aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen
Commit message (Collapse)AuthorAgeFilesLines
* main/xen: security upgrade to 4.2.5 and patches2.5-stableNatanael Copa2014-10-237-957/+151
| | | | | | | | | | | | | | | | | | | | The 4.2.5 release fixes: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests In addition we add patches for: CVE-2014-7154 / XSA-104 Race condition in HVMOP_track_dirty_vram CVE-2014-7155 / XSA-105 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation CVE-2014-7156 / XSA-106 Missing privilege level checks in x86 emulation of software interrupts CVE-2014-7188 / XSA-108 Improper MSR range used for x2APIC emulation fixes #3412 fixes #3457
* main/xen: upgrade to 4.2.4 and fix XSA-97 (CVE-2014-5146,CVE-2014-5149)Natanael Copa2014-08-2619-5926/+958
| | | | fixes #3291
* main/xen: security fix for CVE-2013-4329/XSA-61Natanael Copa2013-12-032-1/+47
| | | | fixes #2423
* main/xen: security fix for XSA-75Natanael Copa2013-11-122-1/+56
| | | | | ref #2298 fixes #2323
* main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432)Natanael Copa2013-07-013-1/+1267
| | | | | | | | | | ref #2123 fixes #2125 (cherry picked from commit 448e4822bbf8a2b4aa8b8f8d8153a2a0b4e0efda) Conflicts: main/xen/APKBUILD
* main/xen: fix xsa57 (CVE-2013-2211)Natanael Copa2013-06-262-1/+336
| | | | | | | | | | ref #2117 fixes #2119 (cherry picked from commit 932f289cf129abc7a42e3160b4e30b2e720d0633) Conflicts: main/xen/APKBUILD
* main/xen: security fix (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196)Natanael Copa2013-06-262-1/+3434
| | | | | | | | | ref #2108 fixes #2110 (cherry picked from commit f78e9dea47b7c130cb417d9826c984d8664f01ec) Conflicts: main/xen/APKBUILD
* main/xen: security fixes (CVE-2013-2076,CVE-2013-2077,CVE-2013-2078)Natanael Copa2013-06-054-63/+138
| | | | | | | | | | | | | ref #2044 ref #2049 ref #2054 fixes #2046 fixes #2051 fixes #2056 (cherry picked from commit f6e99451d47fbe7cdb852f48dd11006808db52ae) Conflicts: main/xen/APKBUILD
* main/xen: security fix (CVE-2013-2072)Natanael Copa2013-05-212-1/+55
| | | | | ref #1900 fixes #1902
* main/xen: add perl as depNatanael Copa2013-05-211-2/+2
| | | | | | | | | | Currently it will not start domU at all unless perl is there. There are only few lines of perl that probably easily could be ported to C or Lua or something, but until that happens we need perl :-( fixes #1524 (cherry picked from commit 0b857e9db3ddab86ea859bf9570982d7c1b6a38e)
* main/xen: misc fixes for xendomains init.d scriptNatanael Copa2013-05-212-7/+10
| | | | | | - we need create the parent dirs for SCREENDIR - sync the need/after deps with gentoo (cherry picked from commit d432e270eaa3c2ab8d7af432e3b7dfdb088bf268)
* main/xen: sleep a bit when starting up xen domainsNatanael Copa2013-05-213-7/+24
| | | | | fixes #1850 (cherry picked from commit ef80eb1f042d2bfe8d0588e6d248b42cb1b33552)
* main/xen: security fixes ↵Roger Pau Monne2013-05-216-1/+638
| | | | | | | | | | | (CVE-2013-1917,CVE-2013-1919,CVE-2013-1920,CVE-2013-1922) CVE-2013-1917 / XSA-44 CVE-2013-1919 / XSA-46 CVE-2013-1920 / XSA-47 CVE-2013-1922 / XSA-48 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
* xen: XSA-36 and XSA-38Roger Pau Monne2013-05-213-1/+401
|
* xen: XSA-34 and XSA-35Roger Pau Monne2013-01-233-1/+59
| | | | | | Security fixes for nested virtualization. This only apply to Xen 4.2.x, only edge and 2.5.x Alpine Linux systems are affected. (cherry picked from commit 0c0b33191e243c3b0de1d0331e6bd5a107b61626)
* xen: XSA-41 remaining patchesRoger Pau Monne2013-01-183-1/+111
| | | | | | | | Some patches where not included in the original XSA, this are the remaining ones (so far). To be applied to edge and 2.5 (cherry picked from commit 72b0ec467593775da3253251cecdb84f4bb10b13)
* xen: XSA-41Roger Pau Monne2013-01-172-1/+75
|
* xen: add XSA-33 patchRoger Pau Monne2013-01-172-1/+24
|
* main/xen: add iproute2 to dependsNatanael Copa2012-12-251-2/+2
| | | | | fixes #1529 (cherry picked from commit 661d357b739da454071504a178badd8256f562c5)
* xen: update to 4.2.1Roger Pau Monne2012-12-1813-1130/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Excerpt from release notes: This fixes the following critical vulnerabilities: * CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability * CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability * CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability * CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability * CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk * CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability * CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs * CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory * CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand() * CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values * CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs We recommend all users of the 4.2.0 code base to update to this point release. Among many bug fixes and improvements (around 100 since Xen 4.2.0): * A fix for a long standing time management issue * Bug fixes for S3 (suspend to RAM) handling * Bug fixes for other low level system state handling * Bug fixes and improvements to the libxl tool stack * Bug fixes to nested virtualization (cherry picked from commit 119185999980a6a6a78506a6b49e1a70ab55ad03)
* xen: security fixesRoger Pau Monne2012-12-047-1/+431
| | | | | | | | | | | | This covers: XSA-26 (CVE-2012-5510) XSA-27 (CVE-2012-5511) XSA-29 (CVE-2012-5513) XSA-30 (CVE-2012-5514) XSA-31 (CVE-2012-5515) XSA-32 (CVE-2012-5525) (cherry picked from commit 02c9cf16cb335a73de4a175a8f9a451a4a19a1ed)
* xen: add screen as a run time dependencyRoger Pau Monne2012-12-041-2/+2
| | | | | screen is needed by xendomains init script. Also bump pkgrel. (cherry picked from commit 9dcb820d809f104dd8d04314d3ab175334a7470f)
* xen: fix xendomains init scriptRoger Pau Monne2012-12-042-4/+4
| | | | (cherry picked from commit a5cfc78fea7ba38a87393901d33cffd50c089e0f)
* xen: prevent xenstore from being restaredRoger Pau Monne2012-11-282-6/+7
| | | | | | | xenstore should not be restarted. If it is restarted watches are lost, and several key components like kernel backend drivers will cease to work. (cherry picked from commit 2e34c29e4382c24c2438fd1a9419a68ba5f39d46)
* xen: bump pkgrelRoger Pau Monne2012-11-281-1/+1
| | | | (cherry picked from commit df4538c72764998f2b643d1cfa5b4083bae7e582)
* xen: fix misuse of einfo in xenstore.initdRoger Pau Monne2012-11-282-2/+2
| | | | | Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> (cherry picked from commit 9b20bafcd48738a6ddcf6e7f39744eb117b41e82)
* xen: add a bunch of security fixesRoger Pau Monne2012-11-285-0/+144
| | | | | | | | | | | This covers: XSA-20 XSA-22 XSA-23 XSA-24 Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> (cherry picked from commit 22809ecb412e53ecc84ef1213fcdfc3afa124909)
* xen: prevent qemu daemon from screwing the consoleRoger Pau Monne2012-11-282-2/+5
| | | | | | | | Qemu when launched with -nographic and -monitor screws the console badly. Use nohup to prevent that. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> (cherry picked from commit 1bba205542b00512cc50c8a4807b358f0b2697c5)
* xen: fix init scriptsRoger Pau Monné2012-11-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On 02/11/12 12:05, Leonardo Arena wrote: > On Fri, 2012-11-02 at 11:49 +0100, Roger Pau Monne wrote: >> Xen init scripts doesn't need to depend on 'net' >> --- >> Please update APK checksum >> --- >> main/xen/xend.initd | 2 +- >> main/xen/xenstored.initd | 1 - >> 2 files changed, 1 insertions(+), 2 deletions(-) >> >> diff --git a/main/xen/xend.initd b/main/xen/xend.initd >> index 1c667e8..bd5550b 100644 >> --- a/main/xen/xend.initd >> +++ b/main/xen/xend.initd >> @@ -4,7 +4,7 @@ >> # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xend.initd-r2,v 1.2 2011/09/10 17:22:46 alexxy Exp $ >> >> depend() { >> - need net xenconsoled xenstored >> + need xenconsoled xenstored >> after firewall >> before xendomains sshd >> } >> diff --git a/main/xen/xenstored.initd b/main/xen/xenstored.initd >> index f2c22cc..6187c02 100644 >> --- a/main/xen/xenstored.initd >> +++ b/main/xen/xenstored.initd >> @@ -4,7 +4,6 @@ >> # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xenstored.initd,v 1.2 2011/04/05 21:25:03 alexxy Exp $ >> >> depend() { >> - need net >> before xendomains xend sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp >> } >> > > Applied both patches. On the rush I forgot to increase pkgrel, can you commit this please: Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
* main/xen: update checksumLeonardo Arena2012-11-021-2/+3
|
* xen: fix init scriptsRoger Pau Monne2012-11-022-2/+1
| | | | | | Xen init scripts doesn't need to depend on 'net' Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
* xen: add CVE-2012-4544 fixRoger Pau Monne2012-11-022-0/+366
| | | | Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
* main/xen: rebuild against nss-3.14Natanael Copa2012-10-301-1/+1
|
* xen: update to 4.2.0Roger Pau Monne2012-09-173-11/+10
|
* xen: update to 4.2.0-rc4Roger Pau Monne2012-09-1413-229/+319
| | | | | | Next version (4.2) is scheduled to be released very soon if everything goes ok. This is a very close rc, which we can start testing until 4.2 comes out.
* main/xen: upgrade to 4.1.3Natanael Copa2012-08-136-452/+3
|
* main/xen: use default screendir locationNatanael Copa2012-06-223-4/+9
| | | | Otherwise screen -x will not work without manually setting screen dir
* main/xen: fix xendomains init script to wait for screenNatanael Copa2012-06-212-2/+17
| | | | | | | We need wait til the detatched screen has created the connection sockets before trying to set the opts to it. ref #1181
* main/xen: CVE-2012-0217, CVE-2012-0218, CVE-2012-2934Roger Pau Monne2012-06-123-2/+174
| | | | | | This should be backported to stable. Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
* main/xen: split out -dev, -libs and -hypervisorNatanael Copa2012-05-231-2/+18
|
* main/xen: fix xenstored init scriptRoger Pau Monne2012-04-302-2/+12
| | | | | | Mount /proc/xen on init if it's not mounted. Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
* main/xen: use adapted gentoo init.d scriptsNatanael Copa2012-04-0511-212/+254
|
* main/xen: fix xendomains init scriptRoger Pau Monne2012-03-082-27/+36
|
* main/xen: security fix CVE-2012-0029Roger Pau Monne2012-02-232-1/+45
|
* main/xen: update to match new OpenRC and kernel 3.2Roger Pau Monne2012-02-142-18/+15
|
* main/xen: upgrade to 4.1.2Natanael Copa2012-02-1222-1009/+633
|
* main/xen: rebuild against mesa-7.11Natanael Copa2011-10-251-1/+1
|
* main/xen: util-linux-ng was renamed to util-linuxNatanael Copa2011-09-021-1/+1
|
* Starting Xen HVM guests fails when using Xen 4.x and gcc 4.6Guillaume Sellier2011-09-022-1/+736
| | | | | | | | From the Xen FAQ : http://wiki.xensource.com/xenwiki/XenCommonProblems#head-775c8bcbc9f0470082f79af0c7a29a43392960bf Patch found here http://xenbits.xen.org/hg/xen-4.1-testing.hg/raw-rev/1976adbf2b80 I can't test it since I don't have the right hardware. G.
* Xen bump to 4.1.1Guillaume Sellier2011-09-021-1/+1
| | | | with updated checksum (oops)
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 20:55:03 +0000