNRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCNRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4NFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1NMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meNRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mANMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muNMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mNMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).NFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[NMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/NMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%NMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-NMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m NMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWNMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mONMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcNMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `ImYNMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUNMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmENMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/NMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=NMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%NMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGNMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoNMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'NMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mNMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcNMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maNMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3NMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mNMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgNMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#NMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?[mNMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{NMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?NMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmNMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]NMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;NRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaNMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmNMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3NMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCNRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QNFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_NMichael Young U- gcc 5 bug is fixed so remove workaroundlOomNMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}NMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGNMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmANMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7NMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=NMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=Lqkv_}ORik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_ORik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_ORik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UORik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_ORik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SORik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EORik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_ORik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iORik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YORik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOORik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YORik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'OJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!ORik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgOJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%ORik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMORik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_ORik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+ORik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyORik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;ORik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7OCheA@- initial rpm release$`m_NMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyNMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oNMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaNMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o NMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxwOBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YO - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqO - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wOJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYOBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuOJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qO - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N OJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AOJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qODaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#OJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IOJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOOJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1OJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsOJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGOJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGOJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOOJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUORik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-ORik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OORik van Riel 2-20050823C - upgrade to today's Xen snapshot{_ORik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#ORik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yORik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CORik van Riel 2-20050520B@- qemu device model for VMXT{_OORik van Riel 2-20050519B- apply some VMX related bugfixesUz_QORik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]OJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#ORik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ ORik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i-kmODaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452,g?OStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSOStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_OJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koODaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]OJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sOJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kODaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qOJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/OJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!OStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QOJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![OStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yORik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQOStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQOStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ OJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YOJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{OJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIOJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswOJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=OJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOOJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsOJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsOBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,FuKs}ODaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisOStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%IieOStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3OStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iOJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/OJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_COJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7OJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)OJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%OJeremy Katz - 3.0.2-28D,@- fix a typoYA_YOJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YOJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{OJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oOJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_OJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gOJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ ORik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ OJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__OJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7OJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'OMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUOMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMODaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imOStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'OStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSODaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QOJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5OJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qOJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YOJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4aYODaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq`UODaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]ODaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yODaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywODaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yODaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7ODaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeODaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIODaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_ODaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMODaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoODaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+OJeremy Katz - 3.0.3-3E<- fix the buildJT]=OJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#ODaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WOJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{OStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsODaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigOStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmODaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MOJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&yyWODaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZx1ORelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOODaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SODaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gODaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}ODaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{ODaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1OChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/ODaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoODaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]ODaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyODaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYODaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-ODaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskOMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)ODaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOODaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkODaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgODaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7ODaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7ODaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5ODaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOODaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[ODaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xcOGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PeAOGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAOGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciOGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuOGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cOGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceOGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AOTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIOGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEOGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =OIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GODaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqOMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mODaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)OMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MODaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcOMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} ODaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wOMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wODaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;ODaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykODaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo OMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyODaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{ODaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAODaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygODaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYODaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMODaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[ODaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 [G 3 . 4 Xtl8[1/myOMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$.m_OMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)OMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1EOjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmOMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m OMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)OMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mOMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5OMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIOMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%ODavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWOMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%OMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgOMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c OGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csOGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/OJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceOGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[OGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-OGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAOGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWOGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.OFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c OGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. 3zc Im .3wAmOMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mOMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7r?m{OMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOOMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCOMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgOMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m OMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KOMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msOMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-OMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mOMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mOMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGOMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;OMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yOMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2OFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m OMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mOMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide z] R S Cp(e_U}EOMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToOMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYOMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQOMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3OMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPOFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeOMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoOMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{OMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLOMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!OMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!OMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;OMichael Young - 4.1.2-13OXA- fix a packaging error&HoaOMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokOMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIOMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIOMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQOMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYOMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmOMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] } dB}bmQOMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWOMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYORichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=OMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#OMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKOMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWOMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%OMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmOMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGOMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAOMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmOMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwOMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) H : y W8cHtmOMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7OMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3OMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaOMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCOMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaOMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{OMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm OMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmOMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokOMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmOMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiOMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiOMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaOMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyOMichael Young P- correct disabling of xendomains.service on uninstall/emuOMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkOMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm OMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 G q p  \jdG'meOMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGOMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;OMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mOMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;OMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIOMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m OMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGOMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-OMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcOMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1OMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9OMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCORichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xOFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SOMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcOMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWOMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) V Q T EF9yJ=z`mWOMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mOMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCORichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGORichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCORichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.OFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1OMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeORichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAOMichael Young - 4.4.0-8S@- rebuild for ocaml update/muOMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mOMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)OFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[OMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/OMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%OMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-OMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m OMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWOMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOOMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcOMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) v .WG `)mYOMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUOMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEOMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/OMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=OMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%OMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGOMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oOMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'OMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mOMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcOMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaOMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3OMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mOMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgOMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#OMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide ] | _ w (VQjn ]?;mOMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{OMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?OMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mOMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]OMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;ORichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maOMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mOMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3OMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCORichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1OFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_OMichael Young U- gcc 5 bug is fixed so remove workaroundl/omOMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}OMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGOMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAOMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7OMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=OMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) qR j k=LqkV_}PRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_PRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_PRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UPRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_PRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SPRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EPRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_PRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iPRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YPRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOPRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YPRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'PJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!PRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgPJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%PRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMPRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_PRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+PRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyPRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;PRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7PCheA@- initial rpm release$@m_OMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyOMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oOMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaOMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o OMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) I C  / ?iN] 0CxtwPBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YP - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqP - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYPBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuPJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qP - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmPJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAPJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqPDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#PJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIPJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOPJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1PJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsPJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGPJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGPJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOPJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUPRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-PRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OPRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__PRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#PRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yPRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CPRik van Riel 2-20050520B@- qemu device model for VMXT[_OPRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QPRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]PJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#PRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ PRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates < # @ ^ l fT,e=<i kmPDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452 g?PStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSPStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_PJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koPDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]PJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sPJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkPDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qPJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/PJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!PStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QPJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[PStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yPRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQPStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QPStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ PJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YPJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{PJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIPJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywPJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=PJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOPJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsPJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusPBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) F> 6 , " ; n;sy7fe,Fu+s}PDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isPStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data%)iePStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3PStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iPJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/PJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CPJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7PJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)PJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%PJeremy Katz - 3.0.2-28D,@- fix a typoY!_YPJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YPJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{PJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oPJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._PJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gPJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ PRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ PJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__PJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7PJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'PMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUPMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMPDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himPStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'PStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSPDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QPJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5PJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qPJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YPJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-install  K $#>q$#)4AYPDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweakq@UPDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]PDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yPDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywPDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yPDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7PDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yePDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIPDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_PDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMPDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoPDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+PJeremy Katz - 3.0.3-3E<- fix the buildJ4]=PJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#PDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WPJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{PStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sPDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igPStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iPStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mPDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MPJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041) m ] i  5DFrtm&YyWPDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPMZX1PRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOPDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SPDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gPDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}PDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{PDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1PChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/PDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoPDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]PDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyPDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYPDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-PDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskPMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)PDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOPDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkPDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGPDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7PDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7PDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5PDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOPDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[PDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests #J k ' 8 # er {RSo6xwcPGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage.PveAPGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAPGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciPGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuPGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcPGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqcePGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[APTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIPGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEPGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =PIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GPDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqPMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mPDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)PMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MPDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcPMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} PDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewPMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wPDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;PDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykPDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao PMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yPDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{PDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAPDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygPDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYPDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMPDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[PDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701 KG 3 . 3 Rlb*K1myPMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536)$m_PMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)PMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1EPjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmPMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m PMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)PMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mPMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5PMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIPMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%PDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWPMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%PMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgPMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc PGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsPGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/PJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~cePGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[PGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-PGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAPGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWPGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yPFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc PGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build. y` De} mPMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7rm{PMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOPMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCPMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgPMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m PMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KPMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsPMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-PMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mPMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umPMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGPMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;PMichael Young - 4.1.0-1M- update to 4.1.0 finalByPMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdPFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm PMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmPMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide r} ] P O |8dVr_5}EPMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oPMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYPMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQPMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3PMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0PFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oePMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oPMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{PMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,PMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!PMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!PMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;PMichael Young - 4.1.2-13OXA- fix a packaging error&(oaPMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okPMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIPMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIPMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQPMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYPMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mPMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mPMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes p ]~7pBmQPMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWPMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYPRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=PMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#PMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKPMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWPMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%PMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mPMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGPMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAPMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mPMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwPMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmPMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7PMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3PMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaPMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCPMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaPMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{PMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm PMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmPMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokPMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmPMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiPMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiPMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaPMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyPMichael Young P- correct disabling of xendomains.service on uninstall/EmuPMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkPMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm PMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emePMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGPMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;PMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmPMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;PMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIPMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m PMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGPMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-PMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcPMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1PMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9PMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCPRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XPFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SPMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcPMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWPMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWPMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmPMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCPRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGPRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCPRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tPFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1PMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmePRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAPMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuPMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omPMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nPFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[PMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/PMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%PMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-PMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim PMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWPMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOPMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcPMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYPMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUPMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEPMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/PMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=PMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%PMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGPMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoPMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'PMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmPMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcPMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maPMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3PMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mPMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgPMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#PMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mPMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{PMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?PMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmPMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]PMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;PRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maPMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mPMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3PMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCPRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.PFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_PMichael Young U- gcc 5 bug is fixed so remove workaroundlomPMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}PMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGPMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAPMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7PMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=PMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}QRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_QRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_QRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UQRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_QRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SQRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EQRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_QRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iQRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YQRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOQRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YQRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'QJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!QRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgQJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%QRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMQRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_QRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+QRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyQRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;QRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7QCheA@- initial rpm release$ m_PMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyPMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloPMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaPMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o PMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwQBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YQ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqQ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYQBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuQJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qQ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMQJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAQJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqQDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#QJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIQJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOQJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1QJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsQJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGQJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGQJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOQJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUQRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-QRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OQRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_QRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#QRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yQRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CQRik van Riel 2-20050520B@- qemu device model for VMXT;_OQRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QQRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]QJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#QRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ QRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?QStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSQStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_QJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoQDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]QJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sQJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkQDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qQJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/QJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!QStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QQJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[QStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yQRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QQStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QQStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ QJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YQJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{QJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIQJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwQJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=QJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOQJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsQJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsQBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieQStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3QStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iQJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/QJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CQJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7QJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)QJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%QJeremy Katz - 3.0.2-28D,@- fix a typoY_YQJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YQJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{QJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oQJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_QJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gQJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ QRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ QJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__QJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7QJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'QMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUQMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMQDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimQStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'QStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSQDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QQJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5QJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qQJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YQJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmQDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UQDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]QDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyQDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywQDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yQDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7QDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeQDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIQDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_QDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMQDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoQDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+QJeremy Katz - 3.0.3-3E<- fix the buildJ]=QJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#QDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WQJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{QStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sQDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigQStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iQStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mQDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MQJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}QDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isQStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81QRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOQDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SQDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gQDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}QDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{QDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1QChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/QDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoQDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]QDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yQDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYQDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-QDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skQMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)QDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOQDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kQDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'QDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7QDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7QDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5QDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OQDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[QDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YQDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAQGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAQGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciQGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuQGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcQGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceQGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AQTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIQGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEQGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =QIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GQDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqQMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mQDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)QMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MQDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcQMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} QDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwQMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wQDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;QDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykQDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo QMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yQDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{QDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAQDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygQDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYQDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMQDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[QDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWQDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_QMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)QMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EQjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmQMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm QMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)QMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmQMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5QMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIQMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%QDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWQMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%QMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgQMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac QGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csQGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/QJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceQGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[QGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-QGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAQGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWQGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YQFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc QGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWcQGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{QMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOQMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCQMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgQMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m QMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KQMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsQMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-QMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmQMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmQMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGQMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;QMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyQMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrQFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm QMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmQMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyQMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EQMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oQMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYQMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQQMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3QMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startQFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeQMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoQMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{QMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B QMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!QMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!QMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;QMichael Young - 4.1.2-13OXA- fix a packaging error&oaQMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokQMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIQMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIQMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQQMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYQMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmQMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmQMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmQMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQQMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWQMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYQRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=QMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#QMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKQMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWQMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%QMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmQMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGQMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAQMichael Young - 4.1.3-5P~- rebuild for ocaml update~mQMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwQMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64mQMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7QMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3QMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maQMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCQMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maQMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{QMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m QMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mQMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okQMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mQMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miQMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miQMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maQMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyQMichael Young P- correct disabling of xendomains.service on uninstall/%muQMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkQMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m QMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeQMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGQMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;QMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmQMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;QMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIQMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m QMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGQMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-QMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcQMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1QMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9QMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCQRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8QFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SQMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcQMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWQMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWQMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmQMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCQRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGQRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCQRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TQFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1QMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeQRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAQMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuQMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmQMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NQFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[QMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/QMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%QMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-QMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm QMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWQMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOQMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcQMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYQMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUQMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEQMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/QMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=QMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%QMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGQMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboQMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'QMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mQMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcQMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maQMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3QMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mQMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgQMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#QMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{mQMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{QMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?QMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmQMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]QMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;QRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaQMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmQMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3QMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCQRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qQFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_QMichael Young U- gcc 5 bug is fixed so remove workaroundloomQMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}QMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGQMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAQMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7QMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=QMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}RRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_RRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_RRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_URRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_RRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SRRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_ERRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_RRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iRRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YRRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cORRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YRRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'RJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!RRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgRJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%RRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMRRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_RRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+RRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyRRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;RRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7RCheA@- initial rpm release$m_QMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyQMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oQMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaQMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o QMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wRBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YR - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqR - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wRJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YRBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuRJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qR - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-RJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,ARJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qRDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#RJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IRJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wORJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1RJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sRJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGRJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGRJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wORJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oURRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-RRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ORRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_RRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#RRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yRRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CRRik van Riel 2-20050520B@- qemu device model for VMXT_ORRik van Riel 2-20050519B- apply some VMX related bugfixesU_QRRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]RJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#RRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ RRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?RStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSRStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_RJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoRDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]RJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sRJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkRDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qRJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/RJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!RStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QRJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[RStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yRRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QRStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QRStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ RJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YRJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{RJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIRJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wRJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=RJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wORJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sRJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sRBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iieRStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3RStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iRJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/RJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CRJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7RJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)RJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%RJeremy Katz - 3.0.2-28D,@- fix a typoYa_YRJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YRJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{RJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oRJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_RJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gRJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ RRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ RJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__RJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7RJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'RMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeURMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMRDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimRStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'RStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSRDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QRJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5RJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qRJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YRJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmRDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qURDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]RDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yRDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywRDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yRDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7RDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeRDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIRDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_RDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMRDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoRDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+RJeremy Katz - 3.0.3-3E<- fix the buildJt]=RJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#RDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WRJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{RStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psRDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigRStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmRDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MRJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}RDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisRStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1RRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayORDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SRDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gRDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}RDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{RDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1RChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/RDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoRDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]RDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yRDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYRDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-RDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skRMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)RDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yORDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kRDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsRDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7RDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7RDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5RDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iORDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[RDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YRDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eARGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cARGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciRGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuRGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cRGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceRGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[ARTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIRGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cERGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =RIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GRDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqRMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mRDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)RMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MRDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcRMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} RDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wRMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wRDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;RDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykRDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o RMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yRDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{RDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yARDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygRDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYRDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMRDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[RDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWRDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_RMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)RMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1ERjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmRMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm RMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)RMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmRMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5RMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIRMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%RDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWRMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%RMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgRMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc RGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csRGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/RJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceRGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[RGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-RGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cARGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWRGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9RFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c RGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cRGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{RMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mORMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCRMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgRMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m RMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KRMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsRMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-RMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmRMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmRMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGRMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;RMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyRMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRRFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm RMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmRMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyRMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}ERMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toRMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYRMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQRMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3RMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpRFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeRMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoRMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{RMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlRMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!RMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!RMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;RMichael Young - 4.1.2-13OXA- fix a packaging error&hoaRMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokRMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIRMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIRMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQRMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYRMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmRMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamRMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mRMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQRMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWRMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYRRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=RMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#RMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKRMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWRMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%RMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmRMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGRMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmARMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmRMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwRMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mRMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7RMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3RMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maRMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCRMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maRMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{RMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m RMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mRMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okRMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mRMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miRMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miRMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maRMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyRMichael Young P- correct disabling of xendomains.service on uninstall/muRMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkRMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym RMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%meRMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGRMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;RMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mRMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;RMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIRMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m RMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGRMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-RMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcRMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1RMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9RMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCRRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.RFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SRMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcRMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWRMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWRMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mRMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCRRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGRRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCRRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4RFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1RMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meRRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mARMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muRMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mRMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).RFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[RMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/RMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%RMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-RMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m RMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWRMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mORMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcRMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYRMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmURMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmERMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/RMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=RMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%RMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGRMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoRMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'RMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mRMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcRMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maRMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3RMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mRMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgRMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#RMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mRMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{RMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?RMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmRMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]RMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;RRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaRMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmRMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3RMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCRRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QRFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_RMichael Young U- gcc 5 bug is fixed so remove workaroundlOomRMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}RMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGRMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmARMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7RMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=RMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}SRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_SRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_SRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_USRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_SRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SSRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_ESRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_SRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iSRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YSRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOSRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YSRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'SJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!SRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgSJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%SRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMSRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_SRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+SRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIySRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;SRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7SCheA@- initial rpm release$`m_RMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyRMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oRMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaRMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o RMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwSBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YS - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqS - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wSJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYSBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuSJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qS - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N SJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ASJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qSDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#SJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa ISJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOSJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1SJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsSJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGSJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGSJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOSJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUSRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-SRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OSRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_SRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#SRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_ySRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CSRik van Riel 2-20050520B@- qemu device model for VMXT{_OSRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QSRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]SJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#SRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ SRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?SStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSSStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_SJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koSDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]SJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sSJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kSDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qSJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/SJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!SStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QSJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![SStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {ySRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQSStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQSStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ SJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YSJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{SJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wISJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswSJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=SJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOSJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsSJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsSBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IieSStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3SStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iSJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/SJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CSJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7SJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)SJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%SJeremy Katz - 3.0.2-28D,@- fix a typoYA_YSJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YSJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{SJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oSJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_SJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gSJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ SRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ SJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__SJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7SJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'SMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUSMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMSDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imSStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'SStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSSDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QSJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5SJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qSJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YSJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmSDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`USDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]SDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^ySDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywSDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\ySDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7SDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeSDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyISDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_SDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMSDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoSDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+SJeremy Katz - 3.0.3-3E<- fix the buildJT]=SJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#SDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WSJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{SStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsSDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigSStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmSDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MSJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}SDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisSStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1SRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOSDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SSDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gSDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}SDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{SDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1SChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/SDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoSDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]SDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nySDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYSDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-SDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskSMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)SDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOSDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkSDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgSDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7SDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7SDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5SDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOSDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[SDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYSDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeASGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cASGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciSGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuSGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cSGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceSGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[ASTomas Mraz - 3.3.1-2Is- rebuild with new opensslScISGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cESGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =SIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GSDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqSMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mSDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)SMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MSDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcSMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} SDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wSMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wSDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;SDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykSDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo SMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseySDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{SDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yASDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygSDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYSDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMSDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[SDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWSDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_SMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)SMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1ESjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmSMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m SMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)SMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mSMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5SMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mISMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%SDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWSMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%SMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgSMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c SGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csSGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/SJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceSGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[SGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-SGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcASGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWSGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.SFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c SGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xcSGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{SMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOSMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCSMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgSMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m SMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KSMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msSMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-SMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mSMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mSMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGSMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;SMichael Young - 4.1.0-1M- update to 4.1.0 finalB3ySMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2SFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m SMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mSMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/mySMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}ESMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToSMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYSMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQSMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3SMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPSFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeSMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoSMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{SMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLSMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!SMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!SMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;SMichael Young - 4.1.2-13OXA- fix a packaging error&HoaSMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokSMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoISMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmISMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQSMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYSMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmSMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmSMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mSMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQSMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWSMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYSRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=SMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#SMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKSMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWSMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%SMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmSMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGSMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmASMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmSMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwSMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmSMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7SMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3SMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaSMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCSMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaSMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{SMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm SMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmSMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokSMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmSMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiSMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiSMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaSMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYySMichael Young P- correct disabling of xendomains.service on uninstall/emuSMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkSMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm SMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'meSMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGSMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;SMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mSMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;SMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mISMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m SMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGSMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-SMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcSMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1SMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9SMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCSRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xSFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SSMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcSMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWSMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWSMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mSMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCSRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGSRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCSRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.SFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1SMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeSRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmASMichael Young - 4.4.0-8S@- rebuild for ocaml update/muSMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mSMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)SFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[SMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/SMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%SMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-SMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m SMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWSMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOSMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcSMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYSMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUSMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mESMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/SMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=SMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%SMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGSMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oSMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'SMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mSMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcSMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaSMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3SMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mSMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgSMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#SMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;mSMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{SMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?SMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mSMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]SMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;SRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maSMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mSMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3SMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCSRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1SFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_SMichael Young U- gcc 5 bug is fixed so remove workaroundl/omSMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}SMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGSMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mASMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7SMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=SMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}TRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_TRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_TRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UTRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_TRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_STRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_ETRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_TRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iTRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YTRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOTRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YTRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'TJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!TRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgTJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%TRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMTRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_TRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+TRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyTRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;TRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7TCheA@- initial rpm release$@m_SMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oySMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oSMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaSMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o SMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtwTBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YT - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqT - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYTBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuTJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qT - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmTJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lATJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqTDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#TJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiITJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOTJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1TJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsTJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGTJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGTJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOTJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUTRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-TRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OTRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__TRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#TRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yTRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CTRik van Riel 2-20050520B@- qemu device model for VMXT[_OTRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QTRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]TJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#TRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ TRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?TStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSTStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_TJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koTDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]TJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sTJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkTDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qTJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/TJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!TStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QTJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[TStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yTRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQTStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QTStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ TJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YTJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{TJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwITJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywTJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=TJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOTJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsTJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusTBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)ieTStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3TStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iTJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/TJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CTJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7TJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)TJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%TJeremy Katz - 3.0.2-28D,@- fix a typoY!_YTJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YTJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{TJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oTJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._TJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gTJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ TRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ TJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__TJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7TJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'TMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUTMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMTDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himTStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'TStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSTDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QTJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5TJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qTJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YTJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi kmTDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@UTDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]TDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yTDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywTDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yTDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7TDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeTDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yITDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_TDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMTDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoTDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+TJeremy Katz - 3.0.3-3E<- fix the buildJ4]=TJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#TDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WTJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{TStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sTDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igTStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iTStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mTDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MTJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}TDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isTStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1TRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOTDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{STDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gTDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}TDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{TDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1TChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/TDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoTDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]TDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyTDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYTDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-TDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskTMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)TDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOTDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkTDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGTDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7TDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7TDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5TDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOTDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[TDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AYTDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveATGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucATGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciTGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuTGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcTGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceTGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[ATTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocITGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncETGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =TIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GTDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqTMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mTDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)TMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MTDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcTMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} TDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewTMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wTDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;TDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykTDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao TMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yTDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{TDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yATDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygTDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYTDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMTDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[TDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyWTDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_TMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)TMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1ETjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmTMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m TMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)TMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mTMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5TMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmITMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%TDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWTMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%TMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgTMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc TGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsTGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/TJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceTGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[TGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-TGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cATGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWTGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yTFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc TGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwcTGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{TMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOTMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCTMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgTMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m TMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KTMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsTMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-TMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mTMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umTMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGTMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;TMichael Young - 4.1.0-1M- update to 4.1.0 finalByTMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdTFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm TMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmTMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1myTMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}ETMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oTMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYTMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQTMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3TMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0TFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeTMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oTMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{TMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,TMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!TMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!TMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;TMichael Young - 4.1.2-13OXA- fix a packaging error&(oaTMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okTMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oITMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mITMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQTMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYTMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mTMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mTMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mTMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQTMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWTMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYTRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=TMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#TMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKTMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWTMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%TMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mTMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGTMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mATMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mTMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwTMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmTMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7TMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3TMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaTMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCTMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaTMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{TMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm TMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmTMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokTMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmTMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiTMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiTMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaTMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyTMichael Young P- correct disabling of xendomains.service on uninstall/EmuTMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkTMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm TMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emeTMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGTMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;TMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmTMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;TMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mITMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m TMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGTMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-TMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcTMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1TMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9TMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCTRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XTFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}STMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcTMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWTMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWTMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmTMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCTRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGTRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCTRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tTFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1TMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeTRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmATMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuTMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omTMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nTFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[TMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/TMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%TMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-TMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim TMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWTMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOTMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcTMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYTMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUTMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mETMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/TMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=TMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%TMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGTMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoTMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'TMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmTMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcTMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maTMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3TMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mTMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgTMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#TMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mTMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{TMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?TMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmTMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]TMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;TRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maTMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mTMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3TMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCTRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.TFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_TMichael Young U- gcc 5 bug is fixed so remove workaroundlomTMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}TMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGTMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mATMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7TMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=TMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}URik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_URik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_URik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UURik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_URik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SURik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EURik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_URik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iURik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YURik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOURik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YURik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'UJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!URik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgUJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%URik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMURik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_URik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+URik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyURik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;URik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7UCheA@- initial rpm release$ m_TMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyTMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloTMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaTMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o TMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwUBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YU - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqU - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYUBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuUJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qU - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMUJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAUJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqUDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#UJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIUJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOUJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1UJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsUJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGUJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGUJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOUJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUURik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-URik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OURik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_URik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#URik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yURik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CURik van Riel 2-20050520B@- qemu device model for VMXT;_OURik van Riel 2-20050519B- apply some VMX related bugfixesU:_QURik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]UJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#URik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ URik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?UStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSUStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_UJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoUDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]UJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sUJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkUDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qUJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/UJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!UStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QUJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[UStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yURik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QUStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QUStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ UJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YUJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{UJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIUJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwUJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=UJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOUJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsUJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsUBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieUStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3UStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iUJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/UJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CUJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7UJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)UJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%UJeremy Katz - 3.0.2-28D,@- fix a typoY_YUJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YUJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{UJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oUJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_UJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gUJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ URik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ UJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__UJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7UJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'UMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUUMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMUDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimUStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'UStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSUDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QUJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5UJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qUJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YUJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmUDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UUDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]UDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyUDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywUDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yUDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7UDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeUDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIUDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_UDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMUDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoUDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+UJeremy Katz - 3.0.3-3E<- fix the buildJ]=UJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#UDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WUJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{UStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sUDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigUStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iUStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mUDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MUJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}UDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isUStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81URelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOUDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SUDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gUDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}UDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{UDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1UChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/UDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoUDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]UDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yUDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYUDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-UDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skUMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)UDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOUDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kUDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'UDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7UDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7UDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5UDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OUDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[UDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YUDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAUGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAUGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciUGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuUGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcUGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceUGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AUTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIUGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEUGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =UIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GUDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqUMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mUDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)UMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MUDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcUMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} UDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwUMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wUDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;UDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykUDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo UMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yUDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{UDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAUDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygUDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYUDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMUDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[UDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWUDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_UMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)UMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EUjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmUMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm UMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)UMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmUMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5UMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIUMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%UDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWUMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%UMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgUMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac UGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csUGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/UJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceUGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[UGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-UGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAUGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWUGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YUFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc UGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWcUGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{UMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOUMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCUMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgUMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m UMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KUMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsUMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-UMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmUMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmUMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGUMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;UMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyUMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrUFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm UMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmUMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyUMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EUMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oUMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYUMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQUMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3UMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startUFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeUMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoUMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{UMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B UMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!UMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!UMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;UMichael Young - 4.1.2-13OXA- fix a packaging error&oaUMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokUMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIUMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIUMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQUMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYUMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmUMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmUMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmUMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQUMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWUMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYURichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=UMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#UMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKUMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWUMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%UMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmUMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGUMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAUMichael Young - 4.1.3-5P~- rebuild for ocaml update~mUMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwUMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64mUMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7UMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3UMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maUMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCUMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maUMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{UMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m UMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mUMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okUMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mUMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miUMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miUMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maUMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyUMichael Young P- correct disabling of xendomains.service on uninstall/%muUMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkUMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m UMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeUMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGUMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;UMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmUMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;UMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIUMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m UMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGUMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-UMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcUMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1UMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9UMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCURichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8UFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SUMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcUMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWUMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWUMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmUMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCURichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGURichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCURichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TUFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1UMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeURichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAUMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuUMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmUMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NUFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[UMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/UMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%UMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-UMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm UMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWUMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOUMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcUMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYUMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUUMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEUMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/UMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=UMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%UMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGUMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboUMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'UMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mUMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcUMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maUMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3UMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mUMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgUMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#UMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{mUMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{UMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?UMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmUMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]UMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;URichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaUMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmUMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3UMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCURichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qUFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_UMichael Young U- gcc 5 bug is fixed so remove workaroundloomUMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}UMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGUMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAUMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7UMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=UMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}VRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_VRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_VRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UVRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_VRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SVRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EVRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_VRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iVRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YVRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOVRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YVRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'VJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!VRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgVJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%VRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMVRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_VRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+VRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyVRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;VRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7VCheA@- initial rpm release$m_UMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyUMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oUMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaUMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o UMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wVBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YV - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqV - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wVJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YVBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuVJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qV - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-VJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AVJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qVDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#VJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IVJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOVJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1VJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sVJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGVJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGVJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOVJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUVRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-VRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OVRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_VRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#VRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yVRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CVRik van Riel 2-20050520B@- qemu device model for VMXT_OVRik van Riel 2-20050519B- apply some VMX related bugfixesU_QVRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]VJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#VRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ VRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?VStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSVStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_VJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoVDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]VJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sVJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkVDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qVJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/VJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!VStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QVJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[VStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yVRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QVStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QVStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ VJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YVJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{VJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIVJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wVJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=VJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOVJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sVJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sVBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iieVStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3VStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iVJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/VJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CVJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7VJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)VJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%VJeremy Katz - 3.0.2-28D,@- fix a typoYa_YVJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YVJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{VJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oVJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_VJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gVJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ VRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ VJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__VJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7VJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'VMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUVMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMVDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimVStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'VStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSVDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QVJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5VJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qVJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YVJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmVDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUVDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]VDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yVDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywVDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yVDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7VDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeVDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIVDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_VDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMVDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoVDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+VJeremy Katz - 3.0.3-3E<- fix the buildJt]=VJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#VDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WVJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{VStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psVDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigVStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmVDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MVJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}VDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisVStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1VRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOVDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SVDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gVDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}VDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{VDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1VChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/VDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoVDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]VDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yVDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYVDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-VDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skVMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)VDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOVDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kVDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsVDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7VDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7VDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5VDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOVDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[VDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YVDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAVGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAVGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciVGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuVGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cVGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceVGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AVTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIVGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEVGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =VIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GVDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqVMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mVDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)VMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MVDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcVMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} VDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wVMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wVDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;VDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykVDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o VMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yVDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{VDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAVDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygVDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYVDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMVDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[VDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWVDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_VMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)VMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1EVjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmVMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm VMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)VMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmVMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5VMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIVMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%VDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWVMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%VMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgVMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc VGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csVGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/VJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceVGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[VGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-VGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAVGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWVGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9VFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c VGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cVGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{VMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOVMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCVMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgVMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m VMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KVMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsVMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-VMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmVMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmVMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGVMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;VMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyVMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRVFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm VMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmVMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyVMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EVMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toVMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYVMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQVMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3VMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpVFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeVMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoVMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{VMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlVMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!VMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!VMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;VMichael Young - 4.1.2-13OXA- fix a packaging error&hoaVMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokVMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIVMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIVMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQVMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYVMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmVMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamVMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mVMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQVMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWVMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYVRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=VMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#VMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKVMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWVMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%VMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmVMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGVMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAVMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmVMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwVMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mVMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7VMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3VMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maVMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCVMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maVMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{VMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m VMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mVMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okVMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mVMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miVMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miVMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maVMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyVMichael Young P- correct disabling of xendomains.service on uninstall/muVMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkVMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym VMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%meVMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGVMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;VMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mVMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;VMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIVMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m VMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGVMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-VMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcVMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1VMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9VMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCVRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.VFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SVMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcVMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWVMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWVMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mVMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCVRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGVRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCVRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4VFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1VMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meVRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAVMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muVMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mVMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).VFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[VMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/VMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%VMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-VMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m VMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWVMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOVMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcVMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYVMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUVMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEVMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/VMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=VMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%VMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGVMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoVMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'VMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mVMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcVMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maVMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3VMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mVMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgVMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#VMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mVMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{VMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?VMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmVMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]VMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;VRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaVMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmVMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3VMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCVRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QVFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_VMichael Young U- gcc 5 bug is fixed so remove workaroundlOomVMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}VMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGVMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAVMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7VMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=VMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}WRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_WRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_WRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UWRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_WRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SWRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EWRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_WRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_iWRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YWRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOWRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YWRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'WJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!WRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgWJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%WRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMWRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_WRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+WRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyWRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;WRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7WCheA@- initial rpm release$`m_VMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyVMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oVMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaVMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o VMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwWBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[YW - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqW - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wWJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYWBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuWJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qW - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N WJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AWJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qWDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#WJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IWJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOWJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1WJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsWJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGWJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGWJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOWJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUWRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-WRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OWRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_WRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#WRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yWRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CWRik van Riel 2-20050520B@- qemu device model for VMXT{_OWRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QWRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]WJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#WRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ WRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?WStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSWStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_WJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)koWDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]WJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sWJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kWDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qWJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/WJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!WStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QWJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![WStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yWRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQWStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQWStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ WJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YWJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{WJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIWJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswWJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=WJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOWJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsWJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsWBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IieWStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3WStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_iWJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/WJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CWJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7WJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)WJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%WJeremy Katz - 3.0.2-28D,@- fix a typoYA_YWJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YWJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{WJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_oWJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_WJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gWJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ WRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ WJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__WJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7WJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'WMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUWMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMWDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imWStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'WStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSWDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QWJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5WJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qWJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YWJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmWDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`UWDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]WDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yWDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywWDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yWDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7WDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeWDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIWDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_WDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMWDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqoWDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+WJeremy Katz - 3.0.3-3E<- fix the buildJT]=WJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#WDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WWJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{WStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsWDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigWStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmWDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MWJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}WDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisWStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1WRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOWDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SWDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gWDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}WDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{WDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1WChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/WDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyoWDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]WDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyWDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYWDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-WDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskWMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)WDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOWDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkWDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgWDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7WDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7WDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5WDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOWDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[WDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYWDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeAWGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAWGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cciWGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuWGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cWGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceWGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AWTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIWGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEWGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =WIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GWDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqWMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mWDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)WMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MWDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcWMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} WDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wWMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wWDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;WDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykWDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo WMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyWDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{WDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAWDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygWDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYWDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMWDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[WDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWWDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_WMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)WMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1EWjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmWMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m WMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)WMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mWMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5WMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIWMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%WDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWWMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%WMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgWMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c WGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csWGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/WJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceWGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[WGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-WGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAWGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWWGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.WFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c WGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xcWGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{WMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOWMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCWMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgWMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m WMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KWMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msWMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-WMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mWMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mWMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGWMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;WMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yWMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2WFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m WMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mWMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/myWMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}EWMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?ToWMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYWMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQWMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3WMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPWFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeWMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNoWMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{WMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLWMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!WMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!WMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;WMichael Young - 4.1.2-13OXA- fix a packaging error&HoaWMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokWMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIWMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIWMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQWMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYWMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmWMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmWMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mWMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQWMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWWMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYWRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=WMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#WMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKWMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWWMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%WMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmWMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGWMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAWMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmWMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwWMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmWMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7WMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3WMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaWMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCWMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaWMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{WMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm WMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmWMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokWMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmWMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimiWMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmiWMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaWMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyWMichael Young P- correct disabling of xendomains.service on uninstall/emuWMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkWMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm WMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'meWMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGWMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;WMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mWMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;WMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIWMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m WMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGWMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-WMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcWMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1WMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9WMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCWRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xWFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SWMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcWMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWWMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWWMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mWMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCWRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGWRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCWRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.WFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1WMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeWRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAWMichael Young - 4.4.0-8S@- rebuild for ocaml update/muWMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mWMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)WFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[WMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/WMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%WMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-WMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m WMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWWMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOWMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcWMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYWMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUWMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEWMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/WMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=WMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%WMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGWMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"oWMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'WMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mWMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcWMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaWMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3WMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mWMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgWMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#WMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;mWMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{WMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?WMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mWMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]WMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;WRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maWMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mWMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3WMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCWRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1WFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_WMichael Young U- gcc 5 bug is fixed so remove workaroundl/omWMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}WMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGWMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAWMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7WMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=WMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}XRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_XRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_XRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UXRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_XRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SXRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EXRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_XRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_iXRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YXRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOXRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YXRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'XJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!XRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgXJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%XRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMXRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_XRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+XRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyXRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;XRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7XCheA@- initial rpm release$@m_WMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyWMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>oWMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaWMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o WMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtwXBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[YX - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqX - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYXBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuXJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qX - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmXJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAXJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqXDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#XJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIXJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOXJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1XJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsXJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGXJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGXJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOXJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUXRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-XRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OXRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__XRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#XRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yXRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CXRik van Riel 2-20050520B@- qemu device model for VMXT[_OXRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QXRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]XJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#XRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ XRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?XStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSXStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_XJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j koXDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]XJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sXJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkXDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qXJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/XJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!XStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QXJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[XStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yXRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQXStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QXStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ XJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YXJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{XJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIXJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywXJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=XJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOXJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsXJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusXBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)ieXStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3XStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_iXJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/XJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CXJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7XJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)XJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%XJeremy Katz - 3.0.2-28D,@- fix a typoY!_YXJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YXJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{XJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_oXJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._XJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gXJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ XRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ XJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__XJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7XJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'XMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUXMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMXDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himXStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'XStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSXDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QXJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5XJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qXJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YXJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi kmXDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@UXDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]XDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yXDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywXDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yXDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7XDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yeXDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIXDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_XDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMXDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qoXDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+XJeremy Katz - 3.0.3-3E<- fix the buildJ4]=XJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#XDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WXJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{XStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sXDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igXStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.iXStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mXDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MXJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}XDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isXStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1XRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOXDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SXDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gXDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}XDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{XDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1XChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/XDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyoXDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]XDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyXDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYXDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-XDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskXMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)XDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOXDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkXDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGXDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7XDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7XDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5XDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOXDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[XDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AYXDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveAXGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAXGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctciXGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuXGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcXGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqceXGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[AXTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIXGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEXGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =XIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GXDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqXMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mXDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)XMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MXDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcXMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} XDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewXMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wXDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;XDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykXDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao XMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yXDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{XDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAXDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygXDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYXDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMXDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[XDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyWXDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_XMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)XMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1EXjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmXMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m XMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)XMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mXMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5XMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIXMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%XDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWXMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%XMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgXMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc XGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsXGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/XJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ceXGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[XGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-XGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAXGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWXGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yXFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc XGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwcXGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{XMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOXMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCXMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgXMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m XMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KXMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsXMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-XMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mXMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umXMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGXMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;XMichael Young - 4.1.0-1M- update to 4.1.0 finalByXMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdXFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm XMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmXMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1myXMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}EXMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4oXMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYXMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQXMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3XMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0XFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oeXMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.oXMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{XMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,XMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!XMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!XMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;XMichael Young - 4.1.2-13OXA- fix a packaging error&(oaXMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okXMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIXMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIXMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQXMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYXMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mXMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mXMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mXMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQXMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWXMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYXRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=XMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#XMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKXMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWXMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%XMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mXMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGXMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAXMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mXMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwXMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmXMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7XMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3XMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmaXMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCXMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmaXMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{XMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm XMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmXMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokXMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmXMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImiXMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmiXMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmaXMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyXMichael Young P- correct disabling of xendomains.service on uninstall/EmuXMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkXMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm XMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emeXMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGXMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;XMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmXMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;XMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIXMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m XMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGXMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-XMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcXMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1XMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9XMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCXRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XXFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SXMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcXMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWXMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWXMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmXMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCXRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGXRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCXRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tXFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1XMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmeXRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAXMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuXMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omXMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nXFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[XMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/XMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%XMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-XMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim XMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWXMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOXMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcXMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYXMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUXMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEXMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/XMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=XMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%XMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGXMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yoXMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'XMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmXMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcXMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~maXMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3XMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mXMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgXMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#XMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mXMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{XMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?XMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmXMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]XMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;XRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%maXMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mXMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3XMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCXRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.XFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_XMichael Young U- gcc 5 bug is fixed so remove workaroundlomXMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}XMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGXMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAXMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7XMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=XMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}YRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_YRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_YRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UYRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_YRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SYRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EYRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_YRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iYRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YYRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOYRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YYRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'YJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!YRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgYJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%YRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMYRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_YRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+YRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyYRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;YRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7YCheA@- initial rpm release$ m_XMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyXMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as welloXMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oaXMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o XMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwYBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[YY - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqY - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYYBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuYJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qY - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMYJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAYJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqYDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#YJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIYJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOYJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1YJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsYJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGYJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGYJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOYJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUYRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-YRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OYRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_YRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#YRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yYRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CYRik van Riel 2-20050520B@- qemu device model for VMXT;_OYRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QYRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]YJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#YRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ YRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?YStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSYStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_YJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoYDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]YJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]sYJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkYDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qYJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/YJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!YStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QYJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[YStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yYRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QYStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QYStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ YJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YYJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{YJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIYJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwYJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=YJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOYJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsYJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsYBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieYStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3YStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iYJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/YJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CYJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7YJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)YJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%YJeremy Katz - 3.0.2-28D,@- fix a typoY_YYJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YYJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{YJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oYJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_YJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gYJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ YRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ YJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__YJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7YJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'YMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUYMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMYDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimYStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'YStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSYDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QYJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5YJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qYJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YYJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmYDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UYDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]YDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyYDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywYDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yYDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7YDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeYDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIYDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_YDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMYDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoYDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+YJeremy Katz - 3.0.3-3E<- fix the buildJ]=YJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#YDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WYJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{YStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@sYDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigYStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iYStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mYDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MYJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}YDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isYStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81YRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOYDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SYDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gYDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}YDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{YDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1YChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/YDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoYDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]YDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yYDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYYDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-YDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skYMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)YDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOYDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kYDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'YDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7YDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7YDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5YDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OYDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[YDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YYDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAYGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAYGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciYGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuYGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcYGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceYGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AYTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIYGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEYGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =YIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GYDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqYMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mYDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)YMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MYDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcYMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} YDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwYMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wYDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;YDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykYDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo YMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yYDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{YDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAYDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygYDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYYDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMYDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[YDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWYDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_YMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)YMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1EYjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmYMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm YMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)YMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmYMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5YMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIYMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%YDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWYMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%YMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgYMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac YGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csYGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/YJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceYGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[YGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-YGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAYGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWYGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YYFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc YGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWcYGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{YMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOYMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCYMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgYMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m YMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KYMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsYMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-YMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmYMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmYMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGYMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;YMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyYMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrYFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm YMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmYMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyYMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EYMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oYMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYYMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQYMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3YMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startYFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeYMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoYMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{YMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B YMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!YMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!YMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;YMichael Young - 4.1.2-13OXA- fix a packaging error&oaYMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokYMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIYMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIYMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQYMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYYMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmYMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmYMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmYMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQYMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWYMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYYRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=YMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#YMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKYMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWYMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%YMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmYMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGYMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAYMichael Young - 4.1.3-5P~- rebuild for ocaml update~mYMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwYMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64mYMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7YMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3YMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maYMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCYMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maYMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{YMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m YMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mYMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okYMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mYMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miYMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miYMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maYMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyYMichael Young P- correct disabling of xendomains.service on uninstall/%muYMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkYMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m YMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeYMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGYMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;YMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmYMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;YMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIYMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m YMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGYMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-YMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcYMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1YMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9YMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCYRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8YFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SYMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcYMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWYMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWYMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmYMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCYRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGYRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCYRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TYFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1YMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeYRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAYMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuYMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmYMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NYFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[YMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/YMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%YMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-YMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm YMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWYMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOYMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcYMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYYMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUYMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEYMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/YMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=YMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%YMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGYMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboYMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'YMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mYMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcYMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maYMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3YMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mYMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgYMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#YMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{mYMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{YMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?YMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmYMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]YMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;YRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaYMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmYMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3YMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCYRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qYFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_YMichael Young U- gcc 5 bug is fixed so remove workaroundloomYMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}YMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGYMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAYMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7YMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=YMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}ZRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_ZRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_ZRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UZRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_ZRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SZRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EZRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_ZRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_iZRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YZRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOZRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YZRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'ZJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!ZRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgZJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%ZRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMZRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_ZRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+ZRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyZRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;ZRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7ZCheA@- initial rpm release$m_YMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyYMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oYMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaYMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o YMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wZBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[YZ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2WqZ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wZJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YZBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wuZJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qZ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-ZJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AZJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qZDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#ZJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IZJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOZJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1ZJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sZJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGZJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGZJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOZJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUZRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-ZRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OZRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_ZRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#ZRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yZRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CZRik van Riel 2-20050520B@- qemu device model for VMXT_OZRik van Riel 2-20050519B- apply some VMX related bugfixesU_QZRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]ZJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#ZRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ ZRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?ZStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSZStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_ZJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkoZDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]ZJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sZJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkZDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qZJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/ZJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!ZStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QZJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[ZStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yZRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QZStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QZStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ ZJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YZJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{ZJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIZJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wZJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=ZJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOZJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sZJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sZBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iieZStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3ZStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_iZJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/ZJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CZJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7ZJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)ZJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%ZJeremy Katz - 3.0.2-28D,@- fix a typoYa_YZJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YZJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{ZJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_oZJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_ZJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gZJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ ZRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ ZJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__ZJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7ZJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'ZMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUZMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMZDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimZStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'ZStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSZDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QZJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5ZJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qZJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YZJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmZDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUZDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]ZDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yZDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywZDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yZDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7ZDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyeZDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIZDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_ZDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMZDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqoZDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+ZJeremy Katz - 3.0.3-3E<- fix the buildJt]=ZJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#ZDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WZJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{ZStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psZDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigZStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmZDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MZJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}ZDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisZStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1ZRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOZDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SZDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gZDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}ZDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{ZDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1ZChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/ZDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyoZDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]ZDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yZDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYZDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-ZDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skZMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)ZDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOZDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kZDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsZDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7ZDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7ZDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5ZDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOZDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[ZDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YZDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAZGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAZGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ciZGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cuZGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cZGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ceZGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AZTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIZGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEZGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =ZIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GZDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqZMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mZDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)ZMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MZDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcZMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} ZDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wZMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wZDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;ZDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykZDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o ZMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yZDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{ZDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAZDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygZDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYZDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMZDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[ZDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWZDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_ZMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)ZMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1EZjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmZMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm ZMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)ZMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmZMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5ZMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIZMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%ZDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWZMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%ZMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgZMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc ZGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csZGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/ZJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ceZGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[ZGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-ZGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAZGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWZGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9ZFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c ZGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cZGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{ZMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOZMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCZMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgZMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m ZMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KZMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsZMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-ZMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmZMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmZMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGZMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;ZMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyZMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRZFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm ZMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmZMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyZMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EZMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?toZMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYZMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQZMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3ZMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpZFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooeZMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnoZMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{ZMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlZMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!ZMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!ZMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;ZMichael Young - 4.1.2-13OXA- fix a packaging error&hoaZMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokZMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIZMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIZMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQZMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYZMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmZMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamZMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mZMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQZMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWZMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYZRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=ZMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#ZMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKZMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWZMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%ZMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmZMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGZMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAZMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmZMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwZMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mZMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7ZMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3ZMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%maZMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCZMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%maZMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{ZMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m ZMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mZMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okZMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mZMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh miZMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)miZMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%maZMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyZMichael Young P- correct disabling of xendomains.service on uninstall/muZMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkZMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym ZMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%meZMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGZMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;ZMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mZMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;ZMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIZMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m ZMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGZMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-ZMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcZMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1ZMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9ZMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCZRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.ZFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SZMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcZMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWZMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWZMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mZMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCZRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGZRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCZRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4ZFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1ZMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2meZRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAZMichael Young - 4.4.0-8S@- rebuild for ocaml update/0muZMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mZMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).ZFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[ZMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/ZMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%ZMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-ZMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m ZMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWZMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOZMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcZMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYZMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUZMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEZMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/ZMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=ZMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%ZMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGZMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBoZMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'ZMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mZMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcZMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>maZMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3ZMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mZMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgZMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#ZMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mZMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{ZMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?ZMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmZMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]ZMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;ZRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmaZMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmZMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3ZMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCZRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QZFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_ZMichael Young U- gcc 5 bug is fixed so remove workaroundlOomZMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}ZMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGZMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAZMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7ZMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=ZMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}[Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_ik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_[Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U[Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_[Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S[Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E[Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_[Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i[Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y[Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO[Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y[Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'[Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic![Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg[Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%[Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM[Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_[Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+[Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy[Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;[Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7[CheA@- initial rpm release$`m_ZMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyZMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^oZMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oaZMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o ZMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xw[Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y[ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq[ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w[Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY[Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu[Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q[ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N [Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A[Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q[Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#[Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I[Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO[Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1[Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs[Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG[Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG[Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO[Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU[Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-[Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O[Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_ik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#[Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y[Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C[Rik van Riel 2-20050520B@- qemu device model for VMXT{_O[Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q[Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI][Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#[Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ [Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?[Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS[Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_[Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko[Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]][Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s[Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k[Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q[Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/[Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a![Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q[Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![[Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y[Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ[Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ[Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ [Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y[Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{[Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI[Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw[Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=[Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO[Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs[Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws[Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%Iie[Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3[Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i[Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/[Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C[Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7[Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)[Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%[Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y[Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y[Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{[Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o[Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_[Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g[Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ [Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ [Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__[Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7[Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'[Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU[Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM[Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im[Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'[Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS[Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q[Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5[Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q[Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y[Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-km[Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`U[Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_][Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y[Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw[Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y[Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7[Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye[Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI[Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_[Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM[Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo[Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+[Jeremy Katz - 3.0.3-3E<- fix the buildJT]=[Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#[Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W[Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{[Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps[Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig[Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm[Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M[Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}[Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis[Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1[Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO[Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S[Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g[Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}[Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{[Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1[Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/[Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo[Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy][Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny[Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY[Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-[Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk[Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)[Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO[Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk[Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg[Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7[Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7[Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5[Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO[Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[[Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aY[Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeA[Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA[Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci[Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu[Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace[Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A[Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI[Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE[Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =[Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G[Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq[Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m[Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)[Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M[Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc[Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} [Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w[Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w[Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;[Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk[Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo [Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey[Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{[Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA[Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg[Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY[Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM[Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[[Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyW[Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_[Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)[Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E[jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm[Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m [Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)[Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m[Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5[Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI[Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%[David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW[Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%[Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg[Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c [Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs[Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/[Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace[Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[[Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-[Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA[Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW[Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.[Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c [Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xc[Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{[Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO[Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC[Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg[Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m [Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K[Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms[Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-[Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m[Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m[Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG[Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;[Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y[Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2[Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m [Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/my[Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}E[Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To[Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY[Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ[Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3[Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP[Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe[Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo[Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{[Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL[Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo![Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo![Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;[Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa[Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok[Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI[Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI[Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ[Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY[Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAm[Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m[Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQ[Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW[Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY[Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=[Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#[Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK[Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW[Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%[Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm[Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG[Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA[Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm[Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw[Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tm[Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7[Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3[Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma[Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC[Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma[Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{[Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm [Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm[Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok[Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm[Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi[Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi[Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma[Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy[Michael Young P- correct disabling of xendomains.service on uninstall/emu[Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk[Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm [Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'me[Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG[Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;[Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;[Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI[Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m [Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG[Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-[Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc[Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1[Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9[Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC[Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x[Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S[Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc[Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW[Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mW[Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m[Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC[Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG[Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC[Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.[Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1[Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme[Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA[Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu[Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m[Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)[Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[[Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/[Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%[Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-[Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m [Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW[Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO[Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc[Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mY[Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU[Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE[Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/[Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=[Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%[Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG[Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o[Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'[Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m[Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc[Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema[Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3[Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m[Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg[Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#[Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;m[Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{[Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?[Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m[Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m][Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;[Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma[Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m[Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3[Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC[Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1[Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_[Michael Young U- gcc 5 bug is fixed so remove workaroundl/om[Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}[Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG[Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA[Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7[Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=[Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}\Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_\Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_\Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U\Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_\Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S\Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E\Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_\Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i\Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y\Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO\Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y\Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'\Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!\Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg\Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%\Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM\Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_\Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+\Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy\Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;\Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7\CheA@- initial rpm release$@m_[Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy[Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o[Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa[Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o [Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtw\Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y\ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq\ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY\Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu\Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q\ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm\Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA\Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq\Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#\Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI\Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO\Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1\Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs\Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG\Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG\Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO\Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU\Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-\Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O\Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__\Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#\Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y\Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C\Rik van Riel 2-20050520B@- qemu device model for VMXT[_O\Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q\Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]\Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#\Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ \Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?\Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS\Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_\Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko\Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]\Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s\Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk\Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q\Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/\Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!\Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q\Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[\Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y\Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ\Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q\Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ \Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y\Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{\Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI\Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw\Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=\Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO\Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs\Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus\Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)ie\Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3\Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i\Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/\Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C\Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7\Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)\Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%\Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y\Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y\Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{\Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o\Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._\Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g\Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ \Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ \Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__\Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7\Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'\Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU\Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM\Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him\Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'\Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS\Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q\Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5\Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q\Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y\Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi km\Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@U\Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]\Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y\Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw\Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y\Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7\Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye\Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI\Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_\Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM\Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo\Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+\Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=\Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#\Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W\Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{\Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s\Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig\Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i\Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m\Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M\Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}\Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is\Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1\Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO\Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S\Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g\Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}\Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{\Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1\Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/\Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo\Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]\Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny\Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY\Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-\Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk\Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)\Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO\Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk\Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG\Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7\Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7\Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5\Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO\Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[\Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AY\Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveA\Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA\Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci\Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu\Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc\Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce\Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A\Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI\Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE\Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =\Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G\Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq\Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m\Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)\Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M\Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc\Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} \Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew\Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w\Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;\Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk\Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao \Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y\Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{\Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA\Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg\Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY\Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM\Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[\Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyW\Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_\Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)\Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E\jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm\Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m \Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)\Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m\Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5\Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI\Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%\David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW\Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%\Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg\Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc \Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs\Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/\Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce\Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[\Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-\Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA\Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW\Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y\Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc \Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwc\Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{\Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO\Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC\Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg\Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m \Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K\Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms\Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-\Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m\Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um\Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG\Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;\Michael Young - 4.1.0-1M- update to 4.1.0 finalBy\Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd\Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm \Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm\Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1my\Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}E\Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o\Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY\Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ\Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3\Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0\Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe\Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o\Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{\Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,\Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!\Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!\Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;\Michael Young - 4.1.2-13OXA- fix a packaging error&(oa\Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok\Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI\Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI\Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ\Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY\Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m\Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!m\Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m\Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQ\Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW\Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY\Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=\Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#\Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK\Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW\Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%\Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m\Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG\Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA\Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m\Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw\Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6Tm\Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7\Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3\Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma\Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC\Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma\Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{\Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm \Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm\Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok\Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm\Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi\Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi\Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma\Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy\Michael Young P- correct disabling of xendomains.service on uninstall/Emu\Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk\Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm \Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'eme\Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG\Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;\Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm\Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;\Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI\Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m \Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG\Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-\Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc\Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1\Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9\Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC\Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X\Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S\Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc\Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW\Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymW\Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm\Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC\Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG\Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC\Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t\Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1\Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme\Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA\Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu\Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om\Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n\Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[\Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/\Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%\Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-\Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim \Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW\Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO\Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc\Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mY\Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU\Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE\Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/\Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=\Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%\Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG\Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo\Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'\Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm\Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc\Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma\Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3\Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m\Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg\Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#\Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?m\Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{\Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?\Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm\Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]\Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;\Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma\Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m\Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3\Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC\Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.\Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_\Michael Young U- gcc 5 bug is fixed so remove workaroundlom\Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}\Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG\Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA\Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7\Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=\Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}]Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_]Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_]Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_U]Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_]Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_S]Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_E]Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_]Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._i]Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_Y]Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cO]Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_Y]Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I']Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!]Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cg]Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%]Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IM]Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_]Rik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+]Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#Iy]Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;]Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7]CheA@- initial rpm release$ m_\Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy\Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello\Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa\Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o \Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTw]Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Y] - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWq] - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPY]Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwu]Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[q] - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NM]Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LA]Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:Kq]Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#]Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaII]Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwO]Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1]Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFs]Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsG]Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsG]Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwO]Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoU]Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-]Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_O]Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_]Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#]Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_y]Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_C]Rik van Riel 2-20050520B@- qemu device model for VMXT;_O]Rik van Riel 2-20050519B- apply some VMX related bugfixesU:_Q]Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]]Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#]Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ ]Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?]Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgS]Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_]Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jiko]Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]]Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]s]Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfk]Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]q]Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/]Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!]Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]Q]Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[]Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{y]Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_Q]Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^Q]Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ ]Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{Y]Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{]Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwI]Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYw]Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=]Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwO]Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVs]Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUs]Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ie]Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3]Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_i]Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/]Juan Quintela - 3.0.2-31Df- re-enable ia64.N_C]Jeremy Katz - 3.0.2-31DA- update to changeset 11405H_7]Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)]Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%]Jeremy Katz - 3.0.2-28D,@- fix a typoY_Y]Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_Y]Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{]Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_o]Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_]Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_g]Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ ]Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ ]Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__]Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7]Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi']Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveU]Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umM]Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htim]Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si']Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmS]Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_Q]Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5]Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]q]Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]Y]Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkm]Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q U]Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]]Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNy]Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyw]Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>y]Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7]Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ye]Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yI]Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_]Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayM]Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqo]Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+]Jeremy Katz - 3.0.3-3E<- fix the buildJ]=]Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#]Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_W]Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{]Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@s]Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eig]Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<i]Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} m]Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _M]Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}]Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk is]Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81]Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yO]Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{S]Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{g]Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}]Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{]Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1]Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/]Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yo]Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]]Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).y]Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yY]Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-]Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+sk]Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)]Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yO]Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(k]Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails']Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7]Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7]Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5]Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#O]Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[]Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!Y]Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeA]Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcA]Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTci]Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScu]Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}Rc]Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQce]Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[A]Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcI]Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcE]Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =]Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{G]Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0Ksq]Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}m]Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)]Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}M]Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwc]Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} ]Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):Ew]Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{w]Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;]Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoByk]Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo ]Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@y]Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{]Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yA]Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=yg]Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yY]Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yM]Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[]Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yW]Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_]Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)]Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1E]jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmm]Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm ]Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)]Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hm]Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5]Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmI]Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%]David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmW]Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%]Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmg]Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac ]Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cs]Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/]Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ce]Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[]Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-]Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cA]Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcW]Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.Y]Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc ]Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWc]Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{]Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mO]Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mC]Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mg]Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m ]Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}K]Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynyms]Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-]Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wm]Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvm]Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumG]Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;]Michael Young - 4.1.0-1M- update to 4.1.0 finalBsy]Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdr]Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm ]Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpm]Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omy]Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}E]Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?o]Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oY]Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQ]Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3]Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start]Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oe]Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xo]Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{]Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B ]Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!]Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!]Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;]Michael Young - 4.1.2-13OXA- fix a packaging error&oa]Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjok]Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeoI]Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmI]Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQ]Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mY]Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdm]Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wm]Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesm]Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQ]Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mW]Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mY]Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=]Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#]Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmK]Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mW]Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%]Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Cm]Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmG]Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmA]Michael Young - 4.1.3-5P~- rebuild for ocaml update~m]Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmw]Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64m]Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7]Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3]Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1ma]Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mC]Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/ma]Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{]Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m ]Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,m]Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+ok]Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*m]Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mi]Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mi]Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'ma]Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&Yy]Michael Young P- correct disabling of xendomains.service on uninstall/%mu]Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mk]Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m ]Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'Eme]Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmG]Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;]Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]Bm]Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;]Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mI]Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m ]Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oG]Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-]Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mc]Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1]Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9]Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mC]Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8]Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}S]Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mc]Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oW]Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmW]Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?Xm]Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoC]Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoG]Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoC]Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.T]Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1]Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRme]Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmA]Michael Young - 4.4.0-8S@- rebuild for ocaml update/Pmu]Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=Om]Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)N]Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[]Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/]Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%]Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-]Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm ]Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoW]Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmO]Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&Fmc]Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imY]Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmU]Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmE]Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/]Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=]Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%]Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coG]Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybo]Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao']Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`m]Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mc]Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^ma]Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3]Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\m]Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mg]Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#]Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{m]Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{]Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?]Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxm]Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]]Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;]Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%uma]Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tm]Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3]Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroC]Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.q]Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_]Michael Young U- gcc 5 bug is fixed so remove workaroundloom]Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}]Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoG]Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmA]Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7]Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=]Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}^Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_^Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_^Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_U^Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_^Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_S^Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_E^Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_^Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_i^Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _Y^Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cO^Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _Y^Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'^Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!^Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cg^Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%^Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IM^Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_^Rik van Riel A(@- upgrade to new snapshot of xen-unstablexI+^Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIy^Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;^Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7^CheA@- initial rpm release$m_]Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy]Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~o]Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oa]Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o ]Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4w^Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Y^ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wq^ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1w^Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0Y^Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wu^Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[q^ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-^Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,A^Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+q^Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#^Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)I^Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wO^Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1^Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&s^Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sG^Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sG^Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wO^Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oU^Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-^Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _O^Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{_^Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#^Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_y^Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN_C^Rik van Riel 2-20050520B@- qemu device model for VMXT_O^Rik van Riel 2-20050519B- apply some VMX related bugfixesU_Q^Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]^Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#^Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ ^Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?^Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgS^Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_^Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIko^Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]^Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]s^Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFk^Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]q^Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/^Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!^Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]Q^Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[^Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{y^Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?Q^Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>Q^Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ ^Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{Y^Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{^Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wI^Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9w^Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=^Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wO^Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6s^Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5s^Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iie^Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3^Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_i^Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/^Juan Quintela - 3.0.2-31Df- re-enable ia64.Ne_C^Jeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7^Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)^Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%^Jeremy Katz - 3.0.2-28D,@- fix a typoYa_Y^Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_Y^Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{^Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_o^Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_^Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_g^Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ ^Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ ^Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__^Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7^Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'^Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeU^Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmM^Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTim^Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'^Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmS^Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_Q^Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5^Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]q^Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]Y^Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkm^Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qU^Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]^Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~y^Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}yw^Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|y^Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7^Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zye^Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyI^Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_^Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyM^Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqo^Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+^Jeremy Katz - 3.0.3-3E<- fix the buildJt]=^Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#^Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_W^Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{^Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@ps^Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoig^Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mm^Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_M^Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}^Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjis^Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1^Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayO^Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{S^Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{g^Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}^Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{^Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1^Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/^Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyo^Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]^Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)y^Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yY^Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-^Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sk^Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)^Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yO^Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7k^Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails^Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7^Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7^Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5^Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iO^Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[^Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4Y^Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eA^Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cA^Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4ci^Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cu^Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2c^Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1ce^Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[A^Tomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cI^Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cE^Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =^Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{G^Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sq^Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}m^Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)^Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}M^Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wc^Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} ^Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%w^Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${w^Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;^Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yk^Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o ^Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase y^Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{^Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yA^Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmyg^Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyY^Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yM^Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[^Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yW^Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_^Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)^Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1E^jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmm^Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm ^Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)^Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77Hm^Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5^Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmI^Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%^David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmW^Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%^Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(Bmg^Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc ^Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@cs^Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/^Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>ce^Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[^Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-^Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cA^Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cW^Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9^Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c ^Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7c^Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{^Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mO^Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mC^Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mg^Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m ^Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}K^Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYms^Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-^Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]Wm^Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVm^Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmG^Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;^Michael Young - 4.1.0-1M- update to 4.1.0 finalBSy^Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdR^Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm ^Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPm^Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1Omy^Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}E^Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?to^Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soY^Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQ^Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3^Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startp^Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooe^Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xno^Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{^Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)Bl^Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!^Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!^Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;^Michael Young - 4.1.2-13OXA- fix a packaging error&hoa^Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgok^Michael Young - 4.1.2-11ONA- put the systemd files back in the right placefoI^Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemI^Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQ^Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmY^Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbm^Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wam^Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`m^Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQ^Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mW^Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mY^Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=^Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#^Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mK^Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mW^Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%^Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)Czm^Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymG^Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmA^Michael Young - 4.1.3-5P~- rebuild for ocaml update~wm^Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmw^Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6m^Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7^Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3^Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%ma^Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mC^Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%ma^Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{^Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m ^Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 m^Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk ok^Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x m^Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mi^Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mi^Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%ma^Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYy^Michael Young P- correct disabling of xendomains.service on uninstall/mu^Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mk^Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym ^Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%me^Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mG^Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;^Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"m^Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;^Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mI^Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m ^Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oG^Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-^Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mc^Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1^Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9^Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmC^Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.^Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}S^Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmc^Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oW^Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mW^Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8m^Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oC^Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oG^Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oC^Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4^Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1^Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2me^Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mA^Michael Young - 4.4.0-8S@- rebuild for ocaml update/0mu^Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/m^Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).^Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[^Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/^Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%^Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-^Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m ^Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oW^Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mO^Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mc^Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImY^Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmU^Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmE^Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/^Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=^Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%^Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoG^Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBo^Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'^Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@m^Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mc^Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>ma^Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3^Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<m^Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mg^Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#^Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[m^Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{^Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?^Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXm^Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]^Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;^Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%Uma^Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)Tm^Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3^Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoC^Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.Q^Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_^Michael Young U- gcc 5 bug is fixed so remove workaroundlOom^Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}^Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoG^Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmA^Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7^Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=^Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}_Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u__Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt__Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_U_Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor__Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_S_Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_E_Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo__Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_i_Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_Y_Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcO_Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_Y_Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'_Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!_Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcg_Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%_Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIM_Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI__Rik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+_Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIy_Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;_Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7_CheA@- initial rpm release$`m_^Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oy^Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^o^Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oa^Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o ^Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xw_Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Y_ - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWq_ - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<w_Jeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlY_Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswu_Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[q_ - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N _Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt A_Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: q_Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#_Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa I_Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wO_Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1_Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvs_Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsG_Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsG_Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wO_Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oU_Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-_Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_O_Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#_Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_y_Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_C_Rik van Riel 2-20050520B@- qemu device model for VMXT{_O_Rik van Riel 2-20050519B- apply some VMX related bugfixesUz_Q_Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]_Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#_Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ _Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?_Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gS_Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]__Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)ko_Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]_Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']s_Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&k_Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]q_Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/_Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!_Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]Q_Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![_Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {y_Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ_Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQ_Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ _Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{Y_Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{_Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wI_Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsw_Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=_Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawO_Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zs_Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesws_Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%Iie_Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3_Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_i_Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/_Juan Quintela - 3.0.2-31Df- re-enable ia64.NE_C_Jeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7_Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)_Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%_Jeremy Katz - 3.0.2-28D,@- fix a typoYA_Y_Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_Y_Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{_Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_o_Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=__Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_g_Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ _Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ _Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9___Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7_Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'_Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eU_Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mM_Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4im_Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'_Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mS_Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_Q_Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5_Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]q_Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]Y_Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-km_Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`U_Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]_Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^y_Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]yw_Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\y_Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7_Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-Zye_Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyI_Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy__Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyM_Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqo_Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+_Jeremy Katz - 3.0.3-3E<- fix the buildJT]=_Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#_Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_W_Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{_Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@Ps_Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOig_Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}Mm_Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_M_Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}_Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJis_Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1_Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyO_Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{S_Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{g_Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}_Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{_Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1_Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/_Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyo_Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]_Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ny_Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyY_Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-_Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mksk_Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)_Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyO_Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hk_Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsg_Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7_Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7_Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5_Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icO_Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[_Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aY_Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeA_Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cA_Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cci_Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icu_Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}c_Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchace_Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[A_Tomas Mraz - 3.3.1-2Is- rebuild with new opensslScI_Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cE_Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =_Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {G_Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sq_Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }m_Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)_Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}M_Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwc_Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} _Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):w_Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{w_Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;_Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoyk_Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo _Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebasey_Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{_Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yA_Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yg_Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yY_Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yM_Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[_Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyW_Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m__Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)_Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1E_jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mm_Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m _Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)_Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(m_Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5_Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mI_Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%_David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mW_Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%_Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mg_Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c _Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cs_Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/_Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)ace_Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[_Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-_Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcA_Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cW_Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build._Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c _Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xc_Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{_Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mO_Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mC_Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mg_Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m _Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}K_Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9ms_Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-_Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7m_Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6m_Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mG_Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;_Michael Young - 4.1.0-1M- update to 4.1.0 finalB3y_Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2_Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m _Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0m_Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/my_Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}E_Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?To_Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoY_Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQ_Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3_Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startP_Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(Ooe_Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNo_Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{_Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BL_Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!_Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!_Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;_Michael Young - 4.1.2-13OXA- fix a packaging error&Hoa_Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGok_Michael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoI_Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmI_Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQ_Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmY_Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBm_Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAm_Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@m_Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQ_Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amW_Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mY_Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=_Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#_Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mK_Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mW_Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%_Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZm_Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmG_Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmA_Michael Young - 4.1.3-5P~- rebuild for ocaml update~Wm_Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmw_Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tm_Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7_Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3_Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qma_Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmC_Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%oma_Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{_Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm _Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lm_Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkok_Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjm_Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimi_Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmi_Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gma_Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYy_Michael Young P- correct disabling of xendomains.service on uninstall/emu_Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmk_Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm _Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'me_Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmG_Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;_Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]m_Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;_Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mI_Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m _Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oG_Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-_Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mc_Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1_Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9_Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymC_Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.x_Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}S_Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmc_Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoW_Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mW_Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?m_Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoC_Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoG_Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoC_Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild._Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1_Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fme_Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmA_Michael Young - 4.4.0-8S@- rebuild for ocaml update/mu_Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=m_Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)_Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[_Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/_Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%_Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-_Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m _Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oW_Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mO_Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mc_Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mY_Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mU_Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mE_Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/_Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=_Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%_Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oG_Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"o_Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'_Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC m_Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc_Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)ema_Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3_Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|m_Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmg_Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#_Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;m_Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{_Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?_Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8m_Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]_Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;_Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5ma_Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4m_Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3_Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oC_Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1_Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y__Michael Young U- gcc 5 bug is fixed so remove workaroundl/om_Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}_Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oG_Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mA_Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7_Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=_Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}`Rik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_`Rik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_`Rik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_U`Rik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_`Rik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_S`Rik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_E`Rik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_`Rik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_i`Rik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_Y`Rik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcO`Rik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_Y`Rik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'`Jeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!`Rik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#Hcg`Jeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%`Rik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIM`Rik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_`Rik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+`Rik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIy`Rik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;`Rik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7`CheA@- initial rpm release$@m__Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oy_Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>o_Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oa_Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o _Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) p y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" {tmf_XQJC<5Ł4ā"ÁnV8  lT6 yeTB5vX@́Lˁ4ʁɁ{ȁiǁYƁEŁ4ā"ÁnV8  lT6 yeTB5vX@) tV;)tbU?.x`I,v[I9%u_N6iL4{iYE4"nV8~ } |l{Tz6yx wyveuTtBs5rqpvoXn@m)l ktjVi;h)gfetdbcUb?a.`_x^`]I\,[ZvY[XIW9V%UTSuR_QNP6ONMiLLK4JI{HiGYFEE4D"CBAn@V?8> =   } % 1Y;G&xtw`Bill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Y` - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWq` - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpY`Bill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowu`Jeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[q` - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)Nm`Jesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lA`Juan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kq`Daniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#`Jeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiI`Jeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwO`Jeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1`Jeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfs`Jeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesG`Jeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsG`Jeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwO`Jeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boU`Rik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-`Rik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_O`Rik van Riel 2-20050823C - upgrade to today's Xen snapshot{__`Rik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#`Rik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_y`Rik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_C`Rik van Riel 2-20050520B@- qemu device model for VMXT[_O`Rik van Riel 2-20050519B- apply some VMX related bugfixesUZ_Q`Rik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]`Jeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#`Rik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ `Rik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?`Stephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gS`Stephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_`Jeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j ko`Daniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]`Jeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]s`Jeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtk`Daniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]q`Jeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/`Jeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!`Stephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]Q`Jeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[`Stephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{y`Rik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQ`Stephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~Q`Stephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ `Jeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{Y`Jeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{`Jeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwI`Jeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsyw`Jeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=`Jeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwO`Jeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvs`Jesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswus`Bill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)ie`Stephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3`Stephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_i`Jeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/`Juan Quintela - 3.0.2-31Df- re-enable ia64.N%_C`Jeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7`Jeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)`Jeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%`Jeremy Katz - 3.0.2-28D,@- fix a typoY!_Y`Jeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _Y`Jeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{`Jeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_o`Jeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._`Jeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_g`Jeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ `Rik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ `Jeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__`Jeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7`Jeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'`Mark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeU`Mark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mM`Daniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.him`Stephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'`Stephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermS`Daniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_Q`Jeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5`Jeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]q`Jeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]Y`Jeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi km`Daniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@U`Daniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]`Daniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>y`Daniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=yw`Daniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><y`Daniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7`Daniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:ye`Daniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yI`Daniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_`Daniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yM`Daniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qo`Daniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+`Jeremy Katz - 3.0.3-3E<- fix the buildJ4]=`Jeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#`Daniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_W`Jeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{`Stephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0s`Daniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ig`Stephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.i`Stephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-m`Daniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_M`Jeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}`Daniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*is`Stephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1`Release Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyO`Daniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{S`Daniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{g`Daniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}`Daniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{`Daniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1`Chris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/`Daniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyo`Daniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]`Daniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)Ny`Daniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyY`Daniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-`Daniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsk`Markus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)`Daniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyO`Daniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7Hk`Daniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsG`Daniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7`Daniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7`Daniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5`Daniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCO`Daniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[`Daniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AY`Daniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveA`Gerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucA`Gerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctci`Gerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscu`Gerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rc`Gerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqce`Gerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[A`Tomas Mraz - 3.3.1-2Is- rebuild with new opensslSocI`Gerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncE`Gerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =`Ignacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{G`Daniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksq`Mark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}m`Daniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)`Markus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}M`Daniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwc`Markus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} `Daniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ew`Markus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{w`Daniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;`Daniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyk`Daniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao `Mark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`y`Daniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{`Daniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yA`Daniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yg`Daniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yY`Daniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yM`Daniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[`Daniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyW`Daniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_`Michael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)`Michael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1E`jkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mm`Michael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m `Michael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)`Michael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77m`Michael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5`Michael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmI`Michael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%`David Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mW`Michael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%`Michael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mg`Michael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc `Gerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcs`Gerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/`Justin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~ce`Gerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[`Gerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-`Gerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cA`Gerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcW`Gerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.y`Fedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc `Gerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwc`Gerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{`Michael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mO`Michael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemC`Michael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmg`Michael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m `Michael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}K`Michael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynms`Michael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-`Michael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]m`Michael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6um`Michael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmG`Michael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;`Michael Young - 4.1.0-1M- update to 4.1.0 finalBy`Michael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd`Fedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm `Michael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightm`Michael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1my`Michael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}E`Michael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4o`Michael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oY`Michael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQ`Michael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3`Michael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0`Fedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oe`Michael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.o`Michael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{`Michael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,`Michael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!`Michael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!`Michael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;`Michael Young - 4.1.2-13OXA- fix a packaging error&(oa`Michael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'ok`Michael Young - 4.1.2-11ONA- put the systemd files back in the right place&oI`Michael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mI`Michael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQ`Michael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mY`Michael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"m`Michael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!m`Michael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes m`Michael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQ`Michael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmW`Michael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mY`Richard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=`Michael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#`Michael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mK`Michael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mW`Michael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%`Michael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:m`Michael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mG`Michael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mA`Michael Young - 4.1.3-5P~- rebuild for ocaml update~7m`Michael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mw`Michael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6Tm`Michael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7`Michael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3`Michael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%Qma`Michael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmC`Michael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%Oma`Michael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{`Michael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm `Michael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208Lm`Michael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKok`Michael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJm`Michael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImi`Michael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)Hmi`Michael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%Gma`Michael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYy`Michael Young P- correct disabling of xendomains.service on uninstall/Emu`Michael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*Dmk`Michael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm `Michael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'eme`Michael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmG`Michael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;`Michael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bm`Michael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;`Michael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mI`Michael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m `Michael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oG`Michael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-`Michael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mc`Michael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1`Michael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9`Michael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmC`Richard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.X`Fedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}S`Michael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmc`Michael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoW`Michael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymW`Michael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xm`Michael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoC`Richard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoG`Richard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoC`Richard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.t`Fedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1`Michael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frme`Richard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmA`Michael Young - 4.4.0-8S@- rebuild for ocaml update/pmu`Michael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=om`Michael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)n`Fedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[`Michael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/`Michael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%`Michael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-`Michael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim `Michael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoW`Michael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmO`Michael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmc`Michael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mY`Michael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mU`Michael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mE`Michael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/`Michael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=`Michael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%`Michael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oG`Michael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yo`Michael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'`Michael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCm`Michael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mc`Michael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~ma`Michael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3`Michael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||m`Michael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mg`Michael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#`Michael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?m`Michael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{`Michael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?`Michael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xm`Michael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]`Michael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;`Richard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%ma`Michael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)m`Michael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3`Michael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoC`Richard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.`Fedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_`Michael Young U- gcc 5 bug is fixed so remove workaroundlom`Michael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}`Michael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oG`Michael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mA`Michael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7`Michael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=`Michael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}aRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_aRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_aRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UaRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_aRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SaRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EaRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_aRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iaRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YaRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOaRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YaRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'aJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!aRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgaJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%aRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMaRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_aRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+aRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyaRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;aRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7aCheA@- initial rpm release$ m_`Michael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoy`Michael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wello`Michael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oa`Michael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o `Michael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwaBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Ya - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqa - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYaBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuaJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qa - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMaJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAaJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqaDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#aJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIaJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOaJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1aJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsaJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGaJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGaJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOaJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUaRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-aRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OaRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_aRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#aRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yaRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CaRik van Riel 2-20050520B@- qemu device model for VMXT;_OaRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QaRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]aJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#aRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ aRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?aStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSaStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_aJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoaDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]aJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]saJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkaDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qaJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/aJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!aStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QaJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[aStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yaRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QaStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QaStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ aJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YaJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{aJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIaJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwaJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=aJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOaJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsaJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsaBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieaStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3aStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iaJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/aJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CaJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7aJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)aJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%aJeremy Katz - 3.0.2-28D,@- fix a typoY_YaJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YaJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{aJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oaJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_aJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gaJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ aRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ aJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__aJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7aJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'aMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUaMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMaDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimaStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'aStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSaDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QaJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5aJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qaJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YaJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmaDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UaDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]aDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyaDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywaDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yaDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7aDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeaDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIaDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_aDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMaDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoaDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+aJeremy Katz - 3.0.3-3E<- fix the buildJ]=aJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#aDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WaJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{aStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@saDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigaStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iaStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} maDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MaJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}aDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isaStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81aRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOaDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SaDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gaDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}aDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{aDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1aChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/aDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoaDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]aDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yaDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYaDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-aDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skaMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)aDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOaDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kaDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'aDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7aDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7aDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5aDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OaDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[aDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YaDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAaGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAaGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciaGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuaGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcaGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceaGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AaTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIaGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEaGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =aIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GaDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqaMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}maDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)aMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MaDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcaMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} aDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwaMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{waDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;aDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykaDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo aMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yaDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{aDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAaDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygaDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYaDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMaDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[aDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWaDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_aMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)aMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Eajkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmaMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm aMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)aMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmaMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5aMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIaMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%aDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWaMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%aMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgaMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac aGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csaGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/aJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceaGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[aGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-aGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAaGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWaGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YaFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc aGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWcaGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{aMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOaMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCaMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgaMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m aMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KaMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsaMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-aMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmaMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmaMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGaMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;aMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyaMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdraFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm aMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmaMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyaMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EaMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oaMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYaMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQaMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3aMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startaFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeaMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoaMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{aMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B aMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!aMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!aMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;aMichael Young - 4.1.2-13OXA- fix a packaging error&oaaMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokaMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIaMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIaMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQaMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYaMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmaMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmaMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmaMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQaMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWaMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYaRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=aMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#aMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKaMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWaMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%aMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmaMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGaMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAaMichael Young - 4.1.3-5P~- rebuild for ocaml update~maMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwaMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64maMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7aMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3aMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maaMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCaMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maaMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{aMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m aMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,maMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okaMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*maMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miaMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miaMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maaMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyaMichael Young P- correct disabling of xendomains.service on uninstall/%muaMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkaMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m aMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeaMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGaMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;aMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmaMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;aMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIaMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m aMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGaMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-aMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcaMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1aMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9aMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCaRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8aFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SaMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcaMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWaMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWaMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmaMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCaRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGaRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCaRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TaFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1aMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeaRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAaMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuaMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmaMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NaFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[aMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/aMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%aMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-aMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm aMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWaMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOaMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcaMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYaMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUaMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEaMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/aMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=aMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%aMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGaMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboaMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'aMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`maMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcaMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maaMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3aMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\maMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgaMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#aMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{maMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{aMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?aMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmaMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]aMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;aRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaaMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmaMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3aMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCaRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qaFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_aMichael Young U- gcc 5 bug is fixed so remove workaroundloomaMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}aMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGaMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAaMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7aMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=aMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}bRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_bRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_bRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UbRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_bRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SbRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EbRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_bRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_ibRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YbRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cObRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YbRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'bJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!bRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgbJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%bRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMbRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_bRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+bRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIybRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;bRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7bCheA@- initial rpm release$m_aMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyaMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oaMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaaMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o aMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wbBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Yb - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wqb - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wbJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YbBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wubJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qb - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-bJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AbJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qbDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#bJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IbJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wObJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1bJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sbJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGbJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGbJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wObJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUbRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-bRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _ObRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_bRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#bRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_ybRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CbRik van Riel 2-20050520B@- qemu device model for VMXT_ObRik van Riel 2-20050519B- apply some VMX related bugfixesU_QbRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]bJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#bRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ bRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?bStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSbStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_bJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkobDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]bJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sbJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkbDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qbJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/bJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!bStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QbJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[bStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{ybRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QbStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QbStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ bJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YbJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{bJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIbJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wbJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=bJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wObJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sbJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sbBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iiebStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3bStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_ibJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/bJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CbJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7bJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)bJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%bJeremy Katz - 3.0.2-28D,@- fix a typoYa_YbJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YbJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{bJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_obJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_bJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gbJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ bRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ bJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__bJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7bJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'bMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUbMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMbDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimbStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'bStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSbDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QbJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5bJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qbJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YbJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmbDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUbDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]bDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~ybDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywbDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|ybDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7bDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyebDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIbDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_bDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMbDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqobDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+bJeremy Katz - 3.0.3-3E<- fix the buildJt]=bJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#bDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WbJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{bStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psbDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigbStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmbDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MbJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}bDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisbStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1bRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayObDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SbDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gbDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}bDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{bDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1bChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/bDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyobDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]bDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ybDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYbDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-bDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skbMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)bDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yObDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kbDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsbDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7bDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7bDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5bDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iObDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[bDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YbDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAbGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAbGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4cibGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cubGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cbGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1cebGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AbTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIbGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEbGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =bIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GbDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqbMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mbDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)bMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MbDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcbMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} bDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wbMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wbDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;bDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykbDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o bMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase ybDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{bDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAbDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygbDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYbDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMbDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[bDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWbDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_bMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)bMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Ebjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmbMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm bMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)bMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmbMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5bMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIbMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%bDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWbMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%bMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgbMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc bGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csbGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/bJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>cebGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[bGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-bGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAbGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWbGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9bFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c bGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cbGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{bMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mObMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCbMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgbMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m bMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KbMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsbMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-bMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmbMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmbMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGbMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;bMichael Young - 4.1.0-1M- update to 4.1.0 finalBSybMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRbFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm bMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmbMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmybMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EbMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?tobMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYbMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQbMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3bMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpbFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooebMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnobMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{bMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlbMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!bMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!bMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;bMichael Young - 4.1.2-13OXA- fix a packaging error&hoabMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokbMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIbMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIbMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQbMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYbMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmbMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wambMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mbMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQbMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWbMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYbRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=bMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#bMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKbMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWbMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%bMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmbMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGbMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAbMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmbMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwbMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mbMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7bMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3bMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%mabMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCbMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%mabMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{bMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m bMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mbMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okbMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mbMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mibMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mibMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%mabMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYybMichael Young P- correct disabling of xendomains.service on uninstall/mubMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkbMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym bMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%mebMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGbMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;bMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mbMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;bMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIbMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m bMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGbMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-bMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcbMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1bMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9bMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCbRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.bFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SbMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcbMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWbMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWbMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mbMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCbRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGbRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCbRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4bFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1bMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2mebRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAbMichael Young - 4.4.0-8S@- rebuild for ocaml update/0mubMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mbMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).bFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[bMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/bMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%bMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-bMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m bMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWbMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mObMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcbMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYbMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUbMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEbMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/bMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=bMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%bMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGbMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBobMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'bMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mbMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcbMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>mabMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3bMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mbMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgbMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#bMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mbMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{bMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?bMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmbMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]bMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;bRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmabMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmbMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3bMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCbRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QbFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_bMichael Young U- gcc 5 bug is fixed so remove workaroundlOombMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}bMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGbMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAbMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7bMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=bMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}cRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_cRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_cRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UcRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_cRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_ScRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EcRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_cRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_icRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YcRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOcRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YcRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'cJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!cRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgcJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%cRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMcRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_cRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+cRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIycRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;cRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7cCheA@- initial rpm release$`m_bMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oybMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^obMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oabMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o bMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwcBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Yc - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqc - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wcJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYcBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswucJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qc - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N cJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AcJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qcDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#cJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IcJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOcJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1cJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvscJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGcJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGcJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOcJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUcRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-cRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OcRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_cRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#cRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_ycRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CcRik van Riel 2-20050520B@- qemu device model for VMXT{_OcRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QcRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]cJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#cRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ cRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?cStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gScStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_cJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)kocDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]cJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']scJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kcDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qcJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/cJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!cStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QcJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![cStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {ycRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQcStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQcStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ cJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YcJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{cJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIcJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswcJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=cJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOcJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zscJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswscBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IiecStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3cStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_icJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/cJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CcJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7cJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)cJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%cJeremy Katz - 3.0.2-28D,@- fix a typoYA_YcJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YcJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{cJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_ocJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_cJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gcJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ cRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ cJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__cJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7cJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'cMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUcMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMcDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imcStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'cStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mScDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QcJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5cJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qcJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YcJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmcDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`UcDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]cDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^ycDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywcDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\ycDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7cDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyecDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIcDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_cDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMcDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqocDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+cJeremy Katz - 3.0.3-3E<- fix the buildJT]=cJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#cDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WcJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{cStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PscDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigcStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmcDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_McJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}cDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJiscStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1cRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOcDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{ScDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gcDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}cDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{cDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1cChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/cDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyocDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]cDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nycDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYcDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-cDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskcMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)cDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOcDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkcDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgcDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7cDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7cDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5cDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOcDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[cDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYcDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeAcGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAcGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ccicGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icucGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}ccGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchacecGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AcTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIcGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEcGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =cIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GcDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqcMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mcDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)cMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}McDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwccMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} cDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wcMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wcDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;cDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykcDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo cMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseycDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{cDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAcDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygcDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYcDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMcDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[cDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWcDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_cMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)cMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Ecjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmcMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m cMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)cMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mcMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5cMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIcMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%cDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWcMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%cMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgcMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c cGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cscGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/cJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)acecGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[cGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-cGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAcGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWcGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.cFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c cGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xccGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{cMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOcMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCcMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgcMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m cMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KcMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9mscMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-cMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mcMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mcMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGcMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;cMichael Young - 4.1.0-1M- update to 4.1.0 finalB3ycMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2cFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m cMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mcMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/mycMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}EcMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?TocMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYcMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQcMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3cMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPcFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoecMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNocMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{cMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLcMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!cMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!cMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;cMichael Young - 4.1.2-13OXA- fix a packaging error&HoacMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokcMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIcMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIcMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQcMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYcMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmcMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmcMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mcMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQcMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWcMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYcRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=cMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#cMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKcMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWcMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%cMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmcMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGcMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAcMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmcMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwcMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmcMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7cMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3cMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmacMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCcMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omacMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{cMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm cMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmcMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokcMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmcMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimicMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmicMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmacMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYycMichael Young P- correct disabling of xendomains.service on uninstall/emucMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkcMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm cMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'mecMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGcMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;cMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mcMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;cMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIcMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m cMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGcMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-cMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mccMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1cMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9cMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCcRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xcFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}ScMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmccMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWcMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWcMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mcMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCcRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGcRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCcRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.cFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1cMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmecRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAcMichael Young - 4.4.0-8S@- rebuild for ocaml update/mucMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mcMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)cFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[cMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/cMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%cMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-cMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m cMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWcMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOcMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mccMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYcMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUcMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEcMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/cMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=cMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%cMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGcMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"ocMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'cMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mcMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mccMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emacMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3cMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mcMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgcMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#cMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;mcMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{cMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?cMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mcMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]cMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;cRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5macMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mcMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3cMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCcRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1cFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_cMichael Young U- gcc 5 bug is fixed so remove workaroundl/omcMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}cMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGcMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAcMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7cMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=cMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}dRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_dRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_dRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UdRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_dRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SdRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EdRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_dRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_idRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YdRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOdRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YdRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'dJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!dRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcgdJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%dRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMdRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_dRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+dRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIydRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;dRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7dCheA@- initial rpm release$@m_cMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oycMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>ocMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oacMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o cMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtwdBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Yd - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqd - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYdBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowudJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qd - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmdJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAdJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqdDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#dJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIdJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOdJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1dJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfsdJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGdJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGdJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOdJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUdRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-dRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OdRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__dRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#dRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_ydRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_CdRik van Riel 2-20050520B@- qemu device model for VMXT[_OdRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QdRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]dJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#dRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ dRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?dStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSdStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_dJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j kodDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]dJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]sdJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkdDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qdJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/dJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!dStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QdJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[dStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{ydRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQdStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QdStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ dJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YdJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{dJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIdJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywdJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=dJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOdJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvsdJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswusdBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)iedStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3dStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_idJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/dJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_CdJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7dJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)dJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%dJeremy Katz - 3.0.2-28D,@- fix a typoY!_YdJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YdJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{dJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_odJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._dJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_gdJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ dRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ dJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__dJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7dJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'dMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUdMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMdDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himdStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'dStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSdDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QdJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5dJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qdJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YdJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi kmdDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@UdDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]dDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>ydDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywdDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><ydDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7dDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yedDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIdDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_dDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMdDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qodDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+dJeremy Katz - 3.0.3-3E<- fix the buildJ4]=dJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#dDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WdJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{dStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0sdDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/igdStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.idStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mdDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MdJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}dDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*isdStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1dRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOdDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SdDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{gdDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}dDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{dDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1dChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/dDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyodDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]dDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NydDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYdDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-dDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskdMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)dDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOdDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkdDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGdDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7dDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7dDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5dDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOdDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[dDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AYdDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveAdGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAdGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctcidGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscudGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rcdGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqcedGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[AdTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIdGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEdGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =dIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GdDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqdMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mdDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)dMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MdDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwcdMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} dDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewdMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wdDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;dDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykdDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao dMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`ydDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{dDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAdDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]ygdDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYdDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMdDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[dDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyWdDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_dMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)dMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1Edjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmdMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m dMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)dMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mdMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5dMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIdMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%dDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWdMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%dMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mgdMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc dGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcsdGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/dJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~cedGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[dGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-dGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAdGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWdGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.ydFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc dGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwcdGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{dMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOdMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemCdMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmgdMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m dMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KdMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmsdMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-dMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mdMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umdMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGdMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;dMichael Young - 4.1.0-1M- update to 4.1.0 finalBydMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogddFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm dMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmdMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1mydMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}EdMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4odMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYdMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQdMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3dMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0dFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oedMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.odMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{dMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,dMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!dMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!dMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;dMichael Young - 4.1.2-13OXA- fix a packaging error&(oadMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okdMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIdMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIdMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQdMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYdMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mdMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mdMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mdMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQdMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWdMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYdRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=dMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#dMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKdMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWdMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%dMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mdMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGdMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAdMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mdMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwdMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmdMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7dMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3dMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmadMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmCdMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmadMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{dMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm dMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmdMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokdMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmdMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImidMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmidMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmadMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYydMichael Young P- correct disabling of xendomains.service on uninstall/EmudMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkdMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm dMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emedMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGdMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;dMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmdMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;dMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIdMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m dMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGdMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-dMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mcdMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1dMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9dMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmCdRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XdFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SdMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmcdMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWdMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWdMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmdMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoCdRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGdRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoCdRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tdFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1dMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmedRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAdMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmudMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omdMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)ndFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[dMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/dMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%dMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-dMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim dMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWdMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOdMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmcdMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYdMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUdMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEdMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/dMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=dMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%dMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGdMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yodMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'dMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmdMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcdMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~madMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3dMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mdMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mgdMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#dMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mdMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{dMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?dMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmdMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]dMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;dRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%madMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mdMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3dMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoCdRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.dFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_dMichael Young U- gcc 5 bug is fixed so remove workaroundlomdMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}dMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGdMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAdMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7dMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=dMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}eRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_eRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_eRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UeRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_eRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SeRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EeRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_eRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._ieRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YeRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOeRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YeRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'eJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!eRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgeJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%eRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMeRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_eRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+eRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyeRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;eRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7eCheA@- initial rpm release$ m_dMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoydMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wellodMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oadMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o dMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTweBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Ye - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqe - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYeBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwueJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qe - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMeJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAeJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqeDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#eJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIeJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOeJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1eJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFseJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGeJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGeJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOeJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUeRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-eRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OeRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_eRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#eRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yeRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CeRik van Riel 2-20050520B@- qemu device model for VMXT;_OeRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QeRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]eJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#eRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ eRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?eStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSeStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_eJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoeDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]eJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]seJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkeDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qeJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/eJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!eStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QeJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[eStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yeRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QeStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QeStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ eJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YeJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{eJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIeJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYweJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=eJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOeJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVseJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUseBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieeStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3eStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_ieJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/eJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CeJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7eJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)eJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%eJeremy Katz - 3.0.2-28D,@- fix a typoY_YeJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YeJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{eJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oeJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_eJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_geJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ eRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ eJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__eJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7eJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'eMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUeMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMeDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimeStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'eStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSeDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QeJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5eJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qeJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YeJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmeDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UeDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]eDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyeDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uyweDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yeDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7eDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeeDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIeDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_eDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMeDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoeDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+eJeremy Katz - 3.0.3-3E<- fix the buildJ]=eJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#eDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WeJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{eStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@seDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigeStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<ieStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} meDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MeJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}eDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk iseStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81eRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOeDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SeDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{geDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}eDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{eDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1eChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/eDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoeDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]eDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yeDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYeDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-eDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skeMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)eDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOeDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(keDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'eDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7eDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7eDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5eDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OeDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[eDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YeDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAeGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAeGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTcieGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScueGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RceGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceeGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AeTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIeGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEeGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =eIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GeDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqeMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}meDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)eMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MeDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwceMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} eDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EweMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{weDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;eDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykeDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo eMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yeDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{eDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAeDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygeDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYeDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMeDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[eDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWeDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_eMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)eMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Eejkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmeMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm eMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)eMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmeMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5eMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIeMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%eDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWeMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%eMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgeMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac eGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`cseGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/eJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceeGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[eGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-eGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAeGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWeGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YeFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc eGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWceGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{eMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOeMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCeMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgeMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m eMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KeMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymseMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-eMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmeMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmeMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGeMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;eMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyeMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdreFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm eMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmeMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyeMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EeMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oeMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYeMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQeMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3eMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to starteFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeeMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoeMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{eMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B eMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!eMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!eMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;eMichael Young - 4.1.2-13OXA- fix a packaging error&oaeMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokeMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIeMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIeMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQeMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYeMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmeMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmeMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmeMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQeMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWeMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYeRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=eMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#eMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKeMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWeMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%eMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmeMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGeMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAeMichael Young - 4.1.3-5P~- rebuild for ocaml update~meMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmweMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64meMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7eMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3eMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maeMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCeMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maeMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{eMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m eMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,meMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okeMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*meMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mieMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mieMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maeMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyeMichael Young P- correct disabling of xendomains.service on uninstall/%mueMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkeMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m eMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeeMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGeMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;eMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmeMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;eMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIeMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m eMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGeMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-eMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mceMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1eMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9eMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCeRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8eFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SeMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mceMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWeMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWeMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmeMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCeRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGeRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCeRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TeFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1eMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeeRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAeMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmueMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmeMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NeFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[eMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/eMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%eMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-eMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm eMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWeMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOeMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmceMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYeMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUeMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEeMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/eMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=eMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%eMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGeMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboeMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'eMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`meMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mceMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maeMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3eMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\meMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgeMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#eMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{meMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{eMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?eMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmeMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]eMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;eRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaeMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmeMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3eMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCeRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qeFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_eMichael Young U- gcc 5 bug is fixed so remove workaroundloomeMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}eMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGeMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAeMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7eMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=eMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}fRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_fRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_fRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UfRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_fRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SfRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EfRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_fRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_ifRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YfRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOfRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YfRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'fJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!fRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgfJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%fRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMfRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_fRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+fRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyfRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;fRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7fCheA@- initial rpm release$m_eMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyeMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oeMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaeMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o eMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wfBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Yf - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wqf - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wfJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YfBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wufJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qf - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-fJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AfJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qfDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#fJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IfJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOfJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1fJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sfJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGfJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGfJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOfJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUfRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-fRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OfRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_fRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#fRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yfRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CfRik van Riel 2-20050520B@- qemu device model for VMXT_OfRik van Riel 2-20050519B- apply some VMX related bugfixesU_QfRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]fJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#fRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ fRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?fStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSfStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_fJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkofDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]fJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sfJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkfDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qfJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/fJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!fStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QfJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[fStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yfRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QfStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QfStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ fJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YfJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{fJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIfJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wfJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=fJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOfJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sfJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sfBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iiefStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3fStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_ifJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/fJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CfJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7fJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)fJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%fJeremy Katz - 3.0.2-28D,@- fix a typoYa_YfJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YfJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{fJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_ofJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_fJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gfJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ fRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ fJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__fJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7fJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'fMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUfMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMfDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimfStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'fStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSfDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QfJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5fJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qfJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YfJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmfDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUfDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]fDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yfDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywfDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yfDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7fDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyefDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIfDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_fDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMfDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqofDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+fJeremy Katz - 3.0.3-3E<- fix the buildJt]=fJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#fDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WfJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{fStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psfDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigfStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmfDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MfJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}fDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisfStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1fRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOfDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SfDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gfDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}fDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{fDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1fChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/fDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyofDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]fDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yfDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYfDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-fDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skfMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)fDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOfDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kfDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsfDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7fDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7fDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5fDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOfDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[fDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YfDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAfGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAfGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4cifGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cufGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cfGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1cefGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AfTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIfGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEfGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =fIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GfDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqfMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mfDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)fMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MfDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcfMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} fDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wfMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wfDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;fDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykfDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o fMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yfDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{fDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAfDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygfDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYfDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMfDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[fDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWfDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_fMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)fMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Efjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmfMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm fMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)fMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmfMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5fMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIfMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%fDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWfMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%fMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgfMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc fGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csfGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/fJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>cefGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[fGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-fGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAfGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWfGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9fFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c fGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cfGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{fMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOfMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCfMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgfMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m fMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KfMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsfMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-fMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmfMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmfMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGfMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;fMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyfMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRfFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm fMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmfMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyfMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EfMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?tofMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYfMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQfMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3fMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpfFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooefMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnofMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{fMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlfMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!fMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!fMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;fMichael Young - 4.1.2-13OXA- fix a packaging error&hoafMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokfMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIfMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIfMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQfMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYfMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmfMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamfMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mfMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQfMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWfMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYfRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=fMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#fMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKfMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWfMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%fMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmfMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGfMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAfMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmfMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwfMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mfMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7fMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3fMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%mafMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCfMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%mafMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{fMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m fMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mfMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okfMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mfMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mifMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mifMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%mafMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyfMichael Young P- correct disabling of xendomains.service on uninstall/mufMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkfMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym fMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%mefMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGfMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;fMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mfMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;fMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIfMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m fMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGfMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-fMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcfMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1fMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9fMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCfRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.fFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SfMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcfMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWfMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWfMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mfMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCfRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGfRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCfRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4fFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1fMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2mefRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAfMichael Young - 4.4.0-8S@- rebuild for ocaml update/0mufMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mfMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).fFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[fMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/fMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%fMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-fMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m fMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWfMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOfMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcfMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYfMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUfMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEfMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/fMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=fMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%fMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGfMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBofMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'fMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mfMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcfMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>mafMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3fMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mfMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgfMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#fMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mfMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{fMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?fMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmfMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]fMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;fRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmafMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmfMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3fMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCfRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QfFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_fMichael Young U- gcc 5 bug is fixed so remove workaroundlOomfMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}fMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGfMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAfMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7fMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=fMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}gRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_gRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_gRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UgRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_gRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SgRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EgRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_gRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_igRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YgRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOgRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YgRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'gJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!gRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcggJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%gRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMgRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_gRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+gRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIygRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;gRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7gCheA@- initial rpm release$`m_fMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyfMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^ofMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oafMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o fMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwgBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Yg - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqg - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wgJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYgBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswugJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qg - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N gJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AgJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qgDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#gJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IgJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOgJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1gJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsgJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGgJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGgJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOgJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUgRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-gRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OgRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_gRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#gRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_ygRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CgRik van Riel 2-20050520B@- qemu device model for VMXT{_OgRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QgRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]gJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#gRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ gRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?gStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSgStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_gJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)kogDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]gJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']sgJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kgDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qgJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/gJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!gStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QgJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![gStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {ygRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQgStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQgStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ gJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YgJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{gJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIgJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswgJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=gJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOgJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsgJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsgBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IiegStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3gStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_igJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/gJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CgJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7gJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)gJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%gJeremy Katz - 3.0.2-28D,@- fix a typoYA_YgJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YgJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{gJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_ogJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_gJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_ggJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ gRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ gJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__gJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7gJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'gMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUgMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMgDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imgStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'gStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSgDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QgJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5gJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qgJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YgJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmgDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`UgDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]gDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^ygDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywgDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\ygDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7gDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyegDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIgDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_gDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMgDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqogDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+gJeremy Katz - 3.0.3-3E<- fix the buildJT]=gJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#gDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WgJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{gStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsgDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOiggStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmgDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MgJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}gDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisgStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1gRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOgDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SgDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{ggDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}gDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{gDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1gChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/gDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyogDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]gDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nygDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYgDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-gDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskgMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)gDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOgDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkgDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsggDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7gDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7gDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5gDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOgDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[gDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYgDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeAgGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAgGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ccigGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icugGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}cgGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchacegGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AgTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIgGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEgGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =gIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GgDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqgMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mgDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)gMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MgDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcgMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} gDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wgMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wgDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;gDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykgDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo gMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseygDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{gDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAgDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}yggDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYgDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMgDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[gDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWgDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_gMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)gMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Egjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmgMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m gMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)gMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mgMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5gMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIgMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%gDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWgMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%gMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mggMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c gGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csgGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/gJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)acegGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[gGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-gGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAgGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWgGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.gFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c gGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xcgGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{gMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOgMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCgMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mggMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m gMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KgMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msgMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-gMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mgMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mgMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGgMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;gMichael Young - 4.1.0-1M- update to 4.1.0 finalB3ygMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2gFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m gMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mgMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/mygMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}EgMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?TogMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYgMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQgMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3gMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPgFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoegMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNogMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{gMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLgMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!gMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!gMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;gMichael Young - 4.1.2-13OXA- fix a packaging error&HoagMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokgMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIgMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIgMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQgMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYgMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmgMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmgMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mgMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQgMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWgMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYgRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=gMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#gMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKgMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWgMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%gMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmgMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGgMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAgMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmgMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwgMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmgMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7gMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3gMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmagMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCgMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omagMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{gMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm gMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmgMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokgMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmgMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimigMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmigMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmagMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYygMichael Young P- correct disabling of xendomains.service on uninstall/emugMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkgMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm gMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'megMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGgMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;gMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mgMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;gMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIgMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m gMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGgMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-gMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcgMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1gMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9gMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCgRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xgFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SgMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcgMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWgMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWgMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mgMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCgRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGgRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCgRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.gFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1gMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmegRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAgMichael Young - 4.4.0-8S@- rebuild for ocaml update/mugMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mgMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)gFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[gMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/gMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%gMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-gMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m gMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWgMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOgMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcgMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYgMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUgMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEgMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/gMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=gMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%gMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGgMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"ogMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'gMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mgMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcgMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emagMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3gMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mgMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmggMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#gMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;mgMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{gMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?gMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mgMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]gMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;gRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5magMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mgMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3gMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCgRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1gFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_gMichael Young U- gcc 5 bug is fixed so remove workaroundl/omgMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}gMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGgMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAgMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7gMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=gMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}hRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_hRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_hRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UhRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_hRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_ShRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_EhRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_hRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_ihRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YhRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOhRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YhRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'hJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!hRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcghJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%hRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMhRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_hRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+hRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIyhRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;hRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7hCheA@- initial rpm release$@m_gMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oygMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>ogMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oagMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o gMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtwhBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Yh - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWqh - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYhBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowuhJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[qh - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmhJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAhJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqhDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#hJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIhJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOhJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1hJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfshJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGhJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGhJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOhJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUhRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-hRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OhRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__hRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#hRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_yhRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_ChRik van Riel 2-20050520B@- qemu device model for VMXT[_OhRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QhRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]hJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#hRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ hRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?hStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gShStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_hJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j kohDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]hJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]shJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtkhDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qhJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/hJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!hStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QhJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[hStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{yhRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQhStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QhStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ hJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YhJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{hJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIhJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywhJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=hJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOhJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvshJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswushBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)iehStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3hStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_ihJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/hJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_ChJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7hJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)hJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%hJeremy Katz - 3.0.2-28D,@- fix a typoY!_YhJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YhJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{hJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_ohJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._hJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_ghJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ hRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ hJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__hJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7hJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'hMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUhMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMhDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himhStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'hStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermShDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QhJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5hJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qhJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YhJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi kmhDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@UhDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]hDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>yhDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywhDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><yhDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7hDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yehDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIhDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_hDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMhDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qohDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+hJeremy Katz - 3.0.3-3E<- fix the buildJ4]=hJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#hDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WhJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{hStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0shDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/ighStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.ihStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mhDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MhJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}hDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*ishStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1hRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOhDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{ShDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{ghDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}hDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{hDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1hChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/hDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyohDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]hDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NyhDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYhDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-hDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKskhMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)hDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOhDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HkhDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGhDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7hDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7hDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5hDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOhDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[hDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AYhDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveAhGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAhGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctcihGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iscuhGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rchGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqcehGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[AhTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIhGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncEhGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =hIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GhDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqhMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mhDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)hMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MhDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwchMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} hDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewhMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{whDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;hDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobykhDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao hMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`yhDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{hDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAhDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yghDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYhDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMhDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[hDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyWhDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_hMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)hMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1Ehjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmhMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m hMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)hMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mhMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5hMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIhMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%hDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWhMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%hMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mghMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc hGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcshGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/hJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~cehGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[hGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-hGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAhGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWhGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.yhFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc hGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwchGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{hMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOhMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemChMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmghMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m hMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KhMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmshMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-hMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mhMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umhMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGhMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;hMichael Young - 4.1.0-1M- update to 4.1.0 finalByhMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdhFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm hMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmhMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1myhMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}EhMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4ohMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYhMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQhMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3hMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0hFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oehMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.ohMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{hMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,hMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!hMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!hMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;hMichael Young - 4.1.2-13OXA- fix a packaging error&(oahMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'okhMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIhMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIhMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQhMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYhMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mhMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mhMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mhMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQhMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWhMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYhRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=hMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#hMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKhMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWhMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%hMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mhMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGhMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAhMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mhMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwhMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmhMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7hMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3hMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmahMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmChMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmahMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{hMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm hMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmhMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKokhMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmhMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImihMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmihMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmahMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYyhMichael Young P- correct disabling of xendomains.service on uninstall/EmuhMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmkhMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm hMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emehMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGhMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;hMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmhMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;hMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIhMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m hMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGhMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-hMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mchMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1hMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9hMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmChRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XhFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}ShMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmchMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWhMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWhMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmhMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoChRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGhRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoChRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.thFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1hMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmehRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAhMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmuhMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omhMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nhFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[hMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/hMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%hMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-hMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim hMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWhMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOhMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmchMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYhMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUhMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mEhMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/hMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=hMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%hMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGhMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yohMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'hMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmhMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mchMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~mahMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3hMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mhMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mghMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#hMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mhMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{hMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?hMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmhMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]hMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;hRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%mahMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mhMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3hMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoChRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.hFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_hMichael Young U- gcc 5 bug is fixed so remove workaroundlomhMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}hMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGhMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAhMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7hMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=hMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}iRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_iRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_iRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UiRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_iRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SiRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EiRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_iRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._iiRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YiRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOiRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YiRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'iJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!iRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgiJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%iRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMiRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_iRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+iRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IyiRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;iRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7iCheA@- initial rpm release$ m_hMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyhMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wellohMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oahMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o hMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwiBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Yi - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqi - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYiBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwuiJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qi - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMiJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAiJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqiDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#iJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIIiJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOiJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1iJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsiJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGiJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGiJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOiJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUiRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-iRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OiRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_iRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#iRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_yiRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CiRik van Riel 2-20050520B@- qemu device model for VMXT;_OiRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QiRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]iJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#iRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ iRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?iStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSiStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_iJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikoiDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]iJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]siJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkiDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qiJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/iJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!iStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QiJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[iStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{yiRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QiStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QiStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ iJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YiJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{iJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwIiJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwiJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=iJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOiJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsiJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsiBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% ieiStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3iStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_iiJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/iJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CiJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7iJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)iJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%iJeremy Katz - 3.0.2-28D,@- fix a typoY_YiJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YiJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{iJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_oiJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_iJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_giJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ iRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ iJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__iJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7iJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'iMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUiMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMiDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimiStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'iStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSiDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QiJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5iJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qiJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YiJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmiDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UiDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]iDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNyiDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywiDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>yiDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7iDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yeiDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yIiDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_iDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMiDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqoiDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+iJeremy Katz - 3.0.3-3E<- fix the buildJ]=iJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#iDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WiJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{iStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@siDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigiStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<iiStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} miDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MiJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}iDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk isiStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81iRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOiDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SiDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{giDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}iDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{iDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1iChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/iDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yoiDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]iDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).yiDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYiDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-iDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skiMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)iDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOiDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kiDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'iDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7iDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7iDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5iDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OiDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[iDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YiDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAiGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAiGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTciiGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScuiGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RciGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQceiGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AiTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcIiGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEiGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =iIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GiDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqiMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}miDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)iMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MiDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwciMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} iDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwiMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wiDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;iDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykiDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo iMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@yiDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{iDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAiDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygiDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYiDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMiDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[iDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWiDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_iMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)iMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Eijkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmiMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm iMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)iMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmiMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5iMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmIiMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%iDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWiMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%iMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgiMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac iGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csiGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/iJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^ceiGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[iGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-iGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAiGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWiGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YiFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc iGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWciGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{iMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOiMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCiMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgiMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m iMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KiMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsiMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-iMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmiMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmiMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGiMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;iMichael Young - 4.1.0-1M- update to 4.1.0 finalBsyiMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdriFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm iMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmiMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omyiMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EiMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?oiMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYiMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQiMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3iMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startiFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oeiMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xoiMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{iMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B iMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!iMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!iMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;iMichael Young - 4.1.2-13OXA- fix a packaging error&oaiMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokiMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoIiMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmIiMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQiMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYiMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmiMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmiMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmiMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQiMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWiMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYiRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=iMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#iMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKiMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWiMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%iMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmiMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGiMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAiMichael Young - 4.1.3-5P~- rebuild for ocaml update~miMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwiMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64miMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7iMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3iMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1maiMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCiMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/maiMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{iMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m iMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,miMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okiMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*miMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)miiMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(miiMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'maiMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YyiMichael Young P- correct disabling of xendomains.service on uninstall/%muiMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkiMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m iMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmeiMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGiMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;iMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmiMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;iMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mIiMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m iMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGiMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-iMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mciMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1iMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9iMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCiRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8iFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SiMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mciMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWiMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWiMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmiMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCiRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGiRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCiRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TiFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1iMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmeiRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAiMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmuiMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmiMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NiFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[iMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/iMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%iMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-iMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm iMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWiMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOiMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmciMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYiMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUiMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEiMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/iMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=iMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%iMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGiMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yboiMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'iMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`miMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mciMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^maiMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3iMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\miMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgiMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#iMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{miMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{iMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?iMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmiMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]iMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;iRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umaiMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmiMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3iMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCiRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qiFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_iMichael Young U- gcc 5 bug is fixed so remove workaroundloomiMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}iMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGiMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAiMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7iMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=iMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}jRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_jRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_jRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UjRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_jRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SjRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EjRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_jRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_ijRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YjRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOjRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YjRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'jJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!jRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgjJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%jRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMjRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_jRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+jRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIyjRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;jRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7jCheA@- initial rpm release$m_iMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoyiMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~oiMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oaiMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o iMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wjBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Yj - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wqj - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wjJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YjBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wujJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qj - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-jJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AjJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qjDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#jJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)IjJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOjJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1jJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&sjJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGjJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGjJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOjJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUjRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-jRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OjRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_jRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#jRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_yjRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CjRik van Riel 2-20050520B@- qemu device model for VMXT_OjRik van Riel 2-20050519B- apply some VMX related bugfixesU_QjRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]jJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#jRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ jRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?jStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSjStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_jJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkojDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]jJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]sjJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFkjDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qjJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/jJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!jStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QjJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[jStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{yjRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QjStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QjStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ jJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YjJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{jJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wIjJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wjJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=jJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOjJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6sjJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5sjBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iiejStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3jStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_ijJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/jJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CjJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7jJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)jJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%jJeremy Katz - 3.0.2-28D,@- fix a typoYa_YjJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YjJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{jJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_ojJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_jJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gjJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ jRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ jJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__jJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7jJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'jMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUjMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMjDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimjStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'jStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSjDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QjJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5jJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qjJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YjJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmjDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUjDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]jDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~yjDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywjDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|yjDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7jDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyejDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyIjDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_jDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMjDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqojDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+jJeremy Katz - 3.0.3-3E<- fix the buildJt]=jJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#jDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WjJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{jStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psjDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoigjStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmjDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MjJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}jDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisjStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1jRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOjDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SjDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gjDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}jDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{jDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1jChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/jDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyojDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]jDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)yjDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYjDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-jDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m skjMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)jDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOjDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7kjDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsjDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7jDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7jDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5jDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOjDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[jDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YjDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAjGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAjGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4cijGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cujGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cjGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1cejGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AjTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cIjGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEjGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =jIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GjDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqjMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mjDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)jMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MjDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcjMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} jDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wjMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wjDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;jDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"ykjDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o jMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase yjDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{jDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAjDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygjDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYjDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMjDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[jDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWjDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_jMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)jMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Ejjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmjMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm jMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)jMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmjMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5jMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmIjMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%jDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWjMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%jMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgjMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc jGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csjGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/jJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>cejGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[jGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-jGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAjGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWjGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9jFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c jGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cjGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{jMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOjMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCjMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgjMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m jMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KjMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsjMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-jMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmjMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmjMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGjMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;jMichael Young - 4.1.0-1M- update to 4.1.0 finalBSyjMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRjFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm jMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmjMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmyjMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EjMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?tojMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYjMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQjMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3jMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpjFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooejMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnojMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{jMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BljMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!jMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!jMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;jMichael Young - 4.1.2-13OXA- fix a packaging error&hoajMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgokjMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoIjMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemIjMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQjMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYjMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmjMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamjMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mjMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQjMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWjMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYjRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=jMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#jMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKjMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWjMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%jMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmjMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGjMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAjMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmjMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwjMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mjMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7jMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3jMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%majMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCjMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%majMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{jMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m jMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mjMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk okjMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mjMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh mijMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)mijMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%majMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYyjMichael Young P- correct disabling of xendomains.service on uninstall/mujMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mkjMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym jMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%mejMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGjMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;jMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mjMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;jMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mIjMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m jMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGjMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-jMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcjMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1jMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9jMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCjRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.jFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SjMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcjMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWjMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWjMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mjMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCjRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGjRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCjRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4jFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1jMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2mejRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAjMichael Young - 4.4.0-8S@- rebuild for ocaml update/0mujMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mjMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).jFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[jMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/jMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%jMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-jMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m jMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWjMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOjMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcjMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYjMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUjMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEjMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/jMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=jMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%jMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGjMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBojMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'jMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mjMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcjMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>majMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3jMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mjMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgjMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#jMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mjMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{jMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?jMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmjMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]jMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;jRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmajMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmjMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3jMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCjRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QjFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_jMichael Young U- gcc 5 bug is fixed so remove workaroundlOomjMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}jMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGjMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAjMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7jMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=jMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}kRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_kRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_kRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UkRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_kRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SkRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EkRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_kRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_ikRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YkRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOkRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YkRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'kJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!kRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgkJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%kRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMkRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_kRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+kRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIykRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;kRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7kCheA@- initial rpm release$`m_jMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oyjMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^ojMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oajMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o jMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwkBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Yk - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqk - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<wkJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYkBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswukJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qk - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N kJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AkJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qkDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#kJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IkJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOkJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1kJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvskJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGkJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGkJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOkJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUkRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-kRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OkRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_kRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#kRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_ykRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CkRik van Riel 2-20050520B@- qemu device model for VMXT{_OkRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QkRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]kJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#kRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ kRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?kStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSkStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_kJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)kokDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]kJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']skJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&kkDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qkJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/kJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!kStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QkJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![kStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {ykRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQkStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQkStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ kJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YkJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{kJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIkJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswkJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=kJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOkJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zskJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswskBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IiekStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3kStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_ikJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/kJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CkJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7kJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)kJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%kJeremy Katz - 3.0.2-28D,@- fix a typoYA_YkJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YkJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{kJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_okJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_kJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_gkJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ kRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ kJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__kJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7kJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'kMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUkMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMkDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imkStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'kStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSkDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QkJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5kJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qkJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YkJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmkDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`UkDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]kDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^ykDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywkDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\ykDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7kDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyekDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIkDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_kDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMkDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqokDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+kJeremy Katz - 3.0.3-3E<- fix the buildJT]=kJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#kDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WkJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{kStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PskDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigkStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmkDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MkJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}kDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJiskStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1kRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOkDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SkDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{gkDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}kDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{kDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1kChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/kDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyokDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]kDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nykDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYkDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-kDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskkMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)kDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOkDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkkDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgkDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7kDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7kDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5kDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOkDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[kDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYkDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeAkGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAkGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ccikGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icukGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}ckGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchacekGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AkTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIkGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEkGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =kIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GkDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqkMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }mkDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)kMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MkDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwckMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} kDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):wkMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{wkDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;kDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykkDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo kMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseykDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{kDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAkDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygkDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYkDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMkDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[kDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWkDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_kMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)kMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Ekjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmkMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m kMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)kMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(mkMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5kMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIkMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%kDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWkMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%kMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgkMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c kGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h cskGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/kJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)acekGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[kGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-kGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAkGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWkGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.kFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c kGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xckGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{kMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOkMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCkMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgkMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m kMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KkMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9mskMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-kMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7mkMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6mkMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGkMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;kMichael Young - 4.1.0-1M- update to 4.1.0 finalB3ykMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2kFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m kMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0mkMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/mykMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}EkMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?TokMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYkMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQkMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3kMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPkFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoekMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNokMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{kMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLkMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!kMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!kMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;kMichael Young - 4.1.2-13OXA- fix a packaging error&HoakMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokkMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIkMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIkMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQkMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYkMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmkMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmkMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@mkMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQkMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWkMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYkRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=kMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#kMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKkMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWkMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%kMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmkMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGkMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAkMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmkMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwkMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmkMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7kMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3kMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmakMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCkMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omakMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{kMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm kMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmkMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokkMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmkMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimikMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmikMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmakMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYykMichael Young P- correct disabling of xendomains.service on uninstall/emukMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkkMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm kMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'mekMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGkMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;kMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]mkMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;kMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIkMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m kMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGkMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-kMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mckMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1kMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9kMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCkRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xkFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SkMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmckMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWkMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWkMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?mkMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCkRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGkRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCkRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.kFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1kMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmekRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAkMichael Young - 4.4.0-8S@- rebuild for ocaml update/mukMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=mkMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)kFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[kMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/kMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%kMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-kMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m kMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWkMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOkMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mckMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYkMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUkMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEkMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/kMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=kMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%kMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGkMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"okMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'kMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC mkMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mckMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emakMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3kMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|mkMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgkMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#kMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;mkMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{kMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?kMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8mkMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]kMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;kRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5makMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4mkMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3kMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCkRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1kFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_kMichael Young U- gcc 5 bug is fixed so remove workaroundl/omkMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}kMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGkMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAkMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7kMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=kMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8VkV_}lRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;U_lRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nT_lRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchS_UlRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyoR_lRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -WerrorQ_SlRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowP_ElRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlO_lRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"N_ilRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYM_YlRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVLcOlRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYK_YlRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvJI'lJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)Ic!lRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#HcglJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uGI%lRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted FIMlRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQEI_lRik van Riel A(@- upgrade to new snapshot of xen-unstablexDI+lRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotCIylRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileBI;lRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"A7lCheA@- initial rpm release$@m_kMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oykMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>okMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oakMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o kMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xtwlBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0Ws[Yl - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinarWql - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlpYlBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesowulJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cn[ql - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NmlJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt lAlJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:kqlDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel jw#lJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaiIlJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`hwOlJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQgw1lJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvfslJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZesGlJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZdsGlJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`cwOlJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`boUlRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHag-lRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T`_OlRik van Riel 2-20050823C - upgrade to today's Xen snapshot{__lRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again^_#lRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i]_ylRik van Riel 2-20050522B- change default display method for VMX domains to SDLN\_ClRik van Riel 2-20050520B@- qemu device model for VMXT[_OlRik van Riel 2-20050519B- apply some VMX related bugfixesUZ_QlRik van Riel 2-20050424Bl- upgrade to last night's snapshotQYI]lJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupX_#lRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3W_ lRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q& g?lStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ gSlStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[ ]_lJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j kolDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ]]lJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf]slJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtklDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e]qlJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD]/lJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)a!lStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U]QlJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej[lStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw{ylRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQlStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e~QlStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015}{ lJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g|{YlJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{{lJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^zwIlJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsywlJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Wxw=lJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawwOlJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zvslJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswuslBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%)ielStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc (i3lStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a'_ilJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackI&i/lJuan Quintela - 3.0.2-31Df- re-enable ia64.N%_ClJeremy Katz - 3.0.2-31DA- update to changeset 11405H$_7lJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64#_)lJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?"_%lJeremy Katz - 3.0.2-28D,@- fix a typoY!_YlJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer _YlJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{lJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%_olJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install)._lJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`_glJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst_ lRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4_ lJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label__lJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I_7lJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)i'lMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZeUlMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)mMlDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.himlStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include i'lStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works bettermSlDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV_QlJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)_5lJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d]qlJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X]YlJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi kmlDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q@UlDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev?]lDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN>ylDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u=ywlDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script><ylDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V;y7lDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-:yelDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^9yIlDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioni8y_lDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsa7yMlDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700m6qolDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA5]+lJeremy Katz - 3.0.3-3E<- fix the buildJ4]=lJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5H3q#lDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X2_WlJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygrubo1i{lStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@0slDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)e/iglStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<.ilStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}-mlDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S,_MlJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u+s}lDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk*islStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZX1lRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsaWyOlDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%V{SlDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnU{glDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zT{}lDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setupS{lDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)Rw1lChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993Qy/lDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqPyolDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)Oy]lDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)NylDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fMyYlDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowLy-lDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mKsklMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOJy)lDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"IyOlDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7HklDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsGlDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\F7lDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\E7lDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[D5lDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iCOlDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMuB[lDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4AYlDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPveAlGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.ucAlGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ctcilGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.isculGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}rclGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaqcelGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.Kp[AlTomas Mraz - 3.3.1-2Is- rebuild with new opensslSocIlGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.ncElGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.am =lIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^l{GlDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0ksqlMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrj}mlDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)iw)lMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbh}MlDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejgwclMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)f} lDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):ewlMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vd{wlDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatscy;lDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleobyklDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zao lMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase`ylDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8_y{lDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[^yAlDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm]yglDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf\yYlDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`[yMlDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewZ[lDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&YyWlDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$m_lMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) m)lMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8 1Eljkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k mmlMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz m lMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I m)lMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77mlMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationY5lMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXmIlMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsg%lDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild mWlMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsm%lMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(mglMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vc lGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.hcslGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/lJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a~celGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.}c[lGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).|c-lGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O{cAlGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.zcWlGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.ylFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5xc lGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xwclGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{lMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\mOlMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo filemClMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112gmglMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{m lMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta}KlMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynmslMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates m-lMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]mlMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6umlMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXmGlMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qm;lMichael Young - 4.1.0-1M- update to 4.1.0 finalBylMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdlFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzm lMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightmlMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1mylMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_5}ElMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?4olMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"3oYlMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)2oQlMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)O1o3lMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to start0lFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(/oelMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]x.olMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr-o{lMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B,lMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F+o!lMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF*o!lMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR)o;lMichael Young - 4.1.2-13OXA- fix a packaging error&(oalMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdj'oklMichael Young - 4.1.2-11ONA- put the systemd files back in the right place&oIlMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+X%mIlMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\$mQlMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`#mYlMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemd"mlMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]w!mlMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes mlMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pBmQlMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] AmWlMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`@mYlRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S?m=lMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)>m#lMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ=mKlMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_<mWlMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG;m%lMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)C:mlMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17X9mGlMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesT8mAlMichael Young - 4.1.3-5P~- rebuild for ocaml update~7mlMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)p6mwlMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6TmlMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)Sm7lMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)Rm3lMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%QmalMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)PmClMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%OmalMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rNm{lMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)yMm lMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208LmlMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskKoklMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xJmlMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhImilMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)HmilMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%GmalMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfFYylMichael Young P- correct disabling of xendomains.service on uninstall/EmulMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*DmklMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)yCm lMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'emelMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XdmGlMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)cm;lMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]bmlMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)am;lMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)`mIlMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);_m lMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)^oGlMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) ]m-lMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&\mclMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M[m1lMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]Zm9lMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UYmClRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.XlFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_RebuildeW}SlMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fVmclMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!UoWlMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`ymWlMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?xmlMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VwoClRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XvoGlRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VuoClRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.tlFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildso1lMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]frmelRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TqmAlMichael Young - 4.4.0-8S@- rebuild for ocaml update/pmulMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=omlMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)nlFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuildamm[lMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) lm/lMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized caseskm%lMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) jm-lMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyim lMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!hoWlMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\gmOlMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&fmclMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:` mYlMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64mUlMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)mElMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) m/lMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSm=lMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGm%lMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)oGlMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yolMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch o'lMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmCmlMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mclMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e~malMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)}m3lMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)||mlMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h{mglMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)zm#lMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?mlMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2m{lMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)m?lMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xmlMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cm]lMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qm;lRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%malMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)mlMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nm3lMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVoClRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.lFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYY_lMichael Young U- gcc 5 bug is fixed so remove workaroundlomlMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]us}lMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually oGlMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) mAlMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) m7lMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S m=lMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk6_}mRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;5_mRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n4_mRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch3_UmRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo2_mRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror1_SmRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now0_EmRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl/_mRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"._imRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY-_YmRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV,cOmRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY+_YmRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv*I'mJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org))c!mRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#(cgmJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.u'I%mRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted &IMmRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQ%I_mRik van Riel A(@- upgrade to new snapshot of xen-unstablex$I+mRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshot#IymRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec file"I;mRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"!7mCheA@- initial rpm release$ m_lMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoylMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as wellolMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&oalMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){o lMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xTwmBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0WS[Ym - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaRWqm - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705) - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlPYmBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placesOwumJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)cN[qm - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)NMmJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt LAmJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:KqmDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel Jw#mJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downaIImJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`HwOmJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQGw1mJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvFsmJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZEsGmJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZDsGmJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`CwOmJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`BoUmRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHAg-mRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T@_OmRik van Riel 2-20050823C - upgrade to today's Xen snapshot{?_mRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again>_#mRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i=_ymRik van Riel 2-20050522B- change default display method for VMX domains to SDLN<_CmRik van Riel 2-20050520B@- qemu device model for VMXT;_OmRik van Riel 2-20050519B- apply some VMX related bugfixesU:_QmRik van Riel 2-20050424Bl- upgrade to last night's snapshotQ9I]mJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup8_#mRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again37_ mRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&lg?mStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZkgSmStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[j]_mJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jikomDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZh]]mJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfg]smJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtfkmDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361ee]qmJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDd]/mJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)ca!mStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)Ub]QmJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accurateja[mStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw`{ymRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere_QmStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e^QmStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015]{ mJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g\{YmJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall[{mJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^ZwImJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugsYwmJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)WXw=mJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevaWwOmJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zVsmJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswUsmBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM% iemStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc i3mStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)a_imJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIi/mJuan Quintela - 3.0.2-31Df- re-enable ia64.N_CmJeremy Katz - 3.0.2-31DA- update to changeset 11405H_7mJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64_)mJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?_%mJeremy Katz - 3.0.2-28D,@- fix a typoY_YmJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer_YmJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj_{mJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%~_omJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).}_mJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`|_gmJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst{_ mRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4z_ mJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labely__mJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)Ix_7mJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)wi'mMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZveUmMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)umMmDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.htimmStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include si'mStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterrmSmDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVq_QmJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)p_5mJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)do]qmJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)Xn]YmJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installimkmmDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q UmDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]mDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethNymDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)uywmDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>ymDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)Vy7mDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-yemDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yImDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniy_mDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsayMmDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mqomDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballA]+mJeremy Katz - 3.0.3-3E<- fix the buildJ]=mJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hq#mDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)X_WmJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboi{mStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@smDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eigmStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633<imStephen C. Tweedie - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl} mmDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)S _MmJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)u s}mDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionk ismStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ81mRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsa7yOmDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%6{SmDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn5{gmDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z4{}mDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup3{mDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)2w1mChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-49931y/mDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsq0yomDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)/y]mDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581).ymDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f-yYmDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow,y-mDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m+skmMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO*y)mDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs")yOmDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7(kmDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug fails'mDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\&7mDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\%7mDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[$5mDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.i#OmDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu"[mDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4!YmDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPVeAmGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.UcAmGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.cTcimGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.iScumGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}RcmGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaQcemGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.KP[AmTomas Mraz - 3.3.1-2Is- rebuild with new opensslSOcImGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.NcEmGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.aM =mIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^L{GmDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0KsqmMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzrJ}mmDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921)Iw)mMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesbH}MmDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejGwcmMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)F} mDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):EwmMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)vD{wmDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsCy;mDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoBykmDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zAo mMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase@ymDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8?y{mDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[>yAmDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm=ygmDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf<yYmDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`;yMmDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew:[mDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&9yWmDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$nm_mMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) mm)mMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8l1Emjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kkmmmMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzjm mMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1Iim)mMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77hmmMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationgY5mMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXfmImMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemseg%mDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild dmWmMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelscm%mMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(bmgmMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vac mGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h`csmGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. _k/mJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a^cemGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.]c[mGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).\c-mGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O[cAmGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.ZcWmGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.YmFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5Xc mGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xWcmGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajrm{mMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\~mOmMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file}mCmMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g|mgmMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{{m mMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaz}KmMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynymsmMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates xm-mMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]wmmMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uvmmMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXumGmMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Qtm;mMichael Young - 4.1.0-1M- update to 4.1.0 finalBsymMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdrmFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildzqm mMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightpmmMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1omymMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_}EmMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?omMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"oYmMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)oQmMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oo3mMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startmFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(oemMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xomMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsr o{mMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)B mMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8F o!mMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierF o!mMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentR o;mMichael Young - 4.1.2-13OXA- fix a packaging error&oamMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjokmMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeoImMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XmImMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\mQmMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`mYmMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdmmMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wmmMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixesmmMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7p"mQmMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] !mWmMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch` mYmRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=mMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)m#mMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZmKmMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_mWmMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetGm%mMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CmmMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XmGmMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTmAmMichael Young - 4.1.3-5P~- rebuild for ocaml update~mmMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pmwmMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S64mmMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)3m7mMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)2m3mMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%1mamMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)0mCmMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%/mamMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)r.m{mMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y-m mMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208,mmMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk+okmMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x*mmMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh)mimMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)(mimMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%'mamMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtf&YymMichael Young P- correct disabling of xendomains.service on uninstall/%mumMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*$mkmMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)y#m mMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'EmemMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XDmGmMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)Cm;mMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]BmmMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)Am;mMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)@mImMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);?m mMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)>oGmMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) =m-mMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&<mcmMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M;m1mMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]:m9mMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)U9mCmRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.8mFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde7}SmMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86f6mcmMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!5oWmMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`YmWmMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?XmmMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VWoCmRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XVoGmRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VUoCmRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.TmFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildSo1mMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fRmemRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TQmAmMichael Young - 4.4.0-8S@- rebuild for ocaml update/PmumMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=OmmMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)NmFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildaMm[mMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) Lm/mMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized casesKm%mMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) Jm-mMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygrubyIm mMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!HoWmMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\GmOmMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&FmcmMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`imYmMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64hmUmMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)gmEmMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) fm/mMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSem=mMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGdm%mMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)coGmMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)ybomMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch ao'mMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC`mmMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&_mcmMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e^mamMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)]m3mMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|\mmMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h[mgmMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)Zm#mMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?{mmMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2zm{mMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)ym?mMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xxmmMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cwm]mMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Qvm;mRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%umamMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)tmmMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]Nsm3mMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVroCmRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.qmFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYpY_mMichael Young U- gcc 5 bug is fixed so remove workaroundloommMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uns}mMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallymoGmMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)lmAmMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)km7mMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)Sjm=mMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vk_}nRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;_nRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)n_nRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patch_UnRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyo_nRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werror_SnRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream now_EnRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchl_nRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"_inRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorY _YnRik van Riel 2-20050207B- upgrade to last night's Xen snapshotV cOnRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenY _YnRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotv I'nJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org) c!nRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#cgnJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.uI%nRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted IMnRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQI_nRik van Riel A(@- upgrade to new snapshot of xen-unstablexI+nRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotIynRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec fileI;nRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"7nCheA@- initial rpm release$m_mMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsqoymMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well~omMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&}oamMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){|o mMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&x4wnBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W3[Yn - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbina2Wqn - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<1wnJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itl0YnBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one places/wunJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c.[qn - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N-nJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt ,AnJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).:+qnDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel *w#nJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa)InJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`(wOnJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQ'w1nJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedv&snJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZ%sGnJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZ$sGnJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`#wOnJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`"oUnRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsH!g-nRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T _OnRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_nRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again_#nRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i_ynRik van Riel 2-20050522B- change default display method for VMX domains to SDLN_CnRik van Riel 2-20050520B@- qemu device model for VMXT_OnRik van Riel 2-20050519B- apply some VMX related bugfixesU_QnRik van Riel 2-20050424Bl- upgrade to last night's snapshotQI]nJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanup_#nRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3_ nRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&Lg?nStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZKgSnStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[J]_nJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)jIkonDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZH]]nJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherfG]snJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingtFknDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361eE]qnJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpDD]/nJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)Ca!nStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)UB]QnJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratejA[nStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw@{ynRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadere?QnStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022e>QnStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015={ nJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g<{YnJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall;{nJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^:wInJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugs9wnJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)W8w=nJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udeva7wOnJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)z6snJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changesw5snBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%iienStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc hi3nStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)ag_inJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIfi/nJuan Quintela - 3.0.2-31Df- re-enable ia64.Ne_CnJeremy Katz - 3.0.2-31DA- update to changeset 11405Hd_7nJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64c_)nJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?b_%nJeremy Katz - 3.0.2-28D,@- fix a typoYa_YnJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer`_YnJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj__{nJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%^_onJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).]_nJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`\_gnJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst[_ nRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4Z_ nJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux labelY__nJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)IX_7nJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)Wi'nMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZVeUnMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)UmMnDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.hTimnStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include Si'nStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works betterRmSnDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadVQ_QnJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)P_5nJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)dO]qnJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)XN]YnJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installiMkmnDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-qUnDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev]nDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN~ynDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u}ywnDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>|ynDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V{y7nDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-zyenDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^yyInDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptionixy_nDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsawyMnDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mvqonDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAu]+nJeremy Katz - 3.0.3-3E<- fix the buildJt]=nJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5Hsq#nDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)Xr_WnJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboqi{nStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@psnDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eoignStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}mmnDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)Sl_MnJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uks}nDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkjisnStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZ1nRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsayOnDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%{SnDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultn{gnDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)z{}nDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setup{nDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)w1nChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993y/nDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqyonDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)y]nDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)ynDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)f yYnDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcow y-nDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509m sknMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectO y)nDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs" yOnDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7knDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsnDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\7nDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\7nDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[5nDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.iOnDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMu[nDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4YnDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nP6eAnGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.5cAnGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.c4cinGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.i3cunGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}2cnGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArcha1cenGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K0[AnTomas Mraz - 3.3.1-2Is- rebuild with new opensslS/cInGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release..cEnGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a- =nIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^,{GnDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0+sqnMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr*}mnDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921))w)nMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb(}MnDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changej'wcnMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)&} nDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):%wnMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v${wnDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formats#y;nDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleo"yknDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)z!o nMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebase ynDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{nDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[yAnDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsmygnDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstfyYnDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`yMnDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasew[nDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yWnDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$Nm_nMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) Mm)nMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8L1Enjkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757kKmmnMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMzJm nMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1IIm)nMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77HmnMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org locationGY5nMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesXFmInMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problemsEg%nDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild DmWnMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernelsCm%nMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl(BmgnMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)vAc nGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h@csnGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. ?k/nJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)a>cenGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.=c[nGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).<c-nGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.O;cAnGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.:cWnGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.9nFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild58c nGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.x7cnGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr_m{nMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\^mOnMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file]mCnMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g\mgnMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{[m nMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guestaZ}KnMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalitynYmsnMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates Xm-nMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]WmnMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6uVmnMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchXUmGnMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.QTm;nMichael Young - 4.1.0-1M- update to 4.1.0 finalBSynMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogdRnFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_RebuildzQm nMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies rightPmnMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1OmynMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_u}EnMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?tonMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"soYnMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)roQnMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)Oqo3nMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startpnFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(ooenMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xnonMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrmo{nMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BlnMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8Fko!nMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFjo!nMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRio;nMichael Young - 4.1.2-13OXA- fix a packaging error&hoanMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjgoknMichael Young - 4.1.2-11ONA- put the systemd files back in the right placefoInMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XemInMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\dmQnMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`cmYnMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdbmnMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wamnMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes`mnMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pmQnMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] mWnMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch`mYnRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).Sm=nMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)~m#nMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ}mKnMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_|mWnMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG{m%nMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CzmnMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XymGnMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTxmAnMichael Young - 4.1.3-5P~- rebuild for ocaml update~wmnMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pvmwnMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6mnMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)m7nMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)m3nMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%manMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)mCnMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%manMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rm{nMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)y m nMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208 mnMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imagesk oknMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]x mnMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashh minMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)minMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%manMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtfYynMichael Young P- correct disabling of xendomains.service on uninstall/munMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*mknMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ym nMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'%menMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)X$mGnMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)#m;nMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]"mnMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)!m;nMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) mInMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m nMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)oGnMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) m-nMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&mcnMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]Mm1nMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]m9nMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UmCnRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.nFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuilde}SnMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fmcnMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!oWnMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`9mWnMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?8mnMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0V7oCnRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.X6oGnRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.V5oCnRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.4nFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild3o1nMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]f2menRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.T1mAnMichael Young - 4.4.0-8S@- rebuild for ocaml update/0munMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=/mnMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583).nFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda-m[nMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) ,m/nMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases+m%nMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) *m-nMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby)m nMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!(oWnMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\'mOnMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&&mcnMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`ImYnMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64HmUnMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)GmEnMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) Fm/nMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchSEm=nMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsGDm%nMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)CoGnMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)yBonMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch Ao'nMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC@mnMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&?mcnMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)e>manMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)=m3nMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|<mnMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)h;mgnMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738):m#nMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?[mnMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2Zm{nMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)Ym?nMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]xXmnMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)cWm]nMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)QVm;nRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%UmanMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)TmnMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]NSm3nMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesVRoCnRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.QnFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildYPY_nMichael Young U- gcc 5 bug is fixed so remove workaroundlOomnMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]uNs}nMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manuallyMoGnMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)LmAnMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)Km7nMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)SJm=nMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) VO  b ],8Vkv_}oRik van Riel 2-20050331BK@- upgrade to new xen hypervisor - minor gcc4 compile fix;u_oRik van Riel 2-20050328BG- do not yet upgrade to new hypervisor ;) - add barrier to fix SMP boot bug - add tags target - add zlib-devel build requires (#150952)nt_oRik van Riel 2-20050308B.@- upgrade to last night's snapshot - new compile fix patchs_UoRik van Riel 2-20050305B*- the gcc4 compile patches are now upstream - upgrade to last night's snapshot, drop patches locallyor_oRik van Riel 2-20050303B(M- finally got everything to compile with gcc4 -Wall -Werrorq_SoRik van Riel 2-20050303B&@- upgrade to last night's Xen-unstable snapshot - drop printf warnings patch, which is upstream nowp_EoRik van Riel 2-20050222Bp@- upgraded to last night's Xen snapshot - compile warning fixes are now upstream, drop patchlo_oRik van Riel 2-20050219B*@- fix more compile warnings - fix the fwrite return check"n_ioRik van Riel 2-20050218B- upgrade to last night's Xen snapshot - a kernel upgrade is needed to run this Xen, the hypervisor interface changed slightly - comment out unused debugging function in plan9 domain builder that was giving compile errors with -WerrorYm_YoRik van Riel 2-20050207B- upgrade to last night's Xen snapshotVlcOoRik van Riel 2-20050201.1AoA- move everything to /var/lib/xenYk_YoRik van Riel 2-20050201Ao@- upgrade to new upstream Xen snapshotvjI'oJeremy Katz A4- add buildreqs on python-devel and xorg-x11-devel (strange AT nsk.no-ip.org)ic!oRik van Riel - 2-20050124A@- fix /etc/xen/scripts/network to not break with ipv6 (also sent upstream)#hcgoJeremy Katz - 2-20050114A@- update to new snap - python-twisted is its own package now - files are in /usr/lib/python now as well, ugh.ugI%oRik van Riel A- add segment fixup patch from xen tree - fix %files list for python-twisted fIMoRik van Riel An@- grab newer snapshot, that does start up - add /var/xen/xend-db/{domain,vnet} to %files sectionQeI_oRik van Riel A(@- upgrade to new snapshot of xen-unstablexdI+oRik van Riel A@- build python-twisted as a subpackage - update to latest upstream Xen snapshotcIyoRik van Riel A@- grab new Xen tarball (with wednesday's patch already included) - transfig is a buildrequire, add it to the spec filebI;oRik van Riel AA- fix up Che's spec file a little bit - create patch to build just Xen, not the kernels"a7oCheA@- initial rpm release$`m_nMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq_oynMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well^onMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&]oanMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){\o nMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792) H >  } % 1Y;G&xwoBill Nottingham 3.0-0.20060130.fc5.2CQA- use the default network device, don't hardcode eth0W[Yo - 3.0-0.20060130.fc5.1CQ@- Add xenguest-install.py in /usr/sbinaWqo - 3.0-0.20060130.fc5C- Update to xen-unstable from 20060130 (cset 8705)<woJeremy Katz - 3.0-0.20060110.fc5.5Ch@- buildrequire dev86 so that vmx firmware gets built - include a copy of libvncserver and build vmx device models against itlYoBill Nottingham - 3.0-0.20060110.fc5.4C- only put the udev rules in one placeswuoJeremy Katz - 3.0-0.20060110.fc5.3C- move xsls to xenstore-ls to not conflict (#171863)c[qo - 3.0-0.20060110.fc5.1Cá- Update to xen-unstable from 20060110 (cset 8526)N oJesse Keating - 3.0-0.20051206.fc5.2C@- rebuilt AoJuan Quintela - 3.0-0.20051206.fc5.1C}@- 20051206 version (should be 3.0.0). - Remove xen-bootloader fixes (integrated upstream).: qoDaniel Veillard - 3.0-0.20051109.fc5.4C@- adding missing headers for libxenctrl and libxenstore - use libX11-devel build require instead of xorg-x11-devel w#oJeremy Katz - 3.0-0.20051109.fc5.3Cx|@- change default dom0 min-mem to 256M so that dom0 will try to balloon downa IoJeremy Katz Cu@- buildrequire ncurses-devel (reported by Justin Dearing)`wOoJeremy Katz - 3.0-0.20051109.fc5.2Cs6@- actually enable the initscriptsQw1oJeremy Katz - 3.0-0.20051109.fc5.1Cq- udev rules movedvsoJeremy Katz - 3.0-0.20051109.fc5Cq- update to current -unstable - add patches to fix pygrubZsGoJeremy Katz - 3.0-0.20051108.fc5Cq- update to current -unstableZsGoJeremy Katz - 3.0-0.20051021.fc5CX@- update to current -unstable`wOoJeremy Katz - 3.0-0.20050912.fc5.1C)b@- doesn't require twisted anymore`oUoRik van Riel 3.0-0.20050912.fc5C%m- add /var/{lib,run}/xenstored to the %files section (#167496, #167121) - upgrade to today's Xen snapshot - some small build fixes for x86_64 - enable x86_64 buildsHg-oRik van Riel 3.0-0.20050908C '- explicitly call /usr/sbin/xend from initscript (#167407) - add xenstored directories to spec file (#167496, #167121) - misc gcc4 fixes - spec file cleanups (#161191) - upgrade to today's Xen snapshot - change the version to 3.0-0. (real 3.0 release will be 3.0-1)T_OoRik van Riel 2-20050823C - upgrade to today's Xen snapshot{_oRik van Riel 2-20050726C- upgrade to a known-working newer Xen, now that execshield works again~_#oRik van Riel 2-20050530B@- create /var/lib/xen/xen-db/migrate directory so "xm save" works (#158895)i}_yoRik van Riel 2-20050522B- change default display method for VMX domains to SDLN|_CoRik van Riel 2-20050520B@- qemu device model for VMXT{_OoRik van Riel 2-20050519B- apply some VMX related bugfixesUz_QoRik van Riel 2-20050424Bl- upgrade to last night's snapshotQyI]oJeremy Katz B_- patch manpath instead of moving in specfile. patch sent upstream - install to native python path instead of /usr/lib/python - other misc specfile duplication cleanupx_#oRik van Riel 2-20050403BO- fix context switch between vcpus in same domain, vcpus > cpus works again3w_ oRik van Riel 2-20050402BN@- move initscripts to /etc/rc.d/init.d (Florian La Roche) (#153188) - ship only PDF documentation, not the PS or tex duplicates  ; X d ]E|Q&,g?oStephen C. Tweedie - 3.0.2-6D- Add BuildRequires: for gnu/stubs-32.h so that x86_64 builds pick up glibc32 correctlyZ+gSoStephen C. Tweedie - 3.0.2-5D- Rebase to xen-unstable cset 10278[*]_oJeremy Katz - 3.0.2-4D[>@- update to new snapshot (changeset 9925)j)kooDaniel Veillard - 3.0.2-3DP@- xen.h now requires xen-compat.h, install it tooZ(]]oJeremy Katz - 3.0.2-2DO`- -m64 patch isn't needed anymore eitherf']soJeremy Katz - 3.0.2-1DN@- update to post 3.0.2 snapshot (changeset: 9744:1ad06bd6832d) - stop applying patches that are upstreamed - add patches for bootloader to run on all domain creations - make xenguest-install create a persistent uuid - use libvirt for domain creation in xenguest-install, slightly improve error handlingt&koDaniel Veillard - 3.0.1-5DD- augment the close on exec patch with the fix for #188361e%]qoJeremy Katz - 3.0.1-4D- add udev rule so that /dev/xen/evtchn gets created properly - make pygrub not use /tmp for SELinux - make xenguest-install actually unmount its nfs share. also, don't use /tmpD$]/oJeremy Katz - 3.0.1-3D u- set /proc/xen/privcmd and /var/log/xend-debug.log as close on exec to avoid SELinux problems - give better feedback on invalid urls (#184176)#a!oStephen Tweedie - 3.0.1-2D $A- Use kva mmap to find the xenstore page (upstream xen-unstable cset 9130)U"]QoJeremy Katz - 3.0.1-1D $@- fix xenguest-install so that it uses phy: for block devices instead of forcing them over loopback. - change package versioning to be a little more accuratej![oStephen Tweedie - 3.0.1-0.20060301.fc5.3DA- Remove unneeded CFLAGS spec file hackw {yoRik van Riel - 3.0.1-0.20060301.fc5.2D@- fix 64 bit CFLAGS issue with vmxloader and hvmloadereQoStephen Tweedie - 3.0.1-0.20060301.fc5.1D- Update to xen-unstable cset 9022eQoStephen Tweedie - 3.0.1-0.20060228.fc5.1D;@- Update to xen-unstable cset 9015{ oJeremy Katz - 3.0.1-0.20060208.fc5.3C- add patch to ensure we get a unique fifo for boot loader (#182328) - don't try to read the whole disk if we can't find a partition table with pygrub - fix restarting of domains (#179677)g{YoJeremy Katz - 3.0.1-0.20060208.fc5.2C.- fix -h conflict for xenguest-isntall{oJeremy Katz - 3.0.1-0.20060208.fc5.1CA- turn on http listener so you can do things with libvir as a user^wIoJeremy Katz - 3.0.1-0.20060208.fc5C@- update to current hg snapshot for HVM support - update xenguest-install for hvm changes. allow hvm on svm hardware - fix a few little xenguest-install bugswoJeremy Katz - 3.0-0.20060130.fc5.6C- add a hack to fix VMX guests with video to balloon enough (#180375)Ww=oJeremy Katz - 3.0-0.20060130.fc5.5C- fix build for new udevawOoJeremy Katz - 3.0-0.20060130.fc5.4C- patch from David Lutterkort to pass macaddr (-m) to xenguest-install - rework xenguest-install a bit so that it can be used for creating fully-virtualized guests as well as paravirt. Run with --help for more details (or follow the prompts) - add more docs (noticed by Andrew Puch)zsoJesse Keating - 3.0-0.20060130.fc5.3.1C- rebuilt for new gcc4.1 snapshot and glibc changeswsoBill Nottingham 3.0-0.20060130.fc5.3C@- disable iptables/ip6tables/arptables on bridging when bringing up a Xen bridge. If complicated filtering is needed that uses this, custom firewalls will be needed. (#177794) 7B g M O T# bU.CM%IieoStephen C. Tweedie - 3.0.2-35E-A- Don't strip qemu-dm early, so that we get proper debuginfo (danpb) - Fix compile problem with latest glibc Hi3oStephen C. Tweedie - 3.0.2-34E-@- Update to xen-unstable changeset 11539 - Threading fixes for libVNCserver (danpb)aG_ioJeremy Katz - 3.0.2-33Df- update pvfb patch based on upstream feedbackIFi/oJuan Quintela - 3.0.2-31Df- re-enable ia64.NE_CoJeremy Katz - 3.0.2-31DA- update to changeset 11405HD_7oJeremy Katz - 3.0.2-30D@- fix pvfb for x86_64C_)oJeremy Katz - 3.0.2-29D}- update libvncserver to hopefully fix problems with vnc clients disconnecting?B_%oJeremy Katz - 3.0.2-28D,@- fix a typoYA_YoJeremy Katz - 3.0.2-27D- add support for paravirt framebuffer@_YoJeremy Katz - 3.0.2-26D- update to xen-unstable cs 11251 - clean up patches some - disable ia64 as it doesn't currently buildj?_{oJeremy Katz - 3.0.2-25D- make initscript not spew on non-xen kernels (#202945)%>_ooJeremy Katz - 3.0.2-24D@- remove copy of xenguest-install from this package, require python-xeninst (the new home of xenguest-install).=_oJeremy Katz - 3.0.2-23DГ- add patch to fix rtl8139 in FV, switch it back to the default nic - add necessary ia64 patches (#201040) - build on ia64`<_goJeremy Katz - 3.0.2-22DB- add patch to fix net devices for HVM guestst;_ oRik van Riel - 3.0.2-21DA- make sure disk IO from HVM guests actually hits disk (#198851)4:_ oJeremy Katz - 3.0.2-20D@- don't start blktapctrl for now - fix HVM guest creation in xenguest-install - make sure log files have the right SELinux label9__oJeremy Katz - 3.0.2-19D- fix libblktap symlinks (#199820) - make libxenstore executable (#197316) - version libxenstore (markmc)I8_7oJeremy Katz - 3.0.2-18D- include /var/xen/dump in file list - load blkbk, netbk and netloop when xend starts - update to cs 10712 - avoid file conflicts with qemu (#199759)7i'oMark McLoughlin - 3.0.2-17D- libxenstore is unversioned, so make xen-libs own it rather than xen-develZ6eUoMark McLoughlin 3.0.2-16D- Fix network-bridge error (#199414)5mMoDaniel Veillard - 3.0.2-15D{- desactivating the relocation server in xend conf by default and add a warning text about it.h4imoStephen C. Tweedie - 3.0.2-14D5- Compile fix: don't #include 3i'oStephen C. Tweedie - 3.0.2-13D5- Update to xen-unstable cset 10675 - Remove internal libvncserver build, new qemu device model has its own one now. - Change default FV NIC model from rtl8139 to ne2k_pci until the former works better2mSoDaniel Veillard - 3.0.2-12D- bump libvirt requires to 0.1.2 - drop xend httpd localhost server and use the unix socket insteadV1_QoJeremy Katz - 3.0.2-11DA@- split into main packages + -libs and -devel subpackages for #198260 - add patch from jfautley to allow specifying other bridge for xenguest-install (#198097)0_5oJeremy Katz - 3.0.2-10D- make xenguest-install work with relative paths to disk images (markmc, #197518)d/]qoJeremy Katz - 3.0.2-9D- own /var/run/xend for selinux (#196456, #195952)X.]YoJeremy Katz - 3.0.2-8D- fix syntax error in xenguest-installi-kmoDaniel Veillard - 3.0.2-7DW@- more initscript patch to report status #184452  ] 40J{+(-q`UoDaniel P. Berrange - 3.0.5-0.rc2.14889.2.fc7F-A- Fixed vfb/vkbd device startup racev_]oDaniel P. Berrange - 3.0.5-0.rc2.14889.1.fc7F-@- Updated to xen 3.0.5 rc2, changeset 14889 - Remove use of netloop from network-bridge script - Add backcompat support to vif-bridge script to translate xenbrN to ethN^yoDaniel P. Berrange - 3.0.4-9.fc7E- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)u]ywoDaniel P. Berrange - 3.0.4-8.fc7EW- Close QEMU file handles when running network script>\yoDaniel P. Berrange - 3.0.4-7.fc7E- Fix interaction of bootloader with blktap (bz 230702) - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)V[y7oDaniel P. Berrange - 3.0.4-6.fc7E- Setup readonly loop devices for readonly disks - Extended error reporting for hotplug scripts - Pass all 8 mouse buttons from VNC through to kernel-ZyeoDaniel P. Berrange - 3.0.4-5.fc7E3A- Don't run the pvfb daemons for HVM guests (bz 225413) - Fix handling of vnclisten parameter for HVM guests^YyIoDaniel P. Berrange - 3.0.4-4.fc7E3@- Fix pygrub memory corruptioniXy_oDaniel P. Berrange - 3.0.4-3.fc7E- Added PVFB back compat for FC5/6 guestsaWyMoDaniel P. Berrange - 3.0.4-2.fc7E@- Ensure the arch-x86 header files are included in xen-devel package - Bring back patch to move /var/xen/dump to /var/lib/xen/dump - Make /var/log/xen mode 0700mVqooDaniel P. Berrange - 3.0.4-1E&- Upgrade to official xen-3.0.4_1 release tarballAU]+oJeremy Katz - 3.0.3-3E<- fix the buildJT]=oJeremy Katz - 3.0.3-2Ex@- rebuild for python 2.5HSq#oDaniel P. Berrange - 3.0.3-1E>@- Pull in the official 3.0.3 tarball of xen (changeset 11774). - Add patches for VNC password authentication (bz 203196) - Switch /etc/xen directory to be mode 0700 because the config files can contain plain text passwords (bz 203196) - Change the package dependency to python-virtinst to reflect the package name change. - Fix str-2-int cast of VNC port for paravirt framebuffer (bz 211193)XR_WoJeremy Katz - 3.0.2-44E#A- fix having "many" kernels in pygruboQi{oStephen C. Tweedie - 3.0.2-43E#@- Fix SMBIOS tables for SVM guests [danpb] (bug 207501)@PsoDaniel P. Berrange - 3.0.2-42E - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by 'vnclisten' parameter (bz 203196)eOigoStephen C. Tweedie - 3.0.2-41EA- Update to xen-3.0.3-testing changeset 11633 - 3.0.2-40E@- Workaround blktap/xenstore startup race - Add udev rules for xen blktap devices (srostedt) - Add support for dynamic blktap device nodes (srostedt) - Fixes for infinite dom0 cpu usage with blktap - Fix xm not to die on malformed "tap:" blkif config string - Enable blktap on kernels without epoll-for-aio support. - Load the blktap module automatically at startup - Reenable blktapctrl}MmoDaniel Berrange - 3.0.2-39Eg- Disable paravirt framebuffer server side rendered cursor (bz 206313) - Ignore SIGPIPE in paravirt framebuffer daemon to avoid terminating on client disconnects while writing data (bz 208025)SL_MoJeremy Katz - 3.0.2-38Eg- Fix cursor in pygrub (#208041)uKs}oDaniel P. Berrange - 3.0.2-37E@- Removed obsolete scary warnings in package descriptionkJisoStephen C. Tweedie - 3.0.2-36E~- Add Requires: kpartx for dom0 access to domU data GGM _ @ GsK?%& GZx1oRelease Engineering - 3.1.2-2.fc9GY5- Rebuild for depsawyOoDaniel P. Berrange - 3.1.2-1.fc9GQL- Upgrade to 3.1.2 bugfix release%v{SoDaniel P. Berrange - 3.1.0-14.fc9G,b- Disable network-bridge script since it conflicts with NetworkManager which is now on by defaultnu{goDaniel P. Berrange - 3.1.0-13.fc9G!- Fixed xenbaked tmpfile flaw (CVE-2007-3919)zt{}oDaniel P. Berrange - 3.1.0-12.fc8G - Pull in QEMU BIOS boot menu patch from KVM package - Fix QEMU patch for locating x509 certificates based on command line args - Add XenD config options for TLS x509 certificate setups{oDaniel P. Berrange - 3.1.0-11.fc8FI- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)rw1oChris Lalancette - 3.1.0-10.fc8FI- QEmu NE2000 overflow check - CVE-2007-1321 - Pygrub guest escape - CVE-2007-4993qy/oDaniel P. Berrange - 3.1.0-9.fc8F- Fix generation of manual pages (rhbz #250791) - Really fix FC-6 32-on-64 guestsqpyooDaniel P. Berrange - 3.1.0-8.fc8F- Make 32-bit FC-6 guest PVFB work on x86_64 host)oy]oDaniel P. Berrange - 3.1.0-7.fc8F- Re-add support for back-compat FC6 PVFB support - Fix handling of explicit port numbers (rhbz #279581)nyoDaniel P. Berrange - 3.1.0-6.fc8F@- Don't clobber the VIF type attribute in FV guests (rhbz #296061)fmyYoDaniel P. Berrange - 3.1.0-5.fc8FA- Added dep on openssl for blktap-qcowly-oDaniel P. Berrange - 3.1.0-4.fc8F@- Switch PVFB over to use QEMU - Backport QEMU VNC security patches for TLS/x509mkskoMarkus Armbruster - 3.1.0-3.fc8Fu- Put guest's native protocol ABI into xenstore, to provide for older kernels running 32-on-64. - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnectOjy)oDaniel P. Berrange - 3.1.0-2.fc8Fn- Remove patch which kills VNC monitor - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp - Don't spawn a bogus xen-vncfb daemon for HVM guests - Add persistent logging of hypervisor & guest consoles - Add /etc/sysconfig/xen to allow admin choice of logging options - Re-write Xen startup to use standard init script functions - Add logrotate configuration for all xen related logs"iyOoDaniel P. Berrange - 3.1.0-1.fc8FV- Updated to official 3.1.0 tar.gz - Fixed data corruption from VNC client disconnect (bz 241303)7hkoDaniel P. Berrange - 3.1.0-0.rc7.2.fc7FLC- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406) - Tear down guest if device hotplug failsgoDaniel P. Berrange - 3.1.0-0.rc7.1.fc7F9- Updated to 3.1.0 rc7, changeset 15021 (upstream renumbered from 3.0.5)\f7oDaniel P. Berrange - 3.0.5-0.rc4.4.fc7F7+- Fix op_save RPC API\e7oDaniel P. Berrange - 3.0.5-0.rc4.3.fc7F5B- Added BR on gettext[d5oDaniel P. Berrange - 3.0.5-0.rc4.2.fc7F5A- Redo failed build.icOoDaniel P. Berrange - 3.0.5-0.rc4.1.fc7F5@- Updated to 3.0.5 rc4, changeset 14993 - Reduce number of xenstore transactions used for listing domains - Hack to pre-balloon 2 MB for PV guests as well as HVMub[oDaniel P. Berrange - 3.0.5-0.rc3.14934.2.fc7F0A- Fixed display of bootloader menu with xm create -c - Added modprobe for both xenblktap & blktap to deal with rename issues - Hack to pre-balloon 10 MB for HVM guests4aYoDaniel P. Berrange - 3.0.5-0.rc3.14934.1.fc7F0@- Updated to 3.0.5 rc3, changeset 14934 - Fixed networking for service xend restart & minor IPv6 tweak nUv u m'SJ37,>nPeAoGerd Hoffmann - 3.3.1-11IV@- fix python 2.6 warnings.cAoGerd Hoffmann - 3.3.1-9I@- fix xen.modules init script for pv_ops kernel. - stick rpm release tag into XEN_VENDORVERSION. - use i386 i486 i586 i686 pentium3 pentium4 athlon geode macro in ExclusiveArch. - keep blktapctrl turned off by default.ccioGerd Hoffmann - 3.3.1-7I@- fix xenstored init script for pv_ops kernel.icuoGerd Hoffmann - 3.3.1-6I- fix xenstored crash. - backport qemu-unplug patch.}coGerd Hoffmann - 3.3.1-5I@- fix gcc44 build (broken constrain in inline asm). - fix ExclusiveArchaceoGerd Hoffmann - 3.3.1-3I1- backport bzImage support for dom0 builder.K[AoTomas Mraz - 3.3.1-2Is- rebuild with new opensslScIoGerd Hoffmann - 3.3.1-1Ie- update to xen 3.3.1 release.cEoGerd Hoffmann - 3.3.0-2IH- build and package stub domains (pvgrub, ioemu). - backport unstable fixes for pv_ops dom0.a  =oIgnacio Vazquez-Abrams - 3.3.0-1.1I1.- Rebuild for Python 2.6^ {GoDaniel P. Berrange - 3.3.0-1.fc10H- Update to xen 3.3.0 release0 sqoMark McLoughlin - 3.2.0-17.fc10H@- Enable xen-hypervisor build - Backport support for booting DomU from bzImage - Re-diff all patches for zero fuzzr }moDaniel P. Berrange - 3.2.0-16.fc10Ht@- Remove bogus ia64 hypercall arg (rhbz #433921) w)oMarkus Armbruster - 3.2.0-15.fc10Hd@- Re-enable QEMU image format auto-detection, without the security loopholesb}MoDaniel P. Berrange - 3.2.0-14.fc10Hb3@- Rebuild for GNU TLS ABI changejwcoMarkus Armbruster - 3.2.0-13.fc10HRa@- Correctly limit PVFB size (CVE-2008-1952)} oDaniel P. Berrange - 3.2.0-12.fc10HE2@- Move /var/run/xend into xen-runtime for pygrub (rhbz #442052):woMarkus Armbruster - 3.2.0-11.fc10H*@- Disable QEMU image format auto-detection (CVE-2008-2004) - Fix PVFB to validate frame buffer description (CVE-2008-1943)v{woDaniel P. Berrange - 3.2.0-10.fc9GP- Fix block device checks for extendable disk formatsy;oDaniel P. Berrange - 3.2.0-9.fc9GP- Let XenD setup QEMU logfile (rhbz #435164) - Fix PVFB use of event channel filehandleoykoDaniel P. Berrange - 3.2.0-8.fc9G - Fix block device extents check (rhbz #433560)zo oMark McLoughlin - 3.2.0-7.fc9Gs@- Restore some network-bridge patches lost during 3.2.0 rebaseyoDaniel P. Berrange - 3.2.0-6.fc9G@- Fixed xenstore-ls to automatically use xenstored socket as needed8y{oDaniel P. Berrange - 3.2.0-5.fc9G- Fix timer mode parameter handling for HVM - Temporarily disable all Latex docs due to texlive problems (rhbz #431327)[~yAoDaniel P. Berrange - 3.2.0-4.fc9G - Add a xen-runtime subpackage to allow use of Xen without XenD - Split init script out to one script per daemon - Remove unused / broken / obsolete toolsm}ygoDaniel P. Berrange - 3.2.0-3.fc9GA- Remove legacy dependancy on python-virtinstf|yYoDaniel P. Berrange - 3.2.0-2.fc9G@- Added XSM header files to -devel RPM`{yMoDaniel P. Berrange - 3.2.0-1.fc9G- Updated to 3.2.0 final releasewz[oDaniel P. Berrange - 3.2.0-0.fc9.rc5.dev16701.1G- Rebase to Xen 3.2 rc5 changeset 16701&yyWoDaniel P. Berrange - 3.1.2-3.fc9Ga- Re-factor to make it easier to test dev trees in RPMs - Include hypervisor build if doing a dev RPM 0 =   5 Wr,`p4$.m_oMichael Young - 4.0.1-6LM- add upstream xen patch xen.8259afix.patch to fix boot panic "IO-APIC + timer doesn't work!" (#642108) -m)oMichael Young - 4.0.1-5L@- add ext4 support for pvgrub (grub-ext4-support.patch from grub-0.97-66.fc14)8,1Eojkeating - 4.0.1-4L*@- Rebuilt for gcc bug 634757k+mmoMichael Young - 4.0.1-3L- create symlink for qemu-dm on x86_64 for compatibility with 3.4 - apply some patches destined for 4.0.2 add some irq fixes disable xsave which causes problems for HVMz*m oMichael Young - 4.0.1-2LzK- fix compile problems on Fedora 15, I suspect due to gcc 4.5.1I)m)oMichael Young - 4.0.1-1Lu- update to 4.0.1 release - many bug fixes - xen-dev-create-cleanup.patch no longer needed - remove part of localgcc45fix.patch no longer needed - package new files /etc/bash_completion.d/xl.sh and /usr/sbin/gdbsx - add patch to get xm and xend working with python 2.77(moMichael Young - 4.0.0-5LV@- add newer module names and xen-gntdev to xen.modules - Update dom0-kernel.repo file to use repos.fedorapeople.org location'Y5oMichael Young LMx- create a xen-licenses package to satisfy revised the Fedora Licensing GuidelinesX&mIoMichael Young - 4.0.0-4LL'@- fix gcc 4.5 compile problems%g%oDavid Malcolm - 4.0.0-3LH2- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild $mWoMichael Young - 4.0.0-2L- add patch to remove some old device creation code that doesn't work with the latest pvops kernels#m%oMichael Young - 4.0.0-1L @- update to 4.0.0 release - rebase xen-initscript.patch and xen-dumpdir.patch patches - adjust spec file for files added to or removed from the packages - add new build dependencies libuuid-devel and iasl("mgoMichael Young - 3.4.3-1L@- update to 3.4.3 release including support for latest pv_ops kernels (possibly incomplete) should fix build problems (#565063) and crashes (#545307) - replace Prereq: with Requires: in spec file - drop static libraries (#556101)v!c oGerd Hoffmann - 3.4.2-2K - adapt module load script to evtchn.ko -> xen-evtchn.ko rename.h csoGerd Hoffmann - 3.4.2-1K - update to 3.4.2 release. - drop backport patches. k/oJustin M. Forbes - 3.4.1-5J@- add PyXML to dependencies. (#496135) - Take ownership of {_libdir}/fs (#521806)aceoGerd Hoffmann - 3.4.1-4J0@- add e2fsprogs-devel to build dependencies.c[oGerd Hoffmann - 3.4.1-3J^@- swap bzip2+xz linux kernel compression support patches. - backport one more bugfix (videoram option).c-oGerd Hoffmann - 3.4.1-2J - backport bzip2+xz linux kernel compression support. - backport a few bugfixes.OcAoGerd Hoffmann - 3.4.1-1J|@- update to 3.4.1 release.cWoGerd Hoffmann - 3.4.0-4Jyt@- Kill info files. No xen docs, just standard gnu stuff. - kill -Werror in tools/libxc to fix build.oFedora Release Engineering - 3.4.0-3Jm- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild5c oGerd Hoffmann - 3.4.0-2J|- rename info files to fix conflict with binutils. - add install-info calls for the doc subpackage. - un-parallelize doc build.xcoGerd Hoffmann - 3.4.0-1J+@- update to version 3.4.0. - cleanup specfile, add doc subpackage. jC * c /G]ajr?m{oMichael Young - 4.1.2-3O y- Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042)\>mOoMichael Young - 4.1.2-2N=@- Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file=mCoMichael Young - 4.1.2-1N^- update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112g<mgoMichael Young - 4.1.1-8N$@- more pygrub improvements for grub2 on guest{;m oMichael Young - 4.1.1-7N- make pygrub work better with GPT partitions and grub2 on guesta:}KoMichael Young - 4.1.1-5 4.1.1-6N]- improve systemd functionalityn9msoMichael Young - 4.1.1-4N @- lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates 8m-oMichael Young - 4.1.1-3NG- untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]7moMichael Young - 4.1.1-2N&@- clean up patch to solve a problem with hvmloader compiled with gcc 4.6u6moMichael Young - 4.1.1-1M- update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patchX5mGoMichael Young - 4.1.0-2M@- Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present.Q4m;oMichael Young - 4.1.0-1M- update to 4.1.0 finalB3yoMichael Young - 4.1.0-0.1.rc8M@- update to 4.1.0-rc8 release candidate - create xen-4.1.0-rc8.tar.xz file from git/hg repositories - rebase xen-initscript.patch xen-dumpdir.patch xen-net-disable-iptables-on-bridge.patch localgcc45fix.patch sysconfig.xenstored init.xenstored - remove unnecessary or conflicting xen-xenstore-cli.patch localpy27fixes.patch xen.irq.fixes.patch xen.xsave.disable.patch xen.8259afix.patch localcleanups.patch libpermfixes.patch - add patch to allow pygrub to work with single partitions with boot sectors - create ipxe-git-v1.0.0.tar.gz from http://git.ipxe.org/ipxe.git to avoid downloading at build time - no need to move udev rules or init scripts as now created in the right place - amend list of files shipped - remove fs-backend add init.d scripts xen-watchdog xencommons add config files xencommons xl.conf cpupool add programs kdd tap-ctl xen-hptool xen-hvmcrash xenwatchdogd2oFedora Release Engineering - 4.0.1-10MO- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuildz1m oMichael Young - 4.0.1-9MF@- Make libraries executable so that rpm gets dependencies right0moMichael Young - 4.0.1-8MD@- Temporarily turn off some compile options so it will build on rawhide1/myoMichael Young - 4.0.1-7MB- ghost directories in /var/run (#656724) - minor fixes to /usr/share/doc/xen-doc-4.?.?/misc/network_setup.txt (#653159) /etc/xen/scripts/network-route, /etc/xen/scripts/vif-common.sh (#669747) and /etc/sysconfig/modules/xen.modules (#656536) } 6 ; "  6o}P>_U}EoMichael Young - 4.1.3-1 4.1.3-2P$- update to 4.1.3 includes fix for untrusted HVM guest can cause the dom0 to hang or crash [XSA-11, CVE-2012-3433] (#843582) - remove patches that are now upstream - remove some unnecessary compile fixes - adjust upstream-23936:cdb34816a40a-rework for backported fix for upstream-23940:187d59e32a58 - replace pygrub.size.limits.patch with upstreamed version - fix for (#845444) broke xend under systemd?TooMichael Young - 4.1.2-25P!@- remove some unnecessary cache flushing that slow things down - change python options on xend to reduce selinux problems (#845444)"SoYoMichael Young - 4.1.2-24P1@- in rare circumstances an unprivileged user can crash an HVM guest [XSA-10,CVE-2012-3432] (#843766)RoQoMichael Young - 4.1.2-23P@- add a patch to remove a dependency on PyXML and Require python-lxml instead of PyXML (#842843)OQo3oMichael Young - 4.1.2-22P A- adjust systemd service files not to report failures when running without a hypervisor or when xendomains.service doesn't find anything to startPoFedora Release Engineering - 4.1.2-21P @- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild(OoeoMichael Young - 4.1.2-20O/@- Apply three security patches 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217] guest denial of service on syscall/sysenter exception generation [CVE-2012-0218] PV guest host Denial of Service [CVE-2012-2934]xNooMichael Young - 4.1.2-19O:- adjust xend.service systemd file to avoid selinux problemsrMo{oMichael Young - 4.1.2-18O@- Enable xenconsoled by default under systemd (#829732)BLoMichael Young - 4.1.2-16 4.1.2-17O@- make pygrub cope better with big files from guest (#818412 CVE-2012-2625) - add patch from 4.1.3-rc2-pre to build on F17/8FKo!oMichael Young - 4.1.2-15O@- Make the udev tap rule more specific as it breaks openvpn (#812421) - don't try setuid in xend if we don't need to so selinux is happierFJo!oMichael Young - 4.1.2-14Ov- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora - load xen-acpi-processor module (kernel 3.4 onwards) if presentRIo;oMichael Young - 4.1.2-13OXA- fix a packaging error&HoaoMichael Young - 4.1.2-12OX@- fix an error in an rpm script from the sysv configuration removal - migrate xendomains script to systemdjGokoMichael Young - 4.1.2-11ONA- put the systemd files back in the right placeFoIoMichael Young - 4.1.2-10ON@- clean up systemd and sysv configuration including removal of migrated sysv files for fc17+XEmIoMichael Young - 4.1.2-9O?- move xen-watchdog to systemd\DmQoMichael Young - 4.1.2-8O2c- relocate systemd files for fc17+`CmYoMichael Young - 4.1.2-7O1@- move xend and xenconsoled to systemdBmoMichael Young - 4.1.2-6O*z- Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029]wAmoMichael Young - 4.1.2-5O#@- Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes@moMichael Young - 4.1.2-4O- actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 p ]~7pbmQoMichael Young - 4.2.1-2P[- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - pv guests can crash xen when xen built with debug=y (included for completeness - Fedora builds have debug=n) [XSA-37, CVE-2013-0154] amWoMichael Young - 4.2.1-1PZ- update to xen-4.2.1 - remove patches that are included in 4.2.1 - rebase xen.fedora.efi.build.patch``mYoRichard W.M. Jones - 4.2.0-7P@- Rebuild for OCaml fix (RHBZ#877128).S_m=oMichael Young - 4.2.0-6P@- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) A PV guest can cause xen to crash and might be able escalate privileges [XSA-32, CVE-2012-5525] (#883094)^m#oMichael Young - 4.2.0-5P|@- two build fixes for Fedora 19 - add texlive-ntgclass package to fix buildZ]mKoMichael Young - 4.2.0-4P6@- 4 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207) - texlive-2012 is now in Fedora 18_\mWoMichael Young - 4.2.0-3P@- texlive-2012 isn't in Fedora 18 yetG[m%oMichael Young - 4.2.0-2P{@- limit the size of guest kernels and ramdisks to avoid running out of memeory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)CZmoMichael Young - 4.2.0-1P)- update to xen-4.2.0 - rebase xen-net-disable-iptables-on-bridge.patch pygrubfix.patch - remove patches that are now upstream or with alternatives upstream - use ipxe and seabios from seabios-bin and ipxe-roms-qemu packages - xen tools now need ./configure to be run (x86_64 needs libdir set) - don't build upstream qemu version - amend list of files in package - relocate xenpaging add /etc/xen/xlexample* oxenstored.conf /usr/include/xenstore-compat/* xenstore-stubdom.gz xen-lowmemd xen-ringwatch xl.1.gz xl.cfg.5.gz xl.conf.5.gz xlcpupool.cfg.5.gz - use a tmpfiles.d file to create /run/xen on boot - add BuildRequires for yajl-devel and graphviz - build an efi boot image where it is supported - adjust texlive changes so spec file still works on Fedora 17XYmGoMichael Young - 4.1.3-6P@- add font packages to build requires due to 2012 version of texlive in F19 - use build requires of texlive-latex instead of tetex-latex which it obsoletesTXmAoMichael Young - 4.1.3-5P~- rebuild for ocaml update~WmoMichael Young - 4.1.3-4PH@- disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)pVmwoMichael Young - 4.1.3-3PG>- 5 security fixes a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494] (#854585) a malicious crash might be able to crash the dom0 or escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious HVM guest can crash the dom0 and might be able to read hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use VT100 escape sequences to escalate privileges to that of the qemu process [XSA-17, CVE-2012-3515] (#854599) 6 6 r L+S6tmoMichael Young - 4.2.2-9Q4- add upstream patch for PCI passthrough problems after XSA-46 (#977310)sm7oMichael Young - 4.2.2-8Q@@- xenstore permissions not set correctly by libxl [XSA-57, CVE-2013-2211] (#976779)rm3oMichael Young - 4.2.2-7Q- Revised fixes for [XSA-55, CVE-2013-2194 CVE-2013-2195 CVE-2013-2196] (#970640)%qmaoMichael Young - 4.2.2-6Q- Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) - Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) - Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) - Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640)pmCoMichael Young - 4.2.2-5Q- xend toolstack doesn't check bounds for VCPU affinity [XSA-56, CVE-2013-2072] (#964241)%omaoMichael Young - 4.2.2-4Q'@- xen-devel should require libuuid-devel (#962833) - pygrub menu items can include too much text (#958524)rnm{oMichael Young - 4.2.2-3QU@- PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918] (#958918) - malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] (#958919)ymm oMichael Young - 4.2.2-2Qzl@- fix further man page issues to allow building on F19 and F208lmoMichael Young - 4.2.2-1Qy- update to xen-4.2.2 includes fixes for [XSA-48, CVE-2013-1922] (Fedora doesn't use the affected code) passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) - remove patches that are included in 4.2.2 - look for libxl-save-helper in the right place - fix xl list -l output when built with yajl2 - allow xendomains to work with xl saved imageskkokoMichael Young - 4.2.1-10Q]k@- make xendomains systemd script executable and update it from init.d version (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]xjmoMichael Young - 4.2.1-9Q& @- patch for [XSA-36, CVE-2013-0153] can cause boot time crashhimioMichael Young - 4.2.1-8Q#@- patch for [XSA-38, CVE-2013-0215] was flawed)hmioMichael Young - 4.2.1-7Q- BuildRequires for texlive-kpathsea-bin wasn't needed - correct gcc 4.8 fixes and follow suggestions upstream%gmaoMichael Young - 4.2.1-6Q@- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - add some fixes for code which gcc 4.8 complains about - additional BuildRequires are now needed for pod2text and pod2man also texlive-kpathsea-bin for mktexfmtffYyoMichael Young P- correct disabling of xendomains.service on uninstall/emuoMichael Young - 4.2.1-5P@- nested virtualization on 32-bit guest can crash host [XSA-34, CVE-2013-0151] also nested HVM on guest can cause host to run out of memory [XSA-35, CVE-2013-0152] (#902792) - restore status option to xend which is used by libvirt (#893699)*dmkoMichael Young - 4.2.1-4P- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)ycm oMichael Young - 4.2.1-3P@- fix some format errors in xl.cfg.pod.5 to allow build on F19 6 o  l  }R]V6'meoMichael Young - 4.3.1-7R@- Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142)XmGoMichael Young - 4.3.1-6RS- Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024)m;oMichael Young - 4.3.1-5Rv@- HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]moMichael Young - 4.3.1-4R@- Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923)m;oMichael Young - 4.3.1-3R- Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149)mIoMichael Young - 4.3.1-2R~#- Host crash due to HVM guest VMX instruction execution [XSA-75, CVE-2013-4551] (#1029055);m oMichael Young - 4.3.1-1Rs- update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] (#1026248)~oGoMichael Young - 4.3.0-10Ro@- ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) }m-oMichael Young - 4.3.0-9Ri - systemd changes to allow oxenstored to be used instead of xenstored (#1022640)&|mcoMichael Young - 4.3.0-8RV- security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375]M{m1oMichael Young - 4.3.0-7RL - Set "Domain-0" label in xenstored.service systemd file to match xencommons init.d script. - security fixes (#1013748) Information leaks to HVM guests through I/O instruction emulation [XSA-63, CVE-2013-4355] Memory accessible by 64-bit PV guests under live migration [XSA-64, CVE-2013-4356] Information leak to HVM guests through fbld instruction emulation [XSA-66, CVE-2013-4361]zm9oMichael Young - 4.3.0-6RB@- Information leak on AVX and/or LWP capable CPUs [XSA-62, CVE-2013-1442] (#1012056)UymCoRichard W.M. Jones - 4.3.0-5R4O- Rebuild for OCaml 4.01.0.xoFedora Release Engineering - 4.3.0-4QB@- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuildew}SoMichael Young - 4.3.0-2 4.3.0-3Q{- build a 64-bit hypervisor on ix86fvmcoMichael Young - 4.3.0-1Q5- update to xen-4.3.0 - rebase xen.use.fedora.ipxe.patch - remove patches that are now included or no longer needed - add polarssl source needed for stubdom build - remove references to ia64 in spec file (dropped upstream) - don't build hypervisor on ix86 (dropped upstream) - tools want wget (or ftp) to build - build XSM FLASK support into hypervisor with policy file - add xencov_split and xencov to files packaged, remove pdf docs - tidy up rpm scripts and stop enabling systemctl services on upgrade now sysv is gone from Fedora - re-number patches!uoWoMichael Young - 4.2.2-10Q- XSA-45/CVE-2013-1918 breaks page reference counting [XSA-58, CVE-2013-1432] (#978383) - let pygrub handle set default="${next_entry}" line in F19 (#978036) - libxl: Set vfb and vkb devid if not done so by the caller (#977987) U N P @>.l;+g`mWoMichael Young - 4.4.1-2T- Mishandling of uninitialised FIFO-based event channel control blocks [XSA-107, CVE-2014-6268] (#1140287) - delete a patch file that was dropped in the last update?moMichael Young - 4.4.1-1T@- update to xen-4.4.1 remove patches for fixes that are now included - replace uint32 with uint32_t in ocaml file for ocaml-4.02.0VoCoRichard W.M. Jones - 4.4.0-14TA- Bump release and rebuild.XoGoRichard W.M. Jones - 4.4.0-13T@- ocaml-4.02.0 final rebuild.VoCoRichard W.M. Jones - 4.4.0-12S- ocaml-4.02.0+rc1 rebuild.oFedora Release Engineering - 4.4.0-11S- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuildo1oMichael Young - 4.4.0-10S- Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146]fmeoRichard W.M. Jones - 4.4.0-9Sj@- ocaml-4.02.0-0.8.git10e45753.fc22 rebuild.TmAoMichael Young - 4.4.0-8S@- rebuild for ocaml update/muoMichael Young - 4.4.0-7S-- Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression=moMichael Young - 4.4.0-6S- Fix two %if line typos in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583)oFedora Release Engineering - 4.4.0-5SP@- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuilda m[oMichael Young - 4.4.0-4Sp- add systemd preset support (#1094938) m/oMichael Young - 4.4.0-3S`- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) - change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 - fix a couple of -Wmaybe-uninitialized cases m%oMichael Young - 4.4.0-2S2@- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) m-oMichael Young - 4.4.0-1S.- update to xen-4.4.0 - adjust xend.selinux.fixes.patch and xen-initscript.patch as xend has moved - don't build xend unless --with xend is specified - use --with-system-seabios option instead of xen.use.fedora.seabios.patch - update xen.use.fedora.ipxe.patch patch - replace qemu-xen.tradonly.patch with --with-system-qemu= option pointing to Fedora's qemu-system-i386 - adjust xen.xsm.enable.patch and remove bits that are are no longer needed - blktapctrl is no longer built, remove related files - adjust files to be packaged; xsview has gone, add xen-mfndump and xenstore man pages - add another xenstore-write to xenstored.service and oxenstored.service - Add xen.console.fix.patch to fix issues running pygruby m oMichael Young - 4.3.2-1SK@- update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included!oWoMichael Young - 4.3.1-10Rb@- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491)\mOoMichael Young - 4.3.1-9Ry@- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335)&mcoMichael Young - 4.3.1-8RU- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) u #K:`)mYoMichael Young - 4.5.0-6U@- Additional patch for XSA-98 on arm64(mUoMichael Young - 4.5.0-5U- HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365)'mEoMichael Young - 4.5.0-4T- Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) &m/oMichael Young - 4.5.0-3TE@- Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] - fix a typo in xen.fedora.systemd.patchS%m=oMichael Young - 4.5.0-2T8- arm: vgic-v2: GICD_SGIR is not properly emulated [XSA-117, CVE-2015-0268] - allow certain warnings with gcc5 that would otherwise be treated as errorsG$m%oMichael Young - 4.5.0-1T - update to 4.5.0 xend has gone, so remove references to xend in spec file, sources and patches remove patches for issues now fixed upstream adjust some patches due to other code changes adjust spec file for renamed xenpolicy files set prefix back to /usr (default is now /usr/local) use upstream systemd files with patches for Fedora and selinux sysconfig for systemd is now in xencommons file for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin remus isn't built upstream systemd support needs systemd-devel to build replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 stop oxenstored failing when selinux is enforcing re-number patches - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153)#oGoMichael Young - 4.4.1-12T@- xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221)y"ooMichael Young - 4.4.1-11T- fix xendomains issue introduced by xl migrate --debug patch !o'oMichael Young - 4.4.1-10T- p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsmC moMichael Young - 4.4.1-9Tw@- Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461)&mcoMichael Young - 4.4.1-8Tm- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914)emaoMichael Young - 4.4.1-7Tk4- Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776)m3oMichael Young - 4.4.1-6T+- Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465)|moMichael Young - 4.4.1-5T*@- xen support is in 256k seabios binary when it exists (#1146260)hmgoMichael Young - 4.4.1-4T!`- Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738)m#oMichael Young - 4.4.1-3T@- disable building pngs from fig files which is currently broken in rawhide K y [ q yLD\_K?;moMichael Young - 4.5.1-9V- ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504) - e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224) - net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278) - net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281) - qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)2:m{oMichael Young - 4.5.1-8U@- libxl fails to honour readonly flag on disks with qemu-xen [XSA-142, CVE-2015-7311] (#1257893) (final patch version)9m?oMichael Young - 4.5.1-7U@- printk is not rate-limited in xenmem_add_to_physmap_one (ARM) [XSA-141, CVE-2015-6654]x8moMichael Young - 4.5.1-6UW- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] (#1249757) - QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] (#1249756)c7m]oMichael Young - 4.5.1-5U@- QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) - try again to fix xen-qemu-dom0-disk-backend.service (#1242246)Q6m;oRichard W.M. Jones - 4.5.1-4U- OCaml 4.02.3 rebuild.%5maoMichael Young - 4.5.1-3U@- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246) - rebuild efi grub.cfg if it is present (#1239309) - re-enable remus by building with libnl3 - modify gnutls use in line with Fedora's crypto policies (#1179352)4moMichael Young - 4.5.1-2U@- xl command line config handling stack overflow [XSA-137, CVE-2015-3259]N3m3oMichael Young - 4.5.1-1U- update to 4.5.1 adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove patches for issues now fixed upstream renumber patchesV2oCoRichard W.M. Jones - 4.5.0-13UA- Rebuild for ocaml-4.02.2.1oFedora Release Engineering - 4.5.0-12U@- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_RebuildY0Y_oMichael Young U- gcc 5 bug is fixed so remove workaroundl/omoMichael Young - 4.5.0-11Ux&- stubs-32.h is back, so revert to previous behaviour - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]u.s}oMichael Young - 4.5.0-10.1Un@- stubs-32.h has gone from rawhide, put it back manually-oGoMichael Young - 4.5.0-10Um- replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631),mAoMichael Young - 4.5.0-9US<- Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)+m7oMichael Young - 4.5.0-8U4@- Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037)S*m=oMichael Young - 4.5.0-7U@- Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739)  O $@m_oMichael Young - 4.6.0-1VO@- update to xen-4.6.0 xen-dumpdir.patch no longer needed adjust xen.use.fedora.ipxe.patch and xen.fedora.systemd.patch remove upstream patches add build fix for blktap2 to gcc5 fixes udev rules have now gone as have xen-syms in /boot package extra files /etc/rc.d/init.d/xendriverdomain /usr/bin/xenalyze /usr/sbin/xentrace /usr/sbin/xentrace_setsize /usr/share/pkgconfig/*.pc - renumber patches - add build-requires for pandoc and discount to improve docsq?oyoMichael Young - 4.5.1-13V- patch CVE-2015-7295 for qemu-xen-traditional as well>ooMichael Young - 4.5.1-12VZ- Qemu: net: virtio-net possible remote DoS [CVE-2015-7295] (#1264392)&=oaoMichael Young - 4.5.1-11V- create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm (#1268176), (#1248843){<o oMichael Young - 4.5.1-10V@- ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792)< l(|qf[PE:/$ti^SH=2' w l'oj&nh%mg$$ke]#jc"ia!g` f^Ae\zcZbXaW%`U^^S]Q\P ZNBYL{XJWHUG&TE_SCQAP@ O>C M<| L: K8 J7' H5`G3F1D0 C.DB,}A*?(>'(=%a;#:!9 8E6~542)1b0. F    *c }wqke_YSMGA;5/)# {uoic]WQKE?93-'!   y s m g a [ U O I C = 7 1 + %     { t m f _ X Q J C < 5 . '     x q j c \ U N G @ 9 2 + $      | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %    }vohaZSLE>70)" zsle^WPIB;4-& ~wpib[TMF?81*#{tmf_XQJC<5.'  xqjc\UNG@92+$~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!        {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!       {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" a`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      b {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)"  ( ' & % $ # " !                                                                      ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      ~}|{zyxwvutsrqponmlkjihgfed ) {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)"                                                                                                                   ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                                                                                                                                         ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , +  {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)"                                                          ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                                                                                                                                   ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)"  } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                                                                                                                                   ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                                                                         ~ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" DCBA@?>=<;:9876543210/.-,+*)('&%$#"!                                                                                                                                        ~ } | { z y x w v u t s r q p o n m l k j i h g f e d c b a ` _ ^ ] \ [ Z Y X W V U T S R Q P O N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " !                                                                                                                                                                 E {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)"    ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!      ~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHG {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" .....................................................................................~.}.|.{.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.`._.^.].\.[.Z.Y.X.W.V.U.T.S.R.Q.P.O.N.M.L.K.J.I.H.G.F.E.D.C.B.A.@.?.>.=.<.;.:.9.8.7.6.5.4.3.2.1.0./...-.,.+.*.).(.'.&.%.$.#.".!. ................... . . . . ........................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"! . {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 0000000000000000000000000000~0}0|0{0z0y0x0w0v0u0t0s0r0q0p0o0n0m0l0k0j0i0h0g0f0e0d0c0b0a0`0_0^0]0\0[0Z0Y0X0W0V0U0T0S0R0Q0P0O0N0M0L0K0J0I0H0G0F0E0D0C0B0A/@/?/>/=/</;/:/9/8/7/6/5/4/3/2/1/0///./-/,/+/*/)/(/'/&/%/$/#/"/!/ /////////////////// / / / / ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////~/}/|/{/z/y/x/w/v/u/t/s/r/q/p/o/n/m/l/k/j/i/h/g/f/e/d/c/b/a/`/_/^/]/\/[/Z/Y/X/W/V/U/T/S/R/Q/P/O/N/M/L/K/J/I/H/G/F/E/D/C/B/A/@/?/>/=/</;/:/9/8/7/6/5/4/3/2/1/0///./-/,/+/*/)/(/'/&/%/$/#/"/!/ /////////////////// / / / / ////////////////////////////////////////............0 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 1`1_1^1]1\1[1Z1Y1X1W1V1U1T1S1R1Q1P1O1N1M1L1K1J1I1H1G1F1E1D1C1B1A1@1?1>1=1<1;1:191817161514131211101/1.1-1,1+1*1)1(1'1&1%1$1#1"1!1 1111111111111111111 1 1 1 1 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111100000000000000000000000000000000000~0}0|0{0z0y0x0w0v0u0t0s0r0q0p0o0n0m0l0k0j0i0h0g0f0e0d0c0b0a0`0_0^0]0\0[0Z0Y0X0W0V0U0T0S0R0Q0P0O0N0M0L0K0J0I0H0G0F0E0D0C0B0A0@0?0>0=0<0;0:090807060504030201000/0.0-0,0+0*0)0(0'0&0%0$0#0"0!0 0000000000000000000 0 0 0 0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 2'2&2%2$2#2"2!2 2222222222222222222 2 2 2 2 2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222~2}2|2{2z2y2x2w2v2u2t2s2r2q2p2o2n2m2l2k2j2i2h2g2f2e2d2c2b2a2`2_2^2]2\2[2Z2Y2X2W2V2U2T2S2R2Q2P2O2N2M2L2K2J2I2H2G2F2E2D2C2B2A2@2?2>2=2<2;2:292827262524232221202/2.2-2,2+2*2)2(2'2&2%2$2#2"2!2 2222222222222222222 2 2 2 2 2222222211111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111~1}1|1{1z1y1x1w1v1u1t1s1r1q1p1o1n1m1l1k1j1i1h1g1f1e1d1c2( {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 44444444444444444444444444444444444444444444443333333333333333333333333333333333333333333333333333333333333333333~3}3|3{3z3y3x3w3v3u3t3s3r3q3p3o3n3m3l3k3j3i3h3g3f3e3d3c3b3a3`3_3^3]3\3[3Z3Y3X3W3V3U3T3S3R3Q3P3O3N3M3L3K3J3I3H3G3F3E3D3C3B3A3@3?3>3=3<3;3:393837363534333231303/3.3-3,3+3*3)3(3'3&3%3$3#3"3!3 3333333333333333333 3 3 3 3 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333~3}3|3{3z3y3x3w3v3u3t3s3r3q3p3o3n3m3l3k3j3i3h3g3f3e3d3c3b3a2`2_2^2]2\2[2Z2Y2X2W2V2U2T2S2R2Q2P2O2N2M2L2K2J2I2H2G2F2E2D2C2B2A2@2?2>2=2<2;2:292827262524232221202/2.2-2,2+2*4 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 55555555555555555555555555555555555555555555555555555555~5}5|5{5z5y5x5w5v5u5t5s5r5q5p5o5n5m5l5k5j5i5h5g5f5e5d5c5b5a5`5_5^5]5\5[5Z5Y5X5W5V5U5T5S5R5Q5P5O5N5M5L5K5J5I5H5G5F5E5D5C5B5A5@5?5>5=5<5;5:595857565554535251505/5.5-5,5+5*5)5(5'5&5%5$5#5"5!4 4444444444444444444 4 4 4 4 4444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444~4}4|4{4z4y4x4w4v4u4t4s4r4q4p4o4n4m4l4k4j4i4h4g4f4e4d4c4b4a4`4_4^4]4\4[4Z4Y4X4W4V4U4T4S4R4Q4P4O4N4M4L4K4J4I4H4G4F4E4D4C4B4A4@4?4>4=4<4;4:494847464544434241404/4.4-4,4+4*4)4(4'4&4%4$4#4"4!4 4444444444444444444 4 4 4 4 4444444444444444444444445 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 6|6{6z6y6x6w6v6u6t6s6r6q6p6o6n6m6l6k6j6i6h6g6f6e6d6c6b6a6`6_6^6]6\6[6Z6Y6X6W6V6U6T6S6R6Q6P6O6N6M6L6K6J6I6H6G6F6E6D6C6B6A6@6?6>6=6<6;6:696867666564636261606/6.6-6,6+6*6)6(6'6&6%6$6#6"6!6 6666666666666666666 6 6 6 6 6666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666555~5}5|5{5z5y5x5w5v5u5t5s5r5q5p5o5n5m5l5k5j5i5h5g5f5e5d5c5b5a5`5_5^5]5\5[5Z5Y5X5W5V5U5T5S5R5Q5P5O5N5M5L5K5J5I5H5G5F5E5D5C5B5A5@5?5>5=5<5;5:595857565554535251505/5.5-5,5+5*5)5(5'5&5%5$5#5"5!5 5555555555555555555 5 5 5 5 5555555555555555555555555555555555555555555555555555555555555555555555555555555556} {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 8C8B8A7@7?7>7=7<7;7:797877767574737271707/7.7-7,7+7*7)7(7'7&7%7$7#7"7!7 7777777777777777777 7 7 7 7 7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777~7}7|7{7z7y7x7w7v7u7t7s7r7q7p7o7n7m7l7k7j7i7h7g7f7e7d7c7b7a7`7_7^7]7\7[7Z7Y7X7W7V7U7T7S7R7Q7P7O7N7M7L7K7J7I7H7G7F7E7D7C7B7A7@7?7>7=7<7;7:797877767574737271707/7.7-7,7+7*7)7(7'7&7%7$7#7"7!7 7777777777777777777 7 7 7 7 7777777777777777777777777777777777777777666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666668D {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" 9 9 9 9 9 9 9 9 9 9 9 9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999988888888888888888888888888888888888~8}8|8{8z8y8x8w8v8u8t8s8r8q8p8o8n8m8l8k8j8i8h8g8f8e8d8c8b8a8`8_8^8]8\8[8Z8Y8X8W8V8U8T8S8R8Q8P8O8N8M8L8K8J8I8H8G8F8E8D8C8B8A8@8?8>8=8<8;8:898887868584838281808/8.8-8,8+8*8)8(8'8&8%8$8#8"8!8 8888888888888888888 8 8 8 8 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888~8}8|8{8z8y8x8w8v8u8t8s8r8q8p8o8n8m8l8k8j8i8h8g8f8e8d8c8b8a8`8_8^8]8\8[8Z8Y8X8W8V8U8T8S8R8Q8P8O8N8M8L8K8J8I8H8G8F9 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" :!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!~:!}:!|:!{:!z:!y:!x:!w:!v:!u:!t:!s:!r:!q:!p:!o:!n:!m:!l:!k:!j:!i:!h:!g:!f:!e:!d:!c:!b:!a:!`:!_:!^:!]:!\:![:!Z:!Y:!X:!W:!V:!U:!T:!S:!R:!Q:!P:!O:!N:!M:!L:!K:!J:!I:!H:!G:!F:!E:!D:!C:!B:!A:!@:!?:!>:!=:!<:!;:!::!9:!8:!7:!6:!5:!4:!3:!2:!1:!0:!/:!.:!-:!,:!+:!*:!):!(:!':!&:!%:!$:!#:!":!!:! :!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:! :! :! :! :! :!:!:!:!:!:!:!:!9!9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 ~9 }9 |9 {9 z9 y9 x9 w9 v9 u9 t9 s9 r9 q9 p9 o9 n9 m9 l9 k9 j9 i9 h9 g9 f9 e9 d9 c9 b9 a9 `9 _9 ^9 ]9 \9 [9 Z9 Y9 X9 W9 V9 U9 T9 S9 R9 Q9 P9 O9 N9 M9 L9 K9 J9 I9 H9 G9 F9 E9 D9 C9 B9 A9 @9 ?9 >9 =9 <9 ;9 :9 99 89 79 69 59 49 39 29 19 09 /9 .9 -9 ,9 +9 *9 )9 (9 '9 &9 %9 $9 #9 "9 !9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 :! {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#~;#};#|;#{;#z;#y;#x;#w;#v;#u;#t;#s;#r;#q;#p;#o;#n;#m;#l;#k;#j;#i;#h;#g;#f;#e;#d;#c;#b;#a;#`;#_;#^;#];#\;#[;#Z;#Y;#X;#W;#V;#U;#T;#S;#R;#Q;#P;#O;#N;#M;#L;#K;#J;#I;#H;#G;#F;#E;#D;#C;#B;#A;#@;#?;#>;#=;#<;#;;#:;#9;#8;#7;#6;#5;#4;#3;#2;#1;#0;#/;#.;#-;#,;#+;#*;#);#(;#';#&;#%;#$;##;#";#!;# ;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;# ;# ;# ;# ;# ;#;#;#;#;#;#;#;#;#;";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";";"~;"};"|;"{;"z;"y;"x;"w;"v;"u;"t;"s;"r;"q;"p;"o;"n;"m;"l;"k;"j;"i;"h;"g;"f;"e;"d;"c;"b;"a:"`:"_:"^:"]:"\:"[:"Z:"Y:"X:"W:"V:"U:"T:"S:"R:"Q:"P:"O:"N:"M:"L:"K:"J:"I:"H:"G:"F:"E:"D:"C:"B:"A:"@:"?:">:"=:"<:";:"::"9:"8:"7:"6:"5:"4:"3:"2:"1:"0:"/:".:"-:",:"+:"*:"):"(:"':"&:"%:"$:"#:"":"!:" :":":":":":":":":":":":":":":":":":":" :" :" :" :" :":":":":":":":":":!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!:!;# {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" =%_=%^=%]=%\=%[=%Z=%Y=%X=%W=%V=%U=%T=%S=%R=%Q=%P=%O=%N=%M=%L=%K=%J=%I=%H=%G=%F=%E=%D=%C=%B=%A=%@=%?=%>=%==%<=%;=%:=%9=%8=%7=%6=%5=%4=%3=%2=%1=%0=%/=%.=%-=%,=%+=%*=%)=%(=%'=%&=%%=%$=%#=%"=%!<% <%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<% <% <% <% <% <%<%<%<%<%<%<%<%<%<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$~<$}<$|<${<$z<$y<$x<$w<$v<$u<$t<$s<$r<$q<$p<$o<$n<$m<$l<$k<$j<$i<$h<$g<$f<$e<$d<$c<$b<$a<$`<$_<$^<$]<$\<$[<$Z<$Y<$X<$W<$V<$U<$T<$S<$R<$Q<$P<$O<$N<$M<$L<$K<$J<$I<$H<$G<$F<$E<$D<$C<$B<$A<$@<$?<$><$=<$<<$;<$:<$9<$8<$7<$6<$5<$4<$3<$2<$1<$0<$/<$.<$-<$,<$+<$*<$)<$(<$'<$&<$%<$$<$#<$"<$!<$ <$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$<$ <$ <$ <$ <$ <$<$<$<$<$<$<$<$<$<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#<#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#;#=%` {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" >'&>'%>'$>'#>'">'!>' >'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>' >' >' >' >' >'>'>'>'>'>'>'>'>'>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&>&=&=&=&~=&}=&|=&{=&z=&y=&x=&w=&v=&u=&t=&s=&r=&q=&p=&o=&n=&m=&l=&k=&j=&i=&h=&g=&f=&e=&d=&c=&b=&a=&`=&_=&^=&]=&\=&[=&Z=&Y=&X=&W=&V=&U=&T=&S=&R=&Q=&P=&O=&N=&M=&L=&K=&J=&I=&H=&G=&F=&E=&D=&C=&B=&A=&@=&?=&>=&==&<=&;=&:=&9=&8=&7=&6=&5=&4=&3=&2=&1=&0=&/=&.=&-=&,=&+=&*=&)=&(=&'=&&=&%=&$=&#=&"=&!=& =&=&=&=&=&=&=&=&=&=&=&=&=&=&=&=&=&=&=& =& =& =& =& =&=&=&=&=&=&=&=&=&=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%=%~=%}=%|=%{=%z=%y=%x=%w=%v=%u=%t=%s=%r=%q=%p=%o=%n=%m=%l=%k=%j=%i=%h=%g=%f=%e=%d=%c=%b>'' {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(~?(}?(|?({?(z?(y?(x?(w?(v?(u?(t?(s?(r?(q?(p?(o?(n?(m?(l?(k?(j?(i?(h?(g?(f?(e?(d?(c?(b?(a?(`?(_?(^?(]?(\?([?(Z?(Y?(X?(W?(V?(U?(T?(S?(R?(Q?(P?(O?(N?(M?(L?(K?(J?(I?(H?(G?(F?(E?(D?(C?(B?(A?(@?(??(>?(=?(<?(;?(:?(9?(8?(7?(6?(5?(4?(3?(2?(1?(0?(/?(.?(-?(,?(+?(*?()?((?('?(&?(%?($?(#?("?(!?( ?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?( ?( ?( ?( ?( ?(?(?(?(?(?(?(?(?(?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'?'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'>'~>'}>'|>'{>'z>'y>'x>'w>'v>'u>'t>'s>'r>'q>'p>'o>'n>'m>'l>'k>'j>'i>'h>'g>'f>'e>'d>'c>'b>'a>'`>'_>'^>']>'\>'[>'Z>'Y>'X>'W>'V>'U>'T>'S>'R>'Q>'P>'O>'N>'M>'L>'K>'J>'I>'H>'G>'F>'E>'D>'C>'B>'A>'@>'?>'>>'=>'<>';>':>'9>'8>'7>'6>'5>'4>'3>'2>'1>'0>'/>'.>'->',>'+>'*>')?( {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*~@*}@*|@*{@*z@*y@*x@*w@*v@*u@*t@*s@*r@*q@*p@*o@*n@*m@*l@*k@*j@*i@*h@*g@*f@*e@*d@*c@*b@*a@*`@*_@*^@*]@*\@*[@*Z@*Y@*X@*W@*V@*U@*T@*S@*R@*Q@*P@*O@*N@*M@*L@*K@*J@*I@*H@*G@*F@*E@*D@*C@*B@*A@*@@*?@*>@*=@*<@*;@*:@*9@*8@*7@*6@*5@*4@*3@*2@*1@*0@*/@*.@*-@*,@*+@**@*)@*(@*'@*&@*%@*$@*#@*"@*!@* @*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@* @* @* @* @* @*@*@*@*@*@*@*@*@*@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)@)~@)}@)|@){@)z@)y@)x@)w@)v@)u@)t@)s@)r@)q@)p@)o@)n@)m@)l@)k@)j@)i@)h@)g@)f@)e@)d@)c@)b@)a@)`@)_@)^@)]@)\@)[@)Z@)Y@)X@)W@)V@)U@)T@)S@)R@)Q@)P@)O@)N@)M@)L@)K@)J@)I@)H@)G@)F@)E@)D@)C@)B@)A?)@?)??)>?)=?)<?);?):?)9?)8?)7?)6?)5?)4?)3?)2?)1?)0?)/?).?)-?),?)+?)*?))?)(?)'?)&?)%?)$?)#?)"?)!?) ?)?)?)?)?)?)?)?)?)?)?)?)?)?)?)?)?)?)?) ?) ?) ?) ?) ?)?)?)?)?)?)?)?)?)?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(?(A* {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" B,{B,zB,yB,xB,wB,vB,uB,tB,sB,rB,qB,pB,oB,nB,mB,lB,kB,jB,iB,hB,gB,fB,eB,dB,cB,bB,aB,`B,_B,^B,]B,\B,[B,ZB,YB,XB,WB,VB,UB,TB,SB,RB,QB,PB,OB,NB,MB,LB,KB,JB,IB,HB,GB,FB,EB,DB,CB,BB,AB,@B,?B,>B,=B,<B,;B,:B,9B,8B,7B,6B,5B,4B,3B,2B,1B,0B,/B,.B,-B,,B,+B,*B,)B,(B,'B,&B,%B,$B,#B,"B,!B, B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B, B, B, B, B, B,B,B,B,B,B,B,B,A,A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+~A+}A+|A+{A+zA+yA+xA+wA+vA+uA+tA+sA+rA+qA+pA+oA+nA+mA+lA+kA+jA+iA+hA+gA+fA+eA+dA+cA+bA+aA+`A+_A+^A+]A+\A+[A+ZA+YA+XA+WA+VA+UA+TA+SA+RA+QA+PA+OA+NA+MA+LA+KA+JA+IA+HA+GA+FA+EA+DA+CA+BA+AA+@A+?A+>A+=A+<A+;A+:A+9A+8A+7A+6A+5A+4A+3A+2A+1A+0A+/A+.A+-A+,A++A+*A+)A+(A+'A+&A+%A+$A+#A+"A+!A+ A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+A+ A+ A+ A+ A+ A+A+A+A+A+A+A+A+A+A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*A*B,| {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" C.BC.AC.@C.?C.>C.=C.<C.;C.:C.9C.8C.7C.6C.5C.4C.3C.2C.1C.0C./C..C.-C.,C.+C.*C.)C.(C.'C.&C.%C.$C.#C."C.!C. C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C. C. C. C. C. C.C.C.C.C.C.C.C.C.C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-~C-}C-|C-{C-zC-yC-xC-wC-vC-uC-tC-sC-rC-qC-pC-oC-nC-mC-lC-kC-jC-iC-hC-gC-fC-eC-dC-cC-bC-aB-`B-_B-^B-]B-\B-[B-ZB-YB-XB-WB-VB-UB-TB-SB-RB-QB-PB-OB-NB-MB-LB-KB-JB-IB-HB-GB-FB-EB-DB-CB-BB-AB-@B-?B->B-=B-<B-;B-:B-9B-8B-7B-6B-5B-4B-3B-2B-1B-0B-/B-.B--B-,B-+B-*B-)B-(B-'B-&B-%B-$B-#B-"B-!B- B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B-B- B- B- B- B- B-B-B-B-B-B-B-B-B-B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,B,~C.C {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" D0 D0D0D0D0D0D0D0D0D0D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/~D/}D/|D/{D/zD/yD/xD/wD/vD/uD/tD/sD/rD/qD/pD/oD/nD/mD/lD/kD/jD/iD/hD/gD/fD/eD/dD/cD/bD/aD/`D/_D/^D/]D/\D/[D/ZD/YD/XD/WD/VD/UD/TD/SD/RD/QD/PD/OD/ND/MD/LD/KD/JD/ID/HD/GD/FD/ED/DD/CD/BD/AD/@D/?D/>D/=D/<D/;D/:D/9D/8D/7D/6D/5D/4D/3D/2D/1D/0D//D/.D/-D/,D/+D/*D/)D/(D/'D/&D/%D/$D/#D/"D/!D/ D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/D/ D/ D/ D/ D/ D/D/D/D/D/D/D/D/D/D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.C.~C.}C.|C.{C.zC.yC.xC.wC.vC.uC.tC.sC.rC.qC.pC.oC.nC.mC.lC.kC.jC.iC.hC.gC.fC.eC.dC.cC.bC.aC.`C._C.^C.]C.\C.[C.ZC.YC.XC.WC.VC.UC.TC.SC.RC.QC.PC.OC.NC.MC.LC.KC.JC.IC.HC.GC.FC.ED0 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1E1E1E1~E1}E1|E1{E1zE1yE1xE1wE1vE1uE1tE1sE1rE1qE1pE1oE1nE1mE1lE1kE1jE1iE1hE1gE1fE1eE1dE1cE1bE1aE1`E1_E1^E1]E1\E1[E1ZE1YE1XE1WE1VE1UE1TE1SE1RE1QE1PE1OE1NE1ME1LE1KE1JE1IE1HE1GE1FE1EE1DE1CE1BE1AE1@E1?E1>E1=E1<E1;E1:E19E18E17E16E15E14E13E12E11E10E1/E1.E1-E1,E1+E1*E1)E1(E1'E1&E1%E1$E1#E1"E1!E1 E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1 E1 E1 E1 E1 E1E1E1E1E1E1E1E1E1E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0~E0}E0|E0{E0zE0yE0xE0wE0vE0uE0tE0sE0rE0qE0pE0oE0nE0mE0lE0kE0jE0iE0hE0gE0fE0eE0dE0cE0bE0aE0`E0_E0^E0]E0\E0[E0ZE0YE0XE0WE0VE0UE0TE0SE0RE0QE0PE0OE0NE0ME0LE0KE0JE0IE0HE0GE0FE0EE0DE0CE0BE0AE0@E0?E0>E0=E0<E0;E0:E09E08E07E06E05E04E03E02E01E00E0/E0.E0-E0,E0+E0*E0)E0(E0'E0&E0%E0$E0#E0"E0!D0 D0D0D0D0D0D0D0D0D0D0D0D0D0D0D0D0D0D0D0 D0 F1 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3~G3}G3|G3{G3zG3yG3xG3wG3vG3uG3tG3sG3rG3qG3pG3oG3nG3mG3lG3kG3jG3iG3hG3gG3fG3eG3dG3cG3bG3aG3`G3_G3^G3]G3\G3[G3ZG3YG3XG3WG3VG3UG3TG3SG3RG3QG3PG3OG3NG3MG3LG3KG3JG3IG3HG3GG3FG3EG3DG3CG3BG3AG3@G3?G3>G3=G3<G3;G3:G39G38G37G36G35G34G33G32G31G30G3/G3.G3-G3,G3+G3*G3)G3(G3'G3&G3%G3$G3#G3"G3!G3 G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3 G3 G3 G3 G3 G3G3G3G3G3G3G3G3G3G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2G2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2~F2}F2|F2{F2zF2yF2xF2wF2vF2uF2tF2sF2rF2qF2pF2oF2nF2mF2lF2kF2jF2iF2hF2gF2fF2eF2dF2cF2bF2aF2`F2_F2^F2]F2\F2[F2ZF2YF2XF2WF2VF2UF2TF2SF2RF2QF2PF2OF2NF2MF2LF2KF2JF2IF2HF2GF2FF2EF2DF2CF2BF2AF2@F2?F2>F2=F2<F2;F2:F29F28F27F26F25F24F23F22F21F20F2/F2.F2-F2,F2+F2*F2)F2(F2'F2&F2%F2$F2#F2"F2!F2 F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2F2 F2 F2 F2 F2 F2F2F2F2F2F2F2F2F2F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1G3 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" H5^H5]H5\H5[H5ZH5YH5XH5WH5VH5UH5TH5SH5RH5QH5PH5OH5NH5MH5LH5KH5JH5IH5HH5GH5FH5EH5DH5CH5BH5AH5@H5?H5>H5=H5<H5;H5:H59H58H57H56H55H54H53H52H51H50H5/H5.H5-H5,H5+H5*H5)H5(H5'H5&H5%H5$H5#H5"H5!H5 H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5 H5 H5 H5 H5 H5H5H5H5H5H5H5H5H5H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4~H4}H4|H4{H4zH4yH4xH4wH4vH4uH4tH4sH4rH4qH4pH4oH4nH4mH4lH4kH4jH4iH4hH4gH4fH4eH4dH4cH4bH4aH4`H4_H4^H4]H4\H4[H4ZH4YH4XH4WH4VH4UH4TH4SH4RH4QH4PH4OH4NH4MH4LH4KH4JH4IH4HH4GH4FH4EH4DH4CH4BH4AG4@G4?G4>G4=G4<G4;G4:G49G48G47G46G45G44G43G42G41G40G4/G4.G4-G4,G4+G4*G4)G4(G4'G4&G4%G4$G4#G4"G4!G4 G4G4G4G4G4G4G4G4G4G4G4G4G4G4G4G4G4G4G4 G4 G4 G4 G4 G4G4G4G4G4G4G4G4G4G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3H5_ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" J7%J7$J7#J7"J7!J7 J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7 J7 J7 J7 J7 J7J7J7J7J7J7J7J7I7I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6~I6}I6|I6{I6zI6yI6xI6wI6vI6uI6tI6sI6rI6qI6pI6oI6nI6mI6lI6kI6jI6iI6hI6gI6fI6eI6dI6cI6bI6aI6`I6_I6^I6]I6\I6[I6ZI6YI6XI6WI6VI6UI6TI6SI6RI6QI6PI6OI6NI6MI6LI6KI6JI6II6HI6GI6FI6EI6DI6CI6BI6AI6@I6?I6>I6=I6<I6;I6:I69I68I67I66I65I64I63I62I61I60I6/I6.I6-I6,I6+I6*I6)I6(I6'I6&I6%I6$I6#I6"I6!I6 I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6I6 I6 I6 I6 I6 I6I6I6I6I6I6I6I6I6I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5I5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5H5~H5}H5|H5{H5zH5yH5xH5wH5vH5uH5tH5sH5rH5qH5pH5oH5nH5mH5lH5kH5jH5iH5hH5gH5fH5eH5dH5cH5bH5aJ7& {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8~K8}K8|K8{K8zK8yK8xK8wK8vK8uK8tK8sK8rK8qK8pK8oK8nK8mK8lK8kK8jK8iK8hK8gK8fK8eK8dK8cK8bK8aJ8`J8_J8^J8]J8\J8[J8ZJ8YJ8XJ8WJ8VJ8UJ8TJ8SJ8RJ8QJ8PJ8OJ8NJ8MJ8LJ8KJ8JJ8IJ8HJ8GJ8FJ8EJ8DJ8CJ8BJ8AJ8@J8?J8>J8=J8<J8;J8:J89J88J87J86J85J84J83J82J81J80J8/J8.J8-J8,J8+J8*J8)J8(J8'J8&J8%J8$J8#J8"J8!J8 J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8 J8 J8 J8 J8 J8J8J8J8J8J8J8J8J8J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7J7~J7}J7|J7{J7zJ7yJ7xJ7wJ7vJ7uJ7tJ7sJ7rJ7qJ7pJ7oJ7nJ7mJ7lJ7kJ7jJ7iJ7hJ7gJ7fJ7eJ7dJ7cJ7bJ7aJ7`J7_J7^J7]J7\J7[J7ZJ7YJ7XJ7WJ7VJ7UJ7TJ7SJ7RJ7QJ7PJ7OJ7NJ7MJ7LJ7KJ7JJ7IJ7HJ7GJ7FJ7EJ7DJ7CJ7BJ7AJ7@J7?J7>J7=J7<J7;J7:J79J78J77J76J75J74J73J72J71J70J7/J7.J7-J7,J7+J7*J7)J7(K8 {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:~L:}L:|L:{L:zL:yL:xL:wL:vL:uL:tL:sL:rL:qL:pL:oL:nL:mL:lL:kL:jL:iL:hL:gL:fL:eL:dL:cL:bL:aL:`L:_L:^L:]L:\L:[L:ZL:YL:XL:WL:VL:UL:TL:SL:RL:QL:PL:OL:NL:ML:LL:KL:JL:IL:HL:GL:FL:EL:DL:CL:BL:AL:@L:?L:>L:=L:<L:;L::L:9L:8L:7L:6L:5L:4L:3L:2L:1L:0L:/L:.L:-L:,L:+L:*L:)L:(L:'L:&L:%L:$L:#L:"L:!L: L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L: L: L: L: L: L:L:L:L:L:L:L:L:L:L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9L9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9~K9}K9|K9{K9zK9yK9xK9wK9vK9uK9tK9sK9rK9qK9pK9oK9nK9mK9lK9kK9jK9iK9hK9gK9fK9eK9dK9cK9bK9aK9`K9_K9^K9]K9\K9[K9ZK9YK9XK9WK9VK9UK9TK9SK9RK9QK9PK9OK9NK9MK9LK9KK9JK9IK9HK9GK9FK9EK9DK9CK9BK9AK9@K9?K9>K9=K9<K9;K9:K99K98K97K96K95K94K93K92K91K90K9/K9.K9-K9,K9+K9*K9)K9(K9'K9&K9%K9$K9#K9"K9!K9 K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9K9 K9 K9 K9 K9 K9K9K9K9K9K9K9K9K9K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8K8L: {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" MM<=M<<M<;M<:M<9M<8M<7M<6M<5M<4M<3M<2M<1M<0MM;=M;<M;;M;:M;9M;8M;7M;6M;5M;4M;3M;2M;1M;0M;/M;.M;-M;,M;+M;*M;)M;(M;'M;&M;%M;$M;#M;"M;!L; L;L;L;L;L;L;L;L;L;L;L;L;L;L;L;L;L;L;L; L; L; L; L; L;L;L;L;L;L;L;L;L;L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:L:M<{ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" O>AO>@O>?O>>O>=O><O>;O>:O>9O>8O>7O>6O>5O>4O>3O>2O>1O>0O>/O>.O>-O>,O>+O>*O>)O>(O>'O>&O>%O>$O>#O>"O>!O> O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O> O> O> O> O> O>O>O>O>O>O>O>O>O>O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=~N=}N=|N={N=zN=yN=xN=wN=vN=uN=tN=sN=rN=qN=pN=oN=nN=mN=lN=kN=jN=iN=hN=gN=fN=eN=dN=cN=bN=aN=`N=_N=^N=]N=\N=[N=ZN=YN=XN=WN=VN=UN=TN=SN=RN=QN=PN=ON=NN=MN=LN=KN=JN=IN=HN=GN=FN=EN=DN=CN=BN=AN=@N=?N=>N==N=<N=;N=:N=9N=8N=7N=6N=5N=4N=3N=2N=1N=0N=/N=.N=-N=,N=+N=*N=)N=(N='N=&N=%N=$N=#N="N=!N= N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N=N= N= N= N= N= N=N=N=N=N=N=N=N=N=N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<N<M<M<M<~M<}O>B {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" P@P@P@P@P@P@P@P@P@P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?P?~P?}P?|P?{P?zP?yP?xP?wP?vP?uP?tP?sP?rP?qP?pP?oP?nP?mP?lP?kP?jP?iP?hP?gP?fP?eP?dP?cP?bP?aP?`P?_P?^P?]P?\P?[P?ZP?YP?XP?WP?VP?UP?TP?SP?RP?QP?PP?OP?NP?MP?LP?KP?JP?IP?HP?GP?FP?EP?DP?CP?BP?AO?@O??O?>O?=O?<O?;O?:O?9O?8O?7O?6O?5O?4O?3O?2O?1O?0O?/O?.O?-O?,O?+O?*O?)O?(O?'O?&O?%O?$O?#O?"O?!O? O?O?O?O?O?O?O?O?O?O?O?O?O?O?O?O?O?O?O? O? O? O? O? O?O?O?O?O?O?O?O?O?O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>O>~O>}O>|O>{O>zO>yO>xO>wO>vO>uO>tO>sO>rO>qO>pO>oO>nO>mO>lO>kO>jO>iO>hO>gO>fO>eO>dO>cO>bO>aO>`O>_O>^O>]O>\O>[O>ZO>YO>XO>WO>VO>UO>TO>SO>RO>QO>PO>OO>NO>MO>LO>KO>JO>IO>HO>GO>FO>EO>DP@ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" QAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQA~QA}QA|QA{QAzQAyQAxQAwQAvQAuQAtQAsQArQAqQApQAoQAnQAmQAlQAkQAjQAiQAhQAgQAfQAeQAdQAcQAbQAaQA`QA_QA^QA]QA\QA[QAZQAYQAXQAWQAVQAUQATQASQARQAQQAPQAOQANQAMQALQAKQAJQAIQAHQAGQAFQAEQADQACQABQAAQA@QA?QA>QA=QA<QA;QA:QA9QA8QA7QA6QA5QA4QA3QA2QA1QA0QA/QA.QA-QA,QA+QA*QA)QA(QA'QA&QA%QA$QA#QA"QA!QA QAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQA QA QA QA QA QAQAQAQAQAQAQAQAQAQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@~P@}P@|P@{P@zP@yP@xP@wP@vP@uP@tP@sP@rP@qP@pP@oP@nP@mP@lP@kP@jP@iP@hP@gP@fP@eP@dP@cP@bP@aP@`P@_P@^P@]P@\P@[P@ZP@YP@XP@WP@VP@UP@TP@SP@RP@QP@PP@OP@NP@MP@LP@KP@JP@IP@HP@GP@FP@EP@DP@CP@BP@AP@@P@?P@>P@=P@<P@;P@:P@9P@8P@7P@6P@5P@4P@3P@2P@1P@0P@/P@.P@-P@,P@+P@*P@)P@(P@'P@&P@%P@$P@#P@"P@!P@ P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@P@ P@ P@ QA {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" SCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSC~SC}SC|SC{SCzSCySCxSCwSCvSCuSCtSCsSCrSCqSCpSCoSCnSCmSClSCkSCjSCiSChSCgSCfSCeSCdSCcSCbSCaRC`RC_RC^RC]RC\RC[RCZRCYRCXRCWRCVRCURCTRCSRCRRCQRCPRCORCNRCMRCLRCKRCJRCIRCHRCGRCFRCERCDRCCRCBRCARC@RC?RC>RC=RC<RC;RC:RC9RC8RC7RC6RC5RC4RC3RC2RC1RC0RC/RC.RC-RC,RC+RC*RC)RC(RC'RC&RC%RC$RC#RC"RC!RC RCRCRCRCRCRCRCRCRCRCRCRCRCRCRCRCRCRCRC RC RC RC RC RCRCRCRCRCRCRCRCRCRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRB~RB}RB|RB{RBzRByRBxRBwRBvRBuRBtRBsRBrRBqRBpRBoRBnRBmRBlRBkRBjRBiRBhRBgRBfRBeRBdRBcRBbRBaRB`RB_RB^RB]RB\RB[RBZRBYRBXRBWRBVRBURBTRBSRBRRBQRBPRBORBNRBMRBLRBKRBJRBIRBHRBGRBFRBERBDRBCRBBRBARB@RB?RB>RB=RB<RB;RB:RB9RB8RB7RB6RB5RB4RB3RB2RB1RB0RB/RB.RB-RB,RB+RB*RB)RB(RB'RB&RB%RB$RB#RB"RB!RB RBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRBRB RB RB RB RB RBRBRBRBRBRBRBRBQBQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQASC {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" TE]TE\TE[TEZTEYTEXTEWTEVTEUTETTESTERTEQTEPTEOTENTEMTELTEKTEJTEITEHTEGTEFTEETEDTECTEBTEATE@TE?TE>TE=TE<TE;TE:TE9TE8TE7TE6TE5TE4TE3TE2TE1TE0TE/TE.TE-TE,TE+TE*TE)TE(TE'TE&TE%TE$TE#TE"TE!TE TETETETETETETETETETETETETETETETETETETE TE TE TE TE TETETETETETETETETETDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDTDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSD~SD}SD|SD{SDzSDySDxSDwSDvSDuSDtSDsSDrSDqSDpSDoSDnSDmSDlSDkSDjSDiSDhSDgSDfSDeSDdSDcSDbSDaSD`SD_SD^SD]SD\SD[SDZSDYSDXSDWSDVSDUSDTSDSSDRSDQSDPSDOSDNSDMSDLSDKSDJSDISDHSDGSDFSDESDDSDCSDBSDASD@SD?SD>SD=SD<SD;SD:SD9SD8SD7SD6SD5SD4SD3SD2SD1SD0SD/SD.SD-SD,SD+SD*SD)SD(SD'SD&SD%SD$SD#SD"SD!SD SDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSDSD SD SD SD SD SDSDSDSDSDSDSDSDSDSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCSCTE^ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" UG$UG#UG"UG!UG UGUGUGUGUGUGUGUGUGUGUGUGUGUGUGUGUGUGUG UG UG UG UG UGUGUGUGUGUGUGUGUGUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUFUF~UF}UF|UF{UFzUFyUFxUFwUFvUFuUFtUFsUFrUFqUFpUFoUFnUFmUFlUFkUFjUFiUFhUFgUFfUFeUFdUFcUFbUFaUF`UF_UF^UF]UF\UF[UFZUFYUFXUFWUFVUFUUFTUFSUFRUFQUFPUFOUFNUFMUFLUFKUFJUFIUFHUFGUFFUFEUFDUFCUFBUFAUF@UF?UF>UF=UF<UF;UF:UF9UF8UF7UF6UF5UF4UF3UF2UF1UF0UF/UF.UF-UF,UF+UF*UF)UF(UF'UF&UF%UF$UF#UF"UF!TF TFTFTFTFTFTFTFTFTFTFTFTFTFTFTFTFTFTFTF TF TF TF TF TFTFTFTFTFTFTFTFTFTETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETETE~TE}TE|TE{TEzTEyTExTEwTEvTEuTEtTEsTErTEqTEpTEoTEnTEmTElTEkTEjTEiTEhTEgTEfTEeTEdTEcTEbTEaTE`UG% {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" WHWHWHWHWHWHWHWHWHWHWHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVH~VH}VH|VH{VHzVHyVHxVHwVHvVHuVHtVHsVHrVHqVHpVHoVHnVHmVHlVHkVHjVHiVHhVHgVHfVHeVHdVHcVHbVHaVH`VH_VH^VH]VH\VH[VHZVHYVHXVHWVHVVHUVHTVHSVHRVHQVHPVHOVHNVHMVHLVHKVHJVHIVHHVHGVHFVHEVHDVHCVHBVHAVH@VH?VH>VH=VH<VH;VH:VH9VH8VH7VH6VH5VH4VH3VH2VH1VH0VH/VH.VH-VH,VH+VH*VH)VH(VH'VH&VH%VH$VH#VH"VH!VH VHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVHVH VH VH VH VH VHVHVHVHVHVHVHVHVHVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGVGUGUGUG~UG}UG|UG{UGzUGyUGxUGwUGvUGuUGtUGsUGrUGqUGpUGoUGnUGmUGlUGkUGjUGiUGhUGgUGfUGeUGdUGcUGbUGaUG`UG_UG^UG]UG\UG[UGZUGYUGXUGWUGVUGUUGTUGSUGRUGQUGPUGOUGNUGMUGLUGKUGJUGIUGHUGGUGFUGEUGDUGCUGBUGAUG@UG?UG>UG=UG<UG;UG:UG9UG8UG7UG6UG5UG4UG3UG2UG1UG0UG/UG.UG-UG,UG+UG*UG)UG(UG'WH {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" XJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJ~XJ}XJ|XJ{XJzXJyXJxXJwXJvXJuXJtXJsXJrXJqXJpXJoXJnXJmXJlXJkXJjXJiXJhXJgXJfXJeXJdXJcXJbXJaXJ`XJ_XJ^XJ]XJ\XJ[XJZXJYXJXXJWXJVXJUXJTXJSXJRXJQXJPXJOXJNXJMXJLXJKXJJXJIXJHXJGXJFXJEXJDXJCXJBXJAWJ@WJ?WJ>WJ=WJ<WJ;WJ:WJ9WJ8WJ7WJ6WJ5WJ4WJ3WJ2WJ1WJ0WJ/WJ.WJ-WJ,WJ+WJ*WJ)WJ(WJ'WJ&WJ%WJ$WJ#WJ"WJ!WJ WJWJWJWJWJWJWJWJWJWJWJWJWJWJWJWJWJWJWJ WJ WJ WJ WJ WJWJWJWJWJWJWJWJWJWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWI~WI}WI|WI{WIzWIyWIxWIwWIvWIuWItWIsWIrWIqWIpWIoWInWImWIlWIkWIjWIiWIhWIgWIfWIeWIdWIcWIbWIaWI`WI_WI^WI]WI\WI[WIZWIYWIXWIWWIVWIUWITWISWIRWIQWIPWIOWINWIMWILWIKWIJWIIWIHWIGWIFWIEWIDWICWIBWIAWI@WI?WI>WI=WI<WI;WI:WI9WI8WI7WI6WI5WI4WI3WI2WI1WI0WI/WI.WI-WI,WI+WI*WI)WI(WI'WI&WI%WI$WI#WI"WI!WI WIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWIWI WI WI WI WI WIWIWIWIWIWIWIWIWIWHWHWHWHWHWHWHWHWHWHWHWHWHWHWHWHWHWHXJ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" YLyYLxYLwYLvYLuYLtYLsYLrYLqYLpYLoYLnYLmYLlYLkYLjYLiYLhYLgYLfYLeYLdYLcYLbYLaYL`YL_YL^YL]YL\YL[YLZYLYYLXYLWYLVYLUYLTYLSYLRYLQYLPYLOYLNYLMYLLYLKYLJYLIYLHYLGYLFYLEYLDYLCYLBYLAYL@YL?YL>YL=YL<YL;YL:YL9YL8YL7YL6YL5YL4YL3YL2YL1YL0YL/YL.YL-YL,YL+YL*YL)YL(YL'YL&YL%YL$YL#YL"YL!YL YLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYL YL YL YL YL YLYLYLYLYLYLYLYLYLYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKYKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXK~XK}XK|XK{XKzXKyXKxXKwXKvXKuXKtXKsXKrXKqXKpXKoXKnXKmXKlXKkXKjXKiXKhXKgXKfXKeXKdXKcXKbXKaXK`XK_XK^XK]XK\XK[XKZXKYXKXXKWXKVXKUXKTXKSXKRXKQXKPXKOXKNXKMXKLXKKXKJXKIXKHXKGXKFXKEXKDXKCXKBXKAXK@XK?XK>XK=XK<XK;XK:XK9XK8XK7XK6XK5XK4XK3XK2XK1XK0XK/XK.XK-XK,XK+XK*XK)XK(XK'XK&XK%XK$XK#XK"XK!XK XKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXKXK XK XK XK XK XKXKXKXKXKXKXKXKXKXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJXJYLz {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ZN@ZN?ZN>ZN=ZN<ZN;ZN:ZN9ZN8ZN7ZN6ZN5ZN4ZN3ZN2ZN1ZN0ZN/ZN.ZN-ZN,ZN+ZN*ZN)ZN(ZN'ZN&ZN%ZN$ZN#ZN"ZN!ZN ZNZNZNZNZNZNZNZNZNZNZNZNZNZNZNZNZNZNZN ZN ZN ZN ZN ZNZNZNZNZNZNZNZNZNZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZM~ZM}ZM|ZM{ZMzZMyZMxZMwZMvZMuZMtZMsZMrZMqZMpZMoZMnZMmZMlZMkZMjZMiZMhZMgZMfZMeZMdZMcZMbZMaZM`ZM_ZM^ZM]ZM\ZM[ZMZZMYZMXZMWZMVZMUZMTZMSZMRZMQZMPZMOZMNZMMZMLZMKZMJZMIZMHZMGZMFZMEZMDZMCZMBZMAZM@ZM?ZM>ZM=ZM<ZM;ZM:ZM9ZM8ZM7ZM6ZM5ZM4ZM3ZM2ZM1ZM0ZM/ZM.ZM-ZM,ZM+ZM*ZM)ZM(ZM'ZM&ZM%ZM$ZM#ZM"ZM!ZM ZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZMZM ZM ZM ZM ZM ZMZMZMZMZMZMZMZMYMYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYLYL~YL}YL|ZNA {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" \P\P\P\P\P\P\P\P\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O~[O}[O|[O{[Oz[Oy[Ox[Ow[Ov[Ou[Ot[Os[Or[Oq[Op[Oo[On[Om[Ol[Ok[Oj[Oi[Oh[Og[Of[Oe[Od[Oc[Ob[Oa[O`[O_[O^[O][O\[O[[OZ[OY[OX[OW[OV[OU[OT[OS[OR[OQ[OP[OO[ON[OM[OL[OK[OJ[OI[OH[OG[OF[OE[OD[OC[OB[OA[O@[O?[O>[O=[O<[O;[O:[O9[O8[O7[O6[O5[O4[O3[O2[O1[O0[O/[O.[O-[O,[O+[O*[O)[O([O'[O&[O%[O$[O#[O"[O![O [O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O[O [O [O [O [O [O[O[O[O[O[O[O[O[O[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N[N~[N}[N|[N{[Nz[Ny[Nx[Nw[Nv[Nu[Nt[Ns[Nr[Nq[Np[No[Nn[Nm[Nl[Nk[Nj[Ni[Nh[Ng[Nf[Ne[Nd[Nc[Nb[NaZN`ZN_ZN^ZN]ZN\ZN[ZNZZNYZNXZNWZNVZNUZNTZNSZNRZNQZNPZNOZNNZNMZNLZNKZNJZNIZNHZNGZNFZNEZNDZNC\P {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q~]Q}]Q|]Q{]Qz]Qy]Qx]Qw]Qv]Qu]Qt]Qs]Qr]Qq]Qp]Qo]Qn]Qm]Ql]Qk]Qj]Qi]Qh]Qg]Qf]Qe]Qd]Qc]Qb]Qa]Q`]Q_]Q^]Q]]Q\]Q[]QZ]QY]QX]QW]QV]QU]QT]QS]QR]QQ]QP]QO]QN]QM]QL]QK]QJ]QI]QH]QG]QF]QE]QD]QC]QB]QA]Q@]Q?]Q>]Q=]Q<]Q;]Q:]Q9]Q8]Q7]Q6]Q5]Q4]Q3]Q2]Q1]Q0]Q/]Q.]Q-]Q,]Q+]Q*]Q)]Q(]Q']Q&]Q%]Q$]Q#]Q"]Q!\Q \Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q\Q \Q \Q \Q \Q \Q\Q\Q\Q\Q\Q\Q\Q\Q\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P~\P}\P|\P{\Pz\Py\Px\Pw\Pv\Pu\Pt\Ps\Pr\Pq\Pp\Po\Pn\Pm\Pl\Pk\Pj\Pi\Ph\Pg\Pf\Pe\Pd\Pc\Pb\Pa\P`\P_\P^\P]\P\\P[\PZ\PY\PX\PW\PV\PU\PT\PS\PR\PQ\PP\PO\PN\PM\PL\PK\PJ\PI\PH\PG\PF\PE\PD\PC\PB\PA\P@\P?\P>\P=\P<\P;\P:\P9\P8\P7\P6\P5\P4\P3\P2\P1\P0\P/\P.\P-\P,\P+\P*\P)\P(\P'\P&\P%\P$\P#\P"\P!\P \P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P\P \P \P \P ]Q {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S~^S}^S|^S{^Sz^Sy^Sx^Sw^Sv^Su^St^Ss^Sr^Sq^Sp^So^Sn^Sm^Sl^Sk^Sj^Si^Sh^Sg^Sf^Se^Sd^Sc^Sb^Sa^S`^S_^S^^S]^S\^S[^SZ^SY^SX^SW^SV^SU^ST^SS^SR^SQ^SP^SO^SN^SM^SL^SK^SJ^SI^SH^SG^SF^SE^SD^SC^SB^SA^S@^S?^S>^S=^S<^S;^S:^S9^S8^S7^S6^S5^S4^S3^S2^S1^S0^S/^S.^S-^S,^S+^S*^S)^S(^S'^S&^S%^S$^S#^S"^S!^S ^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S ^S ^S ^S ^S ^S^S^S^S^S^S^S^S^S^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R^R]R]R]R~]R}]R|]R{]Rz]Ry]Rx]Rw]Rv]Ru]Rt]Rs]Rr]Rq]Rp]Ro]Rn]Rm]Rl]Rk]Rj]Ri]Rh]Rg]Rf]Re]Rd]Rc]Rb]Ra]R`]R_]R^]R]]R\]R[]RZ]RY]RX]RW]RV]RU]RT]RS]RR]RQ]RP]RO]RN]RM]RL]RK]RJ]RI]RH]RG]RF]RE]RD]RC]RB]RA]R@]R?]R>]R=]R<]R;]R:]R9]R8]R7]R6]R5]R4]R3]R2]R1]R0]R/]R.]R-]R,]R+]R*]R)]R(]R']R&]R%]R$]R#]R"]R!]R ]R]R]R]R]R]R]R]R]R]R]R]R]R]R]R]R]R]R]R ]R ]R ]R ]R ]R]R]R]R]R]R]R]R]R]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q]Q^S {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" `U\`U[`UZ`UY`UX`UW`UV`UU`UT`US`UR`UQ`UP`UO`UN`UM`UL`UK`UJ`UI`UH`UG`UF`UE`UD`UC`UB`UA_U@_U?_U>_U=_U<_U;_U:_U9_U8_U7_U6_U5_U4_U3_U2_U1_U0_U/_U._U-_U,_U+_U*_U)_U(_U'_U&_U%_U$_U#_U"_U!_U _U_U_U_U_U_U_U_U_U_U_U_U_U_U_U_U_U_U_U _U _U _U _U _U_U_U_U_U_U_U_U_U_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T~_T}_T|_T{_Tz_Ty_Tx_Tw_Tv_Tu_Tt_Ts_Tr_Tq_Tp_To_Tn_Tm_Tl_Tk_Tj_Ti_Th_Tg_Tf_Te_Td_Tc_Tb_Ta_T`_T__T^_T]_T\_T[_TZ_TY_TX_TW_TV_TU_TT_TS_TR_TQ_TP_TO_TN_TM_TL_TK_TJ_TI_TH_TG_TF_TE_TD_TC_TB_TA_T@_T?_T>_T=_T<_T;_T:_T9_T8_T7_T6_T5_T4_T3_T2_T1_T0_T/_T._T-_T,_T+_T*_T)_T(_T'_T&_T%_T$_T#_T"_T!_T _T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T_T _T _T _T _T _T_T_T_T_T_T_T_T_T_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S_S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S^S`U] {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" aW#aW"aW!aW aWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaW aW aW aW aW aWaWaWaWaWaWaWaWaWaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaVaV`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V~`V}`V|`V{`Vz`Vy`Vx`Vw`Vv`Vu`Vt`Vs`Vr`Vq`Vp`Vo`Vn`Vm`Vl`Vk`Vj`Vi`Vh`Vg`Vf`Ve`Vd`Vc`Vb`Va`V``V_`V^`V]`V\`V[`VZ`VY`VX`VW`VV`VU`VT`VS`VR`VQ`VP`VO`VN`VM`VL`VK`VJ`VI`VH`VG`VF`VE`VD`VC`VB`VA`V@`V?`V>`V=`V<`V;`V:`V9`V8`V7`V6`V5`V4`V3`V2`V1`V0`V/`V.`V-`V,`V+`V*`V)`V(`V'`V&`V%`V$`V#`V"`V!`V `V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V`V `V `V `V `V `V`V`V`V`V`V`V`V`V`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U`U~`U}`U|`U{`Uz`Uy`Ux`Uw`Uv`Uu`Ut`Us`Ur`Uq`Up`Uo`Un`Um`Ul`Uk`Uj`Ui`Uh`Ug`Uf`Ue`Ud`Uc`Ub`Ua`U``U_aW$ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" bXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbX~bX}bX|bX{bXzbXybXxbXwbXvbXubXtbXsbXrbXqbXpbXobXnbXmbXlbXkbXjbXibXhbXgbXfbXebXdbXcbXbbXabX`bX_bX^bX]bX\bX[bXZbXYbXXbXWbXVbXUbXTbXSbXRbXQbXPbXObXNbXMbXLbXKbXJbXIbXHbXGbXFbXEbXDbXCbXBbXAbX@bX?bX>bX=bX<bX;bX:bX9bX8bX7bX6bX5bX4bX3bX2bX1bX0bX/bX.bX-bX,bX+bX*bX)bX(bX'bX&bX%bX$bX#bX"bX!bX bXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbX bX bX bX bX bXbXbXbXbXbXbXbXaXaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaWaW~aW}aW|aW{aWzaWyaWxaWwaWvaWuaWtaWsaWraWqaWpaWoaWnaWmaWlaWkaWjaWiaWhaWgaWfaWeaWdaWcaWbaWaaW`aW_aW^aW]aW\aW[aWZaWYaWXaWWaWVaWUaWTaWSaWRaWQaWPaWOaWNaWMaWLaWKaWJaWIaWHaWGaWFaWEaWDaWCaWBaWAaW@aW?aW>aW=aW<aW;aW:aW9aW8aW7aW6aW5aW4aW3aW2aW1aW0aW/aW.aW-aW,aW+aW*aW)aW(aW'aW&bX {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" cZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZ~cZ}cZ|cZ{cZzcZycZxcZwcZvcZucZtcZscZrcZqcZpcZocZncZmcZlcZkcZjcZicZhcZgcZfcZecZdcZccZbcZacZ`cZ_cZ^cZ]cZ\cZ[cZZcZYcZXcZWcZVcZUcZTcZScZRcZQcZPcZOcZNcZMcZLcZKcZJcZIcZHcZGcZFcZEcZDcZCcZBcZAcZ@cZ?cZ>cZ=cZ<cZ;cZ:cZ9cZ8cZ7cZ6cZ5cZ4cZ3cZ2cZ1cZ0cZ/cZ.cZ-cZ,cZ+cZ*cZ)cZ(cZ'cZ&cZ%cZ$cZ#cZ"cZ!cZ cZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZcZ cZ cZ cZ cZ cZcZcZcZcZcZcZcZcZcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcYcY~cY}cY|cY{cYzcYycYxcYwcYvcYucYtcYscYrcYqcYpcYocYncYmcYlcYkcYjcYicYhcYgcYfcYecYdcYccYbcYabY`bY_bY^bY]bY\bY[bYZbYYbYXbYWbYVbYUbYTbYSbYRbYQbYPbYObYNbYMbYLbYKbYJbYIbYHbYGbYFbYEbYDbYCbYBbYAbY@bY?bY>bY=bY<bY;bY:bY9bY8bY7bY6bY5bY4bY3bY2bY1bY0bY/bY.bY-bY,bY+bY*bY)bY(bY'bY&bY%bY$bY#bY"bY!bY bYbYbYbYbYbYbYbYbYbYbYbYbYbYbYbYbYbYbY bY bY bY bY bYbYbYbYbYbYbYbYbYbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXbXcZ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" e\xe\we\ve\ue\te\se\re\qe\pe\oe\ne\me\le\ke\je\ie\he\ge\fe\ee\de\ce\be\ae\`e\_e\^e\]e\\e\[e\Ze\Ye\Xe\We\Ve\Ue\Te\Se\Re\Qe\Pe\Oe\Ne\Me\Le\Ke\Je\Ie\He\Ge\Fe\Ee\De\Ce\Be\Ae\@e\?e\>e\=e\<e\;e\:e\9e\8e\7e\6e\5e\4e\3e\2e\1e\0e\/e\.e\-e\,e\+e\*e\)e\(e\'e\&e\%e\$e\#e\"e\!d\ d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\ d\ d\ d\ d\ d\d\d\d\d\d\d\d\d\d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[~d[}d[|d[{d[zd[yd[xd[wd[vd[ud[td[sd[rd[qd[pd[od[nd[md[ld[kd[jd[id[hd[gd[fd[ed[dd[cd[bd[ad[`d[_d[^d[]d[\d[[d[Zd[Yd[Xd[Wd[Vd[Ud[Td[Sd[Rd[Qd[Pd[Od[Nd[Md[Ld[Kd[Jd[Id[Hd[Gd[Fd[Ed[Dd[Cd[Bd[Ad[@d[?d[>d[=d[<d[;d[:d[9d[8d[7d[6d[5d[4d[3d[2d[1d[0d[/d[.d[-d[,d[+d[*d[)d[(d['d[&d[%d[$d[#d["d[!d[ d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[d[ d[ d[ d[ d[ d[d[d[d[d[d[d[d[d[dZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZcZcZcZcZcZcZcZcZcZcZcZcZcZe\y {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" f^?f^>f^=f^<f^;f^:f^9f^8f^7f^6f^5f^4f^3f^2f^1f^0f^/f^.f^-f^,f^+f^*f^)f^(f^'f^&f^%f^$f^#f^"f^!f^ f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^ f^ f^ f^ f^ f^f^f^f^f^f^f^f^f^f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]f]e]e]e]~e]}e]|e]{e]ze]ye]xe]we]ve]ue]te]se]re]qe]pe]oe]ne]me]le]ke]je]ie]he]ge]fe]ee]de]ce]be]ae]`e]_e]^e]]e]\e][e]Ze]Ye]Xe]We]Ve]Ue]Te]Se]Re]Qe]Pe]Oe]Ne]Me]Le]Ke]Je]Ie]He]Ge]Fe]Ee]De]Ce]Be]Ae]@e]?e]>e]=e]<e];e]:e]9e]8e]7e]6e]5e]4e]3e]2e]1e]0e]/e].e]-e],e]+e]*e])e](e]'e]&e]%e]$e]#e]"e]!e] e]e]e]e]e]e]e]e]e]e]e]e]e]e]e]e]e]e]e] e] e] e] e] e]e]e]e]e]e]e]e]e]e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\e\~e\}e\|e\{f^@ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" g`g`g`g`g`g`g`g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_~g_}g_|g_{g_zg_yg_xg_wg_vg_ug_tg_sg_rg_qg_pg_og_ng_mg_lg_kg_jg_ig_hg_gg_fg_eg_dg_cg_bg_ag_`g__g_^g_]g_\g_[g_Zg_Yg_Xg_Wg_Vg_Ug_Tg_Sg_Rg_Qg_Pg_Og_Ng_Mg_Lg_Kg_Jg_Ig_Hg_Gg_Fg_Eg_Dg_Cg_Bg_Ag_@g_?g_>g_=g_<g_;g_:g_9g_8g_7g_6g_5g_4g_3g_2g_1g_0g_/g_.g_-g_,g_+g_*g_)g_(g_'g_&g_%g_$g_#g_"g_!g_ g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_g_ g_ g_ g_ g_ g_g_g_g_g_g_g_g_g_g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^g^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^f^~f^}f^|f^{f^zf^yf^xf^wf^vf^uf^tf^sf^rf^qf^pf^of^nf^mf^lf^kf^jf^if^hf^gf^ff^ef^df^cf^bf^af^`f^_f^^f^]f^\f^[f^Zf^Yf^Xf^Wf^Vf^Uf^Tf^Sf^Rf^Qf^Pf^Of^Nf^Mf^Lf^Kf^Jf^If^Hf^Gf^Ff^Ef^Df^Cf^Bg` {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" iaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha~ha}ha|ha{hazhayhaxhawhavhauhathasharhaqhaphaohanhamhalhakhajhaihahhaghafhaehadhachabhaaha`ha_ha^ha]ha\ha[haZhaYhaXhaWhaVhaUhaThaShaRhaQhaPhaOhaNhaMhaLhaKhaJhaIhaHhaGhaFhaEhaDhaChaBhaAha@ha?ha>ha=ha<ha;ha:ha9ha8ha7ha6ha5ha4ha3ha2ha1ha0ha/ha.ha-ha,ha+ha*ha)ha(ha'ha&ha%ha$ha#ha"ha!ha hahahahahahahahahahahahahahahahahahaha ha ha ha ha hahahahahahahahahah`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`h`~h`}h`|h`{h`zh`yh`xh`wh`vh`uh`th`sh`rh`qh`ph`oh`nh`mh`lh`kh`jh`ih`hh`gh`fh`eh`dh`ch`bh`ah``h`_h`^h`]h`\h`[h`Zh`Yh`Xh`Wh`Vh`Uh`Th`Sh`Rh`Qh`Ph`Oh`Nh`Mh`Lh`Kh`Jh`Ih`Hh`Gh`Fh`Eh`Dh`Ch`Bh`Ag`@g`?g`>g`=g`<g`;g`:g`9g`8g`7g`6g`5g`4g`3g`2g`1g`0g`/g`.g`-g`,g`+g`*g`)g`(g`'g`&g`%g`$g`#g`"g`!g` g`g`g`g`g`g`g`g`g`g`g`g`g`g`g`g`g`g`g` g` g` g` g` ia {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" jcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjc~jc}jc|jc{jczjcyjcxjcwjcvjcujctjcsjcrjcqjcpjcojcnjcmjcljckjcjjcijchjcgjcfjcejcdjccjcbjcajc`jc_jc^jc]jc\jc[jcZjcYjcXjcWjcVjcUjcTjcSjcRjcQjcPjcOjcNjcMjcLjcKjcJjcIjcHjcGjcFjcEjcDjcCjcBjcAjc@jc?jc>jc=jc<jc;jc:jc9jc8jc7jc6jc5jc4jc3jc2jc1jc0jc/jc.jc-jc,jc+jc*jc)jc(jc'jc&jc%jc$jc#jc"jc!jc jcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjc jc jc jc jc jcjcjcjcjcjcjcjcicibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibibib~ib}ib|ib{ibzibyibxibwibvibuibtibsibribqibpiboibnibmiblibkibjibiibhibgibfibeibdibcibbibaib`ib_ib^ib]ib\ib[ibZibYibXibWibVibUibTibSibRibQibPibOibNibMibLibKibJibIibHibGibFibEibDibCibBibAib@ib?ib>ib=ib<ib;ib:ib9ib8ib7ib6ib5ib4ib3ib2ib1ib0ib/ib.ib-ib,ib+ib*ib)ib(ib'ib&ib%ib$ib#ib"ib!ib ibibibibibibibibibibibibibibibibibibib ib ib ib ib ibibibibibibibibibiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiaiajc {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ke[keZkeYkeXkeWkeVkeUkeTkeSkeRkeQkePkeOkeNkeMkeLkeKkeJkeIkeHkeGkeFkeEkeDkeCkeBkeAke@ke?ke>ke=ke<ke;ke:ke9ke8ke7ke6ke5ke4ke3ke2ke1ke0ke/ke.ke-ke,ke+ke*ke)ke(ke'ke&ke%ke$ke#ke"ke!ke kekekekekekekekekekekekekekekekekekeke ke ke ke ke kekekekekekekekekekdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkdkd~kd}kd|kd{kdzkdykdxkdwkdvkdukdtkdskdrkdqkdpkdokdnkdmkdlkdkkdjkdikdhkdgkdfkdekddkdckdbkdajd`jd_jd^jd]jd\jd[jdZjdYjdXjdWjdVjdUjdTjdSjdRjdQjdPjdOjdNjdMjdLjdKjdJjdIjdHjdGjdFjdEjdDjdCjdBjdAjd@jd?jd>jd=jd<jd;jd:jd9jd8jd7jd6jd5jd4jd3jd2jd1jd0jd/jd.jd-jd,jd+jd*jd)jd(jd'jd&jd%jd$jd#jd"jd!jd jdjdjdjdjdjdjdjdjdjdjdjdjdjdjdjdjdjdjd jd jd jd jd jdjdjdjdjdjdjdjdjdjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcjcke\ {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" mg"mg!lg lglglglglglglglglglglglglglglglglglglg lg lg lg lg lglglglglglglglglglflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflf~lf}lf|lf{lfzlfylfxlfwlfvlfulftlfslfrlfqlfplfolfnlfmlfllfklfjlfilfhlfglfflfelfdlfclfblfalf`lf_lf^lf]lf\lf[lfZlfYlfXlfWlfVlfUlfTlfSlfRlfQlfPlfOlfNlfMlfLlfKlfJlfIlfHlfGlfFlfElfDlfClfBlfAlf@lf?lf>lf=lf<lf;lf:lf9lf8lf7lf6lf5lf4lf3lf2lf1lf0lf/lf.lf-lf,lf+lf*lf)lf(lf'lf&lf%lf$lf#lf"lf!lf lflflflflflflflflflflflflflflflflflflf lf lf lf lf lflflflflflflflflflelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelelekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekekeke~ke}ke|ke{kezkeykexkewkevkeuketkeskerkeqkepkeokenkemkelkekkejkeikehkegkefkeekedkeckebkeake`ke_ke^mg# {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" nhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhmhmhmh~mh}mh|mh{mhzmhymhxmhwmhvmhumhtmhsmhrmhqmhpmhomhnmhmmhlmhkmhjmhimhhmhgmhfmhemhdmhcmhbmhamh`mh_mh^mh]mh\mh[mhZmhYmhXmhWmhVmhUmhTmhSmhRmhQmhPmhOmhNmhMmhLmhKmhJmhImhHmhGmhFmhEmhDmhCmhBmhAmh@mh?mh>mh=mh<mh;mh:mh9mh8mh7mh6mh5mh4mh3mh2mh1mh0mh/mh.mh-mh,mh+mh*mh)mh(mh'mh&mh%mh$mh#mh"mh!mh mhmhmhmhmhmhmhmhmhmhmhmhmhmhmhmhmhmhmh mh mh mh mh mhmhmhmhmhmhmhmhmhmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmgmg~mg}mg|mg{mgzmgymgxmgwmgvmgumgtmgsmgrmgqmgpmgomgnmgmmglmgkmgjmgimghmggmgfmgemgdmgcmgbmgamg`mg_mg^mg]mg\mg[mgZmgYmgXmgWmgVmgUmgTmgSmgRmgQmgPmgOmgNmgMmgLmgKmgJmgImgHmgGmgFmgEmgDmgCmgBmgAmg@mg?mg>mg=mg<mg;mg:mg9mg8mg7mg6mg5mg4mg3mg2mg1mg0mg/mg.mg-mg,mg+mg*mg)mg(mg'mg&mg%nh {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %     } v o h a Z S L E > 7 0 ) "    z s l e ^ W P I B ; 4 - &     ~ w p i b [ T M F ? 8 1 * #     {tmf_XQJC<5.'  xqjc\UNG@92+$|ung`YRKD=6/(! yrkd]VOHA:3,% }vohaZSLE>70)" ojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojoj~oj}oj|oj{ojzojyojxojwojvojuojtojsojrojqojpojoojnojmojlojkojjojiojhojgojfojeojdojcojbojaoj`oj_oj^oj]oj\oj[ojZojYojXojWojVojUojTojSojRojQojPojOojNojMojLojKojJojIojHojGojFojEojDojCojBojAoj@oj?oj>oj=oj<oj;oj:oj9oj8oj7oj6oj5oj4oj3oj2oj1oj0oj/oj.oj-oj,oj+oj*oj)oj(oj'oj&oj%oj$oj#oj"oj!oj ojojojojojojojojojojojojojojojojojojoj oj oj oj oj ojojojojojojojojojoioioioioioioioioioioioioioioioioioioioioioioioioioioioioioioininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininininini~ni}ni|ni{nizniynixniwnivniunitnisnirniqnipnioninnimnilniknijniinihnignifnienidnicnibniani`ni_ni^ni]ni\ni[niZniYniXniWniVniUniTniSniRniQniPniOniNniMniLniKniJniIniHniGniFniEniDniCniBniAni@ni?ni>ni=ni<ni;ni:ni9ni8ni7ni6ni5ni4ni3ni2ni1ni0ni/ni.ni-ni,ni+ni*ni)ni(ni'ni&ni%ni$ni#ni"ni!ni ninininininininininininininininininini ni ni ni ni ninininininininininhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnhnh {tmf_XQJC<5.'  xqjc\UNG@92+$ | u n g ` Y R K D = 6 / ( !    y r k d ] V O H A : 3 , %  ok@ok?ok>ok=ok<ok;ok:ok9ok8ok7ok6ok5ok4ok3ok2ok1ok0ok/ok.ok-ok,ok+ok*ok)ok(ok'ok&ok%ok$ok#ok"ok!ok okokokokokokokokokokokokokokokokokokok ok ok ok ok okokokokokokokokokojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojojoj+*E 809d4519c458a39ce142de41a8cf40b7a04e173565118f0374e148b58ac1e170/ 7t.\ D r , Z  B p *X@n(V?m'U=E 78bd2c094f358a6ed4d11df01fff665c31ccff7ad8d9e34e6cec414b9a54a6fdE 75ef01d0600fd0375b442af468061fc9a94b99483605a3cb1caab07ef9d13983E 757594908ca13c9a88661e7edd113c70966c41c3796eac8cd8e8c0590e6eac94E 740a7e3fa48555366e0e3226f80421f9f8f295db531b0e20b408284ca06636d1@E 717d0b305c3d478abba476dc352075741a5611259fbf0246d1d54b65482b2607$E 717112d6c0f8c9ef967da96993b76834e856929b63b2b3665c29b3898afa0cddl&T<E fb5d3ef4b7594f236de6bd1248841e5d9e4111bd2eff9ba1beb8e8636a7887d4YE f3ccf5e2ad3eb98e3d75c92403014b2f0759112791daad8a5b5396870b315eeaE f3bb1dd637ee89101ec8f498f0bdc094abffd615a3192740ba017843163f909c2E f1bcc226c49b98b890d65ea33d4c10ddf316c95df1ac0074de48c203cb8e6338EE efd487fae15b37c821170806f3f9dd0e24397d52ee25acfe35b2369853520544E efca3540cb63f22e41b172f6ee078b00b536695d758fd342fefe6325d06651d6OE eccf6c8192bc0e1160858b34696397680cd773a4aa1fbe1cbf9d0106d0b01cd68E eb2a63094ee8d1fdba3957a7e49704a512c8f684695db02ff9f0f64f9f4e6ae0>E e9190571c3cd9c9241312944c55e327534195f3cd14027633ad474f94afea7845E e82b245a9937eabb303623c83fb675d85eb7179d706728b3e31886e674a0112elE e748778eaa7ab72421ec882d2819e33509af85df5a0c995ca8042f0193385b99TE e5d458a634713ceb532b03a4c9ee32d891edd5020ecc7d65b81f73308e629115NE e2e7a1ffc9dd8e58f832370fa31a8ec72bd4ec8f9223b8a20b07cdf7f21e8961?E e04b1514cba2a26270f5e89956e06b3a22850be6535463fe91150195828410b6'E dee5f3eae85b5944b301778386e2fbe0022954fe59f6d68ac696d3236836f479QE dccc65ff766526e726d8ee5acd27dffa268d057a29896668c9a28f88a548f669]E dc94d448cad5a4d1623b21490081762ff53af4823424bf55a4abb75e0acd7ca1 E db3532de23f191b4e6b52dff7e0602d94d91b8fb7d413dd1ba7a116fcd7392a7E d8895cef6bf9dea9758a764448c0ce2fb2000c416c356ebf66c34a81ef1fccb0kE d7b71772b1fe931347b89f665675475aa17b180ede6c75af7eda4ac0e318bb280E d5f4f85c655ad4984e0f8d9ae27dcdf335e47079c7fcd66f79c1e3032e5ad636fE d4d0cd2e254d8ab4b0d4657d702e3a6c72cd8e4457be2b50ee1d8a3dc72b2b72 E ce3d42d23af6c283d1a4b7a2d97d1feea91245fd07e39ed063b5cddbecaab570KE cd9d227af93112c73ffe5d567970249649cc946a831c51b327f7382c7875e33b E c815fe5f763224655725056bac4a1e37bc961f2e2cf420a3745a62f28746e36fE c71ae478811e0b3a8c749844695a2aab8d9572aae36e5b6347ca77386fd4ff959E b74b48458524d5989509fe130fe7459ed47c62847e6d7eeb1d93e18cbe371c20E b3195e1bf47b7862d97fd3377e3013a649ef9dcbbdff0479e3cd58ec250f1becjE af37b3009bf358bca5ecb60c37f537660d4f867ba19772731d9eda894199f1daE adf81dea018edb8bc35e16f0b5e4ce469cf479129014f8e6b249074ba0ac8579;E ac8651197a99be643fde4df3ce94688efd4b4f95c9f3c1cfe778304f25fb1f54E ac86108689a14f94909cb2da45342c1f8f172ae61b973be2bb4a6366eabfd162FE aa86559a2f79878ec1918d33d7746083c999ae2571d1c48ce8a31caffd534601!E aa0100eff4eaf086b38c290c0b4d765e573505225bd0ec94eaeef642b5d7d7ec%E a9e25497e45b6f0f1f4c131c05b245868bc2e82752dc47f574d9faf549d05b9eaE a88854e47822fe1f69171e8746ffbc0d761c939cddf4c96e004142c099a9daf2 E a57646363d1fa2d853196c89a0deb315efdd4423caf6a101cc18bef5e3de6cbeE a53575652582e1a68103e5a4cc4a0e72f1ac8c8f3bddd17d3d74432aa3613d40HE a28601eb0dcd250f4ea8eb1f00e3a8ce728e03821eb4c98dd79e911f545f99d4-E a246d0fabf20a0fa170d16b54702f4b512a922c50290159333f144f9f7a66699mE a1606a782fcc2ef110e682a3446e8346dea6a48fb858f7e6c5e1fb5de3773fbaoE a0e220d3d59d5fa85958f7a6f174fdcd90e8c2d4a49794b35b414178e6b6a88bE 9c00d5d7c081f82946a12ac97e64e57a60c5d37c840bec91609006dcefb0dd99=E 9b7b05818fb4820994a0ff2c38be22836b840421dacf0316a488944b27d6bcd2nE 9821bb53f2920ad79668d130ba6a0961b7abf3580122d1baec635df9110d6e68`E 97849cb3cf25dd9315d68946b054e5a9232e82be7e3741383459158d3395030eE 9764cadd0c7e3de6ef43b21bd7c3101b2f55ed9e8f77bb1a9535c0b53ab419b1GE 96f9d44c53075d914c789feed50ed0f1697808a3664ec22beb01e57d5800ca33,E 96c64b936c0632ebcbd15304d5aa7d3c833afc73e11d33d6dbe932ca290b0039E 94a986b4f8d26c588aaf3d6539280e92925830414ae10ca2cbad271d93c37abb.E 93ef1fe77da95c51e91c23cc9e1db9b29bf17db12f99fbad0e0b95b162dc9f41E 913abf590d4ad0c7739901adf073652c4a400fc59ca2ea55276347fd13356ffd^E 90447e30b11ae3fcc64f175d6ef3b1e0370fb7c390c5f4e13b23710ec6c4751aE 8aa233b599fd36d05fe7d27eca3ddab045980b7598dc387a5136a8c277a64612\E 86f88e4acc520470367f59f7ea89902aed45e411e69d3e10f1bbb080abbb50b0