| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
Security fixes for nested virtualization. This only apply to Xen
4.2.x, only edge and 2.5.x Alpine Linux systems are affected.
|
|
|
|
|
|
|
| |
Some patches where not included in the original XSA, this are the
remaining ones (so far).
To be applied to edge and 2.5
|
| |
|
| |
|
| |
|
|
|
|
| |
ref #1529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Excerpt from release notes:
This fixes the following critical vulnerabilities:
* CVE-2012-4535 / XSA-20:
Timer overflow DoS vulnerability
* CVE-2012-4537 / XSA-22:
Memory mapping failure DoS vulnerability
* CVE-2012-4538 / XSA-23:
Unhooking empty PAE entries DoS vulnerability
* CVE-2012-4539 / XSA-24:
Grant table hypercall infinite loop DoS vulnerability
* CVE-2012-4544,CVE-2012-2625 / XSA-25:
Xen domain builder Out-of-memory due to malicious kernel/ramdisk
* CVE-2012-5510 / XSA-26:
Grant table version switch list corruption vulnerability
* CVE-2012-5511 / XSA-27:
several HVM operations do not validate the range of their inputs
* CVE-2012-5513 / XSA-29:
XENMEM_exchange may overwrite hypervisor memory
* CVE-2012-5514 / XSA-30:
Broken error handling in guest_physmap_mark_populate_on_demand()
* CVE-2012-5515 / XSA-31:
Several memory hypercall operations allow invalid extent order
values
* CVE-2012-5525 / XSA-32:
several hypercalls do not validate input GFNs
We recommend all users of the 4.2.0 code base to update to this
point release.
Among many bug fixes and improvements (around 100 since Xen 4.2.0):
* A fix for a long standing time management issue
* Bug fixes for S3 (suspend to RAM) handling
* Bug fixes for other low level system state handling
* Bug fixes and improvements to the libxl tool stack
* Bug fixes to nested virtualization
|
|
|
|
|
|
|
|
|
|
|
| |
This covers:
XSA-26 (CVE-2012-5510)
XSA-27 (CVE-2012-5511)
XSA-29 (CVE-2012-5513)
XSA-30 (CVE-2012-5514)
XSA-31 (CVE-2012-5515)
XSA-32 (CVE-2012-5525)
|
|
|
|
| |
screen is needed by xendomains init script. Also bump pkgrel.
|
| |
|
|
|
|
|
|
| |
xenstore should not be restarted. If it is restarted watches are lost,
and several key components like kernel backend drivers will cease to
work.
|
| |
|
|
|
|
| |
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
This covers:
XSA-20
XSA-22
XSA-23
XSA-24
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
|
|
|
|
|
|
|
| |
Qemu when launched with -nographic and -monitor screws the console
badly. Use nohup to prevent that.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On 02/11/12 12:05, Leonardo Arena wrote:
> On Fri, 2012-11-02 at 11:49 +0100, Roger Pau Monne wrote:
>> Xen init scripts doesn't need to depend on 'net'
>> ---
>> Please update APK checksum
>> ---
>> main/xen/xend.initd | 2 +-
>> main/xen/xenstored.initd | 1 -
>> 2 files changed, 1 insertions(+), 2 deletions(-)
>>
>> diff --git a/main/xen/xend.initd b/main/xen/xend.initd
>> index 1c667e8..bd5550b 100644
>> --- a/main/xen/xend.initd
>> +++ b/main/xen/xend.initd
>> @@ -4,7 +4,7 @@
>> # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xend.initd-r2,v 1.2 2011/09/10 17:22:46 alexxy Exp $
>>
>> depend() {
>> - need net xenconsoled xenstored
>> + need xenconsoled xenstored
>> after firewall
>> before xendomains sshd
>> }
>> diff --git a/main/xen/xenstored.initd b/main/xen/xenstored.initd
>> index f2c22cc..6187c02 100644
>> --- a/main/xen/xenstored.initd
>> +++ b/main/xen/xenstored.initd
>> @@ -4,7 +4,6 @@
>> # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xenstored.initd,v 1.2 2011/04/05 21:25:03 alexxy Exp $
>>
>> depend() {
>> - need net
>> before xendomains xend sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp
>> }
>>
>
> Applied both patches.
On the rush I forgot to increase pkgrel, can you commit this please:
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
|
| |
|
|
|
|
|
|
| |
Xen init scripts doesn't need to depend on 'net'
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
|
|
|
|
| |
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
|
| |
|
| |
|
|
|
|
|
|
| |
Next version (4.2) is scheduled to be released very soon
if everything goes ok. This is a very close rc,
which we can start testing until 4.2 comes out.
|
| |
|
|
|
|
| |
Otherwise screen -x will not work without manually setting screen dir
|
|
|
|
|
|
|
| |
We need wait til the detatched screen has created the connection
sockets before trying to set the opts to it.
ref #1181
|
|
|
|
|
|
| |
This should be backported to stable.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
|
| |
|
|
|
|
|
|
| |
Mount /proc/xen on init if it's not mounted.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
From the Xen FAQ : http://wiki.xensource.com/xenwiki/XenCommonProblems#head-775c8bcbc9f0470082f79af0c7a29a43392960bf
Patch found here http://xenbits.xen.org/hg/xen-4.1-testing.hg/raw-rev/1976adbf2b80
I can't test it since I don't have the right hardware.
G.
|
|
|
|
| |
with updated checksum (oops)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Xen 4.1.1 is a maintenance release in the 4.1 series and contains:
Security fixes including CVE-2011-1583 and CVE-2011-1898
Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
Many stability improvements, such as:
PV-on-HVM stability fixes (fixing some IRQ issues)
XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
RAS fixes for high availability
fixes for offlining bad pages
changes to libxc, mainly of benefit to libvirt
Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.
|
| |
|
|
|
|
|
| |
a small patch found on the same web pages
https://bugs.gentoo.org/show_bug.cgi?id=336487
|
|
|
|
|
| |
Found here https://bugs.gentoo.org/show_bug.cgi?id=361345
a more "gentooïsh" script that the default provided one.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
more hacks for blktap
|
| |
|
|
|