# Please keep this package in sync with FC %define major 3.0 %define libname %mklibname %{name} %{major} %define develname %mklibname %{name} -d # Build a debug hypervisor only if rpmbuild was run with --with debug %define build_debug %{?_with_debug: 1} %{?!_with_debug: 0} # Build ocaml bits unless rpmbuild was run with --without ocaml # or ocamlopt is missing (the xen makefile doesn't build ocaml bits if it isn't there) %define with_ocaml %{?_without_ocaml: 0} %{?!_without_ocaml: 1} %define build_ocaml %(test -x %{_bindir}/ocamlopt && echo %{with_ocaml} || echo 0) %define build_docs 1 # Build with stubdom unless rpmbuild was run with --without stubdom %define build_stubdom %{?_without_stubdom: 0} %{?!_without_stubdom: 1} # Only build with qemu-traditional if rpmbuild was run with --with qemutrad %define build_qemutrad %{?_with_qemutrad: 1} %{?!_with_qemutrad: 0} # build with ovmf from edk2-ovmf unless rpmbuild was run with --without ovmf %define build_ovmf %{?_without_ovmf: 0} %{?!_without_ovmf: 1} # set to 0 for archs that don't use qemu or ovmf (reduces build dependencies) %ifnarch x86_64 %{ix86} %define build_qemutrad 0 %define build_ovmf 0 %endif # Build with xen hypervisor unless rpmbuild was run with --without hyp %define build_hyp %{?_without_hyp: 0} %{?!_without_hyp: 1} # build xsm support unless rpmbuild was run with --without xsm # or required packages are missing %define with_xsm %{?_without_xsm: 0} %{?!_without_xsm: 1} %define build_xsm %(test -x %{_bindir}/checkpolicy && test -x %{_bindir}/m4 && echo %{with_xsm} || echo 0) # cross compile 64-bit hypervisor on ix86 unless rpmbuild was run # with --without crosshyp %define build_crosshyp %{?_without_crosshyp: 0} %{?!_without_crosshyp: 1} %ifnarch %{ix86} %define build_crosshyp 0 %else %define build_crosshyp 0 %if ! %build_crosshyp %define build_hyp 0 %endif %endif # no point in trying to build xsm on ix86 without a hypervisor %if ! %build_hyp %define build_xsm 0 %endif %ifnarch %arm %define build_xsm 0 %endif # build an efi boot image (where supported) unless rpmbuild was run with # --without efi %define build_efi %{?_without_efi: 0} %{?!_without_efi: 1} # xen only supports efi boot images on x86_64 or aarch64 # i686 builds a x86_64 hypervisor so add that as well %ifnarch x86_64 aarch64 %{ix86} %define build_efi 0 %endif # Hypervisor ABI %define hv_abi 4.16 Summary: Xen is a virtual machine monitor Name: xen Version: 4.16.0 Release: %mkrel 2 %define subrel 1 Group: System/Kernel and hardware License: GPLv2+ and LGPLv2+ and BSD URL: http://xen.org/ Source0: https://downloads.xenproject.org/release/xen/%{version}/xen-%{version}.tar.gz Source2: %{name}.logrotate # used by stubdoms # (from https://xenbits.xen.org/xen-extfiles/): Source10: https://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz Source11: https://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz Source12: https://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz Source13: https://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 Source14: https://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz Source15: https://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz # .config file for xen hypervisor Source21: xen.hypervisor.config Source22: xen.hypervisor.config.debug # Fedora patches: Patch4: CVE-2014-0150.patch Patch5: xen.fedora.systemd.patch Patch6: xen.ocaml.selinux.fix.patch Patch7: xen.fedora.crypt.patch Patch8: qemu.trad.CVE-2015-6815.patch Patch9: qemu.trad.CVE-2015-5279.patch Patch10: qemu.trad.CVE-2015-5278.patch Patch11: qemu.trad.CVE-2015-7295.patch Patch12: qemu.trad.CVE-2015-8345.patch Patch13: qemu.trad.CVE-2015-7512.patch Patch14: qemu.trad.CVE-2015-8504.patch Patch15: qemu.trad.CVE-2016-1714.patch Patch16: qemu.trad.CVE-2016-1981.patch Patch17: qemu.trad.CVE-2016-2841.patch Patch18: qemu.trad.CVE-2016-2538.patch Patch19: qemu.trad.CVE-2016-2857.patch Patch20: qemu.trad.CVE-2016-4001.patch Patch21: qemu.trad.CVE-2016-4002.patch Patch22: qemu.trad.CVE-2016-4439.patch Patch23: qemu.trad.CVE-2016-4441.patch Patch24: qemu.trad.CVE-2016-5238.patch Patch25: qemu.trad.CVE-2016-5338.patch Patch27: qemu.trad.CVE-2016-6351.patch Patch29: qemu.trad.CVE-2016-8669.patch Patch30: qemu.trad.CVE-2016-8910.patch Patch31: qemu.trad.bug1399055.patch Patch32: qemu.trad.CVE-2016-9776.patch Patch33: xen.gcc7.fix.patch Patch34: xen.canonicalize.patch Patch35: qemu.trad.CVE-2017-6505.patch Patch36: qemu.trad.CVE-2017-7718.patch Patch37: droplibvirtconflict.patch Patch38: qemu.trad.CVE-2017-8309.patch Patch39: qemu.trad.CVE-2017-9330.patch Patch40: xen.drop.brctl.patch Patch41: xen.gcc9.fixes.patch Patch42: xen.gcc10.fixes.patch Patch43: xen.gcc11.fixes.patch Patch44: xsa376.patch Patch45: xsa393.patch Patch46: xsa394.patch Patch47: xsa395.patch Patch48: xen.gcc12.fixes.patch Patch49: xsa398-4.16-1-xen-arm-Introduce-new-Arm-processors.patch Patch50: xsa398-4.16-2-xen-arm-move-errata-CSV2-check-earlier.patch Patch51: xsa398-4.16-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch Patch52: xsa398-4.16-4-xen-arm-Add-Spectre-BHB-handling.patch Patch53: xsa398-4.16-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch Patch54: xen.git-7f34b6a895d10744bab32fc843246c45da444d8b.patch Patch55: xen.git-08fc03c855c071e9b1aaaa96403f2a90433336a7.patch Patch56: xen.git-21d70feed10571543061abeaedd21ce8adc60114.patch Patch57: xen.git-72ef02da23861f686c349a6808b2f4c9adc15f9f.patch Patch58: xen.git-6ef732726add103ee8f63293e326ad43b1643239.patch Patch59: xen.git-243026a2c5ad64c05281dc8ed2f1f57c0ee5988c.patch Patch60: xen.git-41e477b4f367269dc1b768a335cfa16f48f7f02f.patch Patch61: xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch Patch62: xen.efi.build.patch # Mageia patches: Patch201: xen-4.1.2-fix-stubdom-Makefile.patch Patch202: xen-4.1.3-fix-doc-build.patch Patch203: xen-4.2.1-fix-glibc-build.patch Patch204: xen.armv8l.arm32.patch BuildRequires: pkgconfig(python3) BuildRequires: pkgconfig(ncurses) %if %build_qemutrad BuildRequires: pkgconfig(libidn) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(sdl) BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(gtk+-2.0) BuildRequires: libaio-devel %endif # build using Fedora seabios and ipxe packages for roms BuildRequires: seabios BuildRequires: seabios-bin BuildRequires: ipxe-roms-qemu %ifarch %{ix86} x86_64 # for the VMX "bios" BuildRequires: dev86-devel %endif BuildRequires: glibc-devel BuildRequires: gettext BuildRequires: pkgconfig(gnutls) BuildRequires: libgcrypt-devel BuildRequires: brlapi-devel BuildRequires: pkgconfig(openssl) # For ioemu PCI passthrough BuildRequires: pkgconfig(libpci) # Several tools now use uuid BuildRequires: pkgconfig(uuid) # iasl needed to build hvmloader BuildRequires: acpica-tools # for spice support BuildRequires: pkgconfig(spice-server) BuildRequires: spice-protocol BuildRequires: pkgconfig(libusbredirparser-0.5) >= 0.6 # modern compressed kernels BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libzstd) # libfsimage BuildRequires: e2fsprogs-devel # tools now require yajl and wget BuildRequires: pkgconfig(yajl) BuildRequires: wget # remus support now needs libnl3 BuildRequires: libnl3-devel %if %with_xsm # xsm policy file needs needs checkpolicy and m4 BuildRequires: checkpolicy m4 %endif # for virtfs support BuildRequires: attr-devel BuildRequires: pkgconfig(libcap) Requires: iptables %if %build_crosshyp # cross compiler for building 64-bit hypervisor on ix86 BuildRequires: gcc-x86_64-linux-gnu %endif BuildRequires: gcc make Requires: iproute Requires: python3-lxml Requires: xen-runtime = %{version}-%{release} # Not strictly a dependency, but kpartx is by far the most useful tool right # now for accessing domU data from within a dom0 so bring it in when the user # installs xen. Requires: kpartx ExclusiveArch: %{ix86} x86_64 armv7hl aarch64 %if %with_ocaml BuildRequires: ocaml >= 4.10.0 BuildRequires: ocaml-findlib-devel %endif Requires(post): systemd Requires(preun): systemd BuildRequires: pkgconfig(systemd) %ifarch armv7hl aarch64 BuildRequires: libfdt-devel %endif %if %build_ovmf BuildRequires: edk2-ovmf %endif %if %build_hyp BuildRequires: bison flex %endif %description This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor %package -n %{libname} Summary: Libraries for Xen tools Group: System/Libraries Conflicts: %{name} < 3.1.0-5 Requires: xen-licenses %description -n %{libname} This package contains the libraries needed to run applications which manage Xen virtual machines. %package runtime Summary: Core Xen runtime environment Requires: %libname = %{version}-%{release} #Requires: /usr/bin/qemu-img /usr/bin/qemu-nbd Requires: qemu-img # Ensure we at least have a suitable kernel installed, though we can't # force user to actually boot it. Requires: xen-hypervisor-abi = %{hv_abi} %ifnarch %arm Requires: kernel-server %endif # perl is used in /etc/xen/scripts/locking.sh Recommends: perl %ifnarch armv7hl aarch64 # use /usr/bin/qemu-system-i386 in Fedora instead of qemu-xen Recommends: qemu-system-x86-core # rom file for qemu-xen-traditional Recommends: ipxe-roms-qemu %endif Conflicts: xen <= 4.14.0-4.mga8 %description runtime This package contains the runtime programs and daemons which form the core Xen userspace environment. %package hypervisor Summary: Libraries for Xen tools Group: System/Kernel and hardware Provides: xen-hypervisor-abi = %{hv_abi} Requires: xen-licenses %if %build_hyp %ifarch %{ix86} Recommends: grub2-common %endif %ifarch x86_64 Recommends: grub2-efi %endif %endif %description hypervisor This package contains the Xen hypervisor. %if %build_docs %package doc Summary: Xen documentation Group: Documentation BuildArch: noarch Requires: xen-licenses # for the docs BuildRequires: perl(Pod::Man) perl(Pod::Text) perl(File::Find) BuildRequires: transfig perl(Pod::Html) #BuildRequires: pandoc %description doc This package contains the Xen documentation. %endif %package -n %{develname} Summary: Development libraries for Xen tools Group: Development/C Requires: %{libname} = %{version}-%{release} Provides: %{name}-devel = %{version}-%{release} Conflicts: %{name} < 4.13.0-6 %description -n %{develname} This package contains what's needed to develop applications which manage Xen virtual machines. %package licenses Summary: License files from Xen source %description licenses This package contains the license files from the source used to build the xen packages. %if %build_ocaml %package -n ocaml-xen Summary: Ocaml libraries for Xen tools Group: Development/Other Conflicts: %{name} < 3.1.0-5 %description -n ocaml-xen This package contains libraries for ocaml tools to manage Xen virtual machines. %package -n ocaml-xen-devel Summary: Ocaml development libraries for Xen tools Group: Development/Other Requires: %{name}-devel = %{version}-%{release} %description -n ocaml-xen-devel This package contains libraries for developing ocaml tools to manage Xen virtual machines. %endif %prep %setup -q # FC patches: %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch33 -p1 %patch34 -p1 %patch37 -p1 %patch40 -p1 %patch41 -p1 %patch42 -p1 %patch43 -p1 %patch44 -p1 # qemu-xen-traditional patches pushd tools/qemu-xen-traditional %patch27 -p1 %patch29 -p1 %patch30 -p1 %patch31 -p1 %patch32 -p1 %patch35 -p1 %patch36 -p1 %patch38 -p1 %patch39 -p1 popd # qemu-xen patches pushd tools/qemu-xen popd # Mageia patches: %patch201 -p1 %patch202 -p1 %patch203 -p1 %patch204 -p1 # stubdom sources cp -v %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} stubdom # copy xen hypervisor .config file to change settings %if !%build_debug cp -v %{SOURCE21} xen/.config %else cp -v %{SOURCE22} xen/.config %endif %build %if !%build_ocaml %define ocaml_flags OCAML_TOOLS=n %endif %if %build_efi mkdir -p dist/install/boot/efi/efi/fedora %endif %if %build_ocaml mkdir -p dist/install%{_libdir}/ocaml/stublibs %endif export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS -Wno-error=declaration-after-statement" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" export PYTHON="/usr/bin/python3" %if %build_hyp %if %build_crosshyp XEN_TARGET_ARCH=x86_64 %make_build prefix=/usr xen CC="/usr/bin/x86_64-linux-gnu-gcc `echo $RPM_OPT_FLAGS | sed -e 's/-m32//g' -e 's/-march=i686//g' -e 's/-mtune=atom//g' -e 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g' -e 's/-fstack-clash-protection//g' -e 's/-mcet//g' -e 's/-fcf-protection//g'`" %else %ifarch armv7hl %make_build prefix=/usr xen CC="gcc `echo $RPM_OPT_FLAGS | sed -e 's/-mfloat-abi=hard//g' -e 's/-march=armv7-a//g'`" %else %ifarch aarch64 %make_build prefix=/usr xen CC="gcc $RPM_OPT_FLAGS -mno-outline-atomics" %else %make_build prefix=/usr xen CC="gcc `echo $RPM_OPT_FLAGS | sed -e 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g' -e 's/-fcf-protection//g'`" %endif %endif %endif %endif %if %build_qemutrad CONFIG_EXTRA="--enable-qemu-traditional" %else CONFIG_EXTRA="" %endif %if %build_ovmf CONFIG_EXTRA="$CONFIG_EXTRA --with-system-ovmf=%{_libexecdir}/%{name}/boot/ovmf.bin" %endif %ifnarch armv7hl aarch64 CONFIG_EXTRA="$CONFIG_EXTRA --with-system-ipxe=/usr/share/ipxe/10ec8139.rom" %endif %if %(test -f /usr/share/seabios/bios-256k.bin && echo 1|| echo 0) CONFIG_EXTRA="$CONFIG_EXTRA --with-system-seabios=/usr/share/seabios/bios-256k.bin" %else CONFIG_EXTRA="$CONFIG_EXTRA --disable-seabios" %endif ./configure --prefix=%{_prefix} --libdir=%{_libdir} --libexecdir=%{_libexecdir} --with-system-qemu=/usr/bin/qemu-system-i386 --with-linux-backend-modules="xen-evtchn xen-gntdev xen-gntalloc xen-blkback xen-netback xen-pciback xen-scsiback xen-acpi-processor" $CONFIG_EXTRA %make_build %{?ocaml_flags} prefix=/usr tools %if %build_docs make prefix=/usr docs %endif export RPM_OPT_FLAGS_RED=`echo $RPM_OPT_FLAGS | sed -e 's/-m64//g' -e 's/--param=ssp-buffer-size=4//g' -e's/-fstack-protector-strong//'` %ifarch %{ix86} export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS_RED" %endif %if %build_stubdom %ifnarch armv7hl aarch64 make mini-os-dir make -C stubdom build %endif %ifarch x86_64 export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS_RED" XEN_TARGET_ARCH=x86_32 make -C stubdom pv-grub-if-enabled %endif %endif %install mkdir -p %{buildroot} cp -prlP dist/install/* %{buildroot} %if %build_stubdom %ifnarch armv7hl aarch64 make DESTDIR=%{buildroot} %{?ocaml_flags} prefix=/usr install-stubdom %endif %endif %ifarch %{ix86} cat > README.install.urpmi <<_EOF Since xen 4.3, the hypervisor is no longer supported on x86_32. But fear not, you can actually use the x86_64 xen hypervisor, even when using a 32bit kernel and system. This is because the hypervisor is loaded before the kernel and OS. Keep in mind that a x86_64 capable processor is still required, but then if you are installing a hypervisor, you really should be using 64bit anyway. _EOF ln -f README.install.urpmi README.4.3.0.upgrade.urpmi %endif %if %build_efi %ifnarch %{ix86} mv %{buildroot}/boot/efi/efi %{buildroot}/boot/efi/EFI %endif %if %build_xsm # policy file should be in /boot/flask mkdir %{buildroot}/boot/flask mv %{buildroot}/boot/xenpolicy* %{buildroot}/boot/flask %else rm -f %{buildroot}/boot/xenpolicy* %endif %endif ############ kill unwanted stuff ############ # stubdom: newlib rm -rf %{buildroot}/usr/*-xen-elf # silly doc dir fun rm -fr %{buildroot}%{_datadir}/doc/xen # Pointless helper rm -f %{buildroot}%{_sbindir}/xen-python-path # qemu stuff (unused or available from upstream) rm -rf %{buildroot}/usr/share/xen/man rm -rf %{buildroot}/usr/bin/qemu-*-xen ln -s qemu-img %{buildroot}/%{_bindir}/qemu-img-xen ln -s qemu-img %{buildroot}/%{_bindir}/qemu-nbd-xen for file in bios.bin openbios-sparc32 openbios-sparc64 ppc_rom.bin \ pxe-e1000.bin pxe-ne2k_pci.bin pxe-pcnet.bin pxe-rtl8139.bin \ vgabios.bin vgabios-cirrus.bin video.x openbios-ppc bamboo.dtb do rm -f %{buildroot}/%{_datadir}/xen/qemu/$file done # README's not intended for end users rm -f %{buildroot}/%{_sysconfdir}/xen/README* # standard gnu info files rm -rf %{buildroot}/usr/info # adhere to Static Library Packaging Guidelines rm -rf %{buildroot}/%{_libdir}/*.a %if %build_efi # clean up extra efi files rm -rf %{buildroot}/%{_libdir}/efi %ifarch %{ix86} rm -rf %{buildroot}/usr/lib64/efi %endif %endif %if ! %build_ocaml rm -rf %{buildroot}/%{_unitdir}/oxenstored.service %endif %if %build_ovmf cat /usr/share/OVMF/OVMF_{VARS,CODE}.fd >%{buildroot}%{_libexecdir}/%{name}/boot/ovmf.bin %endif ############ fixup files in /etc ############ # logrotate mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # init scripts rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xen-watchdog rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xencommons rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xendomains rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xendriverdomain ############ create dirs in /var ############ mkdir -p %{buildroot}%{_localstatedir}/lib/xen/images mkdir -p %{buildroot}%{_localstatedir}/log/xen/console ############ create symlink for x86_64 for compatibility with 4.4 ############ %if "%{_libdir}" != "/usr/lib" ln -s %{_libexecdir}/%{name} %{buildroot}/%{_libdir}/%{name} %endif ############ create symlink to qemu-system-i386 in /usr/bin ############ ln -s /usr/bin/qemu-system-i386 %{buildroot}/%{_libexecdir}/%{name}/bin/qemu-system-i386 # no selinux support sed -i -E '/^Options=/ s/,context=".*?"//' %{buildroot}%{_unitdir}/var-lib-xenstored.mount # gprintify has a bug handling some constructs in xendomain export DONT_GPRINTIFY=1 %if %build_efi %ifnarch %{ix86} pushd %{buildroot}/boot/ mv efi/EFI/{fedora,mageia} mv efi EFI popd %endif %endif rm -fr %{buildroot}/usr/share/locale/*/LC_MESSAGES/qemu.mo ############ assemble license files ############ mkdir licensedir # avoid licensedir to avoid recursion, also stubdom/ioemu and dist # which are copies of files elsewhere find . -path licensedir -prune -o -path stubdom/ioemu -prune -o \ -path dist -prune -o -name COPYING -o -name LICENSE | while read file; do mkdir -p licensedir/`dirname $file` install -m 644 $file licensedir/$file done ############ all done now ############ %post %systemd_post xendomains.service %preun %systemd_preun xendomains.service %post runtime %systemd_post xenstored.service xenconsoled.service %preun runtime %systemd_preun xenstored.service xenconsoled.service %if %build_hyp %post hypervisor do_it() { DIR=$1 TARGET=$2 if [ -d $DIR ]; then if [ ! -d $TARGET ]; then mkdir $TARGET fi for m in relocator.mod multiboot2.mod; do if [ -f $DIR/$m ]; then if [ ! -f $TARGET/$m ] || ! cmp -s $DIR/$m $TARGET/$m; then cp -p $DIR/$m $TARGET/$m fi fi done fi } if [ $1 == 1 -a -f /sbin/grub2-mkconfig ]; then for f in /boot/grub2/grub.cfg; do if [ -f $f ]; then /sbin/grub2-mkconfig -o $f sed -i -e '/insmod module2/d' $f fi done fi if [ -f /sbin/grub2-mkconfig ]; then if [ -f /boot/grub2/grub.cfg ]; then DIR=/usr/lib/grub/i386-pc TARGET=/boot/grub2/i386-pc do_it $DIR $TARGET DIR=/usr/lib/grub/x86_64-efi TARGET=/boot/grub2/x86_64-efi do_it $DIR $TARGET fi fi %postun hypervisor if [ -f /sbin/grub2-mkconfig ]; then for f in /boot/grub2/grub.cfg; do if [ -f $f ]; then /sbin/grub2-mkconfig -o $f sed -i -e '/insmod module2/d' $f fi done fi %endif %if %build_ocaml %post -n ocaml-xen %systemd_post oxenstored.service %preun -n ocaml-xen %systemd_preun oxenstored.service %endif # Base package only contains XenD/xm python stuff %files %if %build_docs #dir %{_docdir}/%{name} %endif %doc COPYING README %{_bindir}/xencons %{python3_sitearch}/%{name} %{python3_sitearch}/xen-*.egg-info # Guest autostart links %dir %attr(0700,root,root) %{_sysconfdir}/%{name}/auto # Autostart of guests %config(noreplace) %{_sysconfdir}/sysconfig/xendomains %{_unitdir}/xendomains.service %files -n %{libname} %{_libdir}/*.so.* %{_libdir}/xenfsimage # All runtime stuff except for XenD/xm python stuff %files runtime # Hotplug rules %dir %attr(0700,root,root) %{_sysconfdir}/%{name} %dir %attr(0700,root,root) %{_sysconfdir}/%{name}/scripts/ %config %attr(0700,root,root) %{_sysconfdir}/%{name}/scripts/* %{_sysconfdir}/bash_completion.d/xl %{_unitdir}/proc-xen.mount %{_unitdir}/var-lib-xenstored.mount %{_unitdir}/xenstored.service %{_unitdir}/xenconsoled.service %{_unitdir}/xen-watchdog.service %{_unitdir}/xen-qemu-dom0-disk-backend.service %{_unitdir}/xendriverdomain.service /usr/lib/modules-load.d/xen.conf %config(noreplace) %{_sysconfdir}/sysconfig/xencommons %config(noreplace) %{_sysconfdir}/xen/xl.conf %config(noreplace) %{_sysconfdir}/xen/cpupool %config(noreplace) %{_sysconfdir}/xen/xlexample* # Rotate console log files %config(noreplace) %{_sysconfdir}/logrotate.d/xen # Programs run by other programs %dir %{_libexecdir}/%{name} %dir %{_libexecdir}/%{name}/bin %attr(0700,root,root) %{_libexecdir}/%{name}/bin/* # QEMU runtime files %if %build_qemutrad %ifnarch armv7hl aarch64 %dir %{_datadir}/%{name}/qemu %dir %{_datadir}/%{name}/qemu/keymaps %{_datadir}/%{name}/qemu/keymaps/* %endif %endif # man pages %if %build_docs %{_mandir}/man*/* %endif %{python3_sitearch}/xenfsimage*.so %{python3_sitearch}/grub %{python3_sitearch}/pygrub-*.egg-info # The firmware %ifarch %{ix86} x86_64 %dir %{_libexecdir}/%{name}/boot %{_libexecdir}/xen/boot/hvmloader %ifnarch %{ix86} %{_libexecdir}/%{name}/boot/xen-shim /usr/lib/debug%{_libexecdir}/xen/boot/xen-shim-syms %endif %if %build_ovmf %{_libexecdir}/xen/boot/ovmf.bin %endif %if %build_stubdom %if %build_qemutrad %{_libexecdir}/xen/boot/ioemu-stubdom.gz %endif %{_libexecdir}/xen/boot/xenstore-stubdom.gz %{_libexecdir}/xen/boot/xenstorepvh-stubdom.gz %endif %endif %if "%{_libdir}" != "/usr/lib" %{_libdir}/%{name} %endif # General Xen state %dir %{_localstatedir}/lib/%{name} %dir %{_localstatedir}/lib/%{name}/dump %dir %{_localstatedir}/lib/%{name}/images # Xenstore persistent state %dir %{_localstatedir}/lib/xenstored # Xenstore runtime state %ghost %{_localstatedir}/run/xenstored # All xenstore CLI tools %{_bindir}/qemu-*-xen %{_bindir}/xenstore %{_bindir}/xenstore-* %{_bindir}/pygrub %{_bindir}/xentrace* # XSM %{_sbindir}/flask-* # Misc stuff %ifnarch armv7hl aarch64 %{_bindir}/xen-detect %endif %{_bindir}/xencov_split %ifnarch armv7hl aarch64 %{_sbindir}/gdbsx %{_sbindir}/xen-kdd %endif %ifnarch armv7hl aarch64 %{_sbindir}/xen-hptool %{_sbindir}/xen-hvmcrash %{_sbindir}/xen-hvmctx %endif %{_sbindir}/xenconsoled %{_sbindir}/xenlockprof %{_sbindir}/xenmon %{_sbindir}/xentop %{_sbindir}/xentrace_setmask %{_sbindir}/xenbaked %{_sbindir}/xenstored %{_sbindir}/xenpm %{_sbindir}/xenpmd %{_sbindir}/xenperf %{_sbindir}/xenwatchdogd %{_sbindir}/xl %ifnarch armv7hl aarch64 %{_sbindir}/xen-lowmemd %endif %{_sbindir}/xencov %ifnarch armv7hl aarch64 %{_sbindir}/xen-mfndump %endif %{_bindir}/xenalyze %{_sbindir}/xentrace %{_sbindir}/xentrace_setsize %ifnarch armv7hl aarch64 %{_bindir}/xen-cpuid %endif %{_sbindir}/xen-livepatch %{_sbindir}/xen-diag %ifnarch armv7hl aarch64 %{_sbindir}/xen-ucode %{_sbindir}/xen-memshare %{_sbindir}/xen-mceinj %{_sbindir}/xen-vmtrace %endif %{_bindir}/vchan-socket-proxy %{_sbindir}/xenhypfs %{_sbindir}/xen-access # Xen logfiles %dir %attr(0700,root,root) %{_localstatedir}/log/xen # Guest/HV console logs %dir %attr(0700,root,root) %{_localstatedir}/log/xen/console %files hypervisor %ifarch %{ix86} %doc README.4.3.0.upgrade.urpmi README.install.urpmi %endif %if %build_hyp %ifnarch armv7hl aarch64 /boot/xen-*.gz /boot/xen.gz /boot/xen*.config %else /boot/xen* %endif %ifnarch %arm %if %build_xsm %dir %attr(0755,root,root) /boot/flask /boot/flask/xenpolicy* %endif %endif /usr/lib/debug/xen* %endif %if %build_docs %files doc #{_docdir}/%{name}/* %doc docs/txt/* docs/html/* %endif %files -n %{develname} %{_includedir}/*.h %dir %{_includedir}/xen %{_includedir}/xen/* %dir %{_includedir}/xenstore-compat %{_includedir}/xenstore-compat/* %{_libdir}/*.so %{_libdir}/pkgconfig/* %files licenses %doc licensedir/* %if %build_ocaml %files -n ocaml-xen %{_libdir}/ocaml/xen* %exclude %{_libdir}/ocaml/xen*/*.a %exclude %{_libdir}/ocaml/xen*/*.cmxa %exclude %{_libdir}/ocaml/xen*/*.cmx %{_libdir}/ocaml/stublibs/*.so %{_libdir}/ocaml/stublibs/*.so.owner %{_sbindir}/oxenstored %config(noreplace) %{_sysconfdir}/xen/oxenstored.conf %{_unitdir}/oxenstored.service %files -n ocaml-xen-devel %{_libdir}/ocaml/xen*/*.a %{_libdir}/ocaml/xen*/*.cmxa %{_libdir}/ocaml/xen*/*.cmx %endif %changelog * Mon Apr 02 2022 ghibo 4.16.0-2.mga8 - merge patches from cauldron. * Mon Jan 17 2022 tv 4.16.0-1.mga8 + Revision: 1768839 - 4.16.0 - sync with Cauldron's package - Move /lib/xenfsimage into library package - don't build qemu-traditional or pv-grub by default (following upstream) - fix some incorrect dependencies on building qemu-traditional - rework seabios configure logic (bios.bin is no longer useful) - unpackage /boot/EFI/EFI/mageia/xen*.efi - frontends vulnerable to backends [XSA-376] (document change only) - change grub module package dependencies from Suggests to Recommends and move to hypervisor package - Linux: display frontend "be-alloc" mode is unsupported (comment only) [XSA-363, CVE-2021-26934] (#1929549) - arm: The cache may not be cleaned for newly allocated scrubbed pages [XSA-364, CVE-2021-26933] (#1929547) - backport upstream zstd dom0 and guest patches - BR libzstd - add weak dependency on grub modules to improve initial boot setup - IRQ vector leak on x86 [XSA-360] * Mon Dec 21 2020 tv 4.14.1-1.mga8 + Revision: 1662465 - update to 4.14.1 * Wed Dec 16 2020 tv 4.14.0-11.mga8 + Revision: 1658002 - xenstore watch notifications lacking permission checks [XSA-115, CVE-2020-29480] (rhbz#1908091) - Xenstore: new domains inheriting existing node permissions [XSA-322, CVE-2020-29481] (rhbz#1908095) - Xenstore: wrong path length check [XSA-323, CVE-2020-29482] (rhbz#1908096) - Xenstore: guests can crash xenstored via watchs [XSA-324, CVE-2020-29484] (rhbz#1908088) - Xenstore: guests can disturb domain cleanup [XSA-325, CVE-2020-29483] (rhbz#1905648) - oxenstored memory leak in reset_watches [XSA-330, CVE-2020-29485] (rhbz#1908000) - undue recursion in x86 HVM context switch code [XSA-348, CVE-2020-29566] (rhbz#1908085) - oxenstored: node ownership can be changed by unprivileged clients [XSA-352, CVE-2020-29486] (rhbz#1908002) - oxenstored: permissions not checked on root node [XSA-353, CVE-2020-29479] (rhbz#1908003) - infinite loop when cleaning up IRQ vectors [XSA-356, CVE-2020-29567] (rhbz#1907932) - FIFO event channels control block related ordering [XSA-358, CVE-2020-29570] (rhbz#1907931) - FIFO event channels control structure ordering [XSA-359, CVE-2020-29571] (rhbz#1908089) - Work around another gcc-11 stringop-overflow diagnostic * Wed Nov 25 2020 tv 4.14.0-10.mga8 + Revision: 1649191 - stack corruption from XSA-346 change [XSA-355] * Mon Nov 23 2020 tv 4.14.0-9.mga8 + Revision: 1648810 - Support zstd compressed kernels (dom0 only) based on linux kernel code * Wed Nov 11 2020 tv 4.14.0-8.mga8 + Revision: 1644447 - Information leak via power sidechannel [XSA-351, CVE-2020-28368] (#1897146) * Wed Nov 04 2020 tv 4.14.0-7.mga8 + Revision: 1642581 - revised patch for XSA-286 (mitigating performance impact) - Work around gcc-11 stringop-overflow diagnostics as well * Thu Oct 29 2020 tv 4.14.0-6.1.mga8 + Revision: 1640521 - updage grub2 config when (un)installing hypervisor - x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) - some fixes for gcc 11 - switch to systemd macros, use them in the sub pkgs - drop the requires on grub (useless) - drop the requires on kmod (already in basesystem) - drop obsolete BR on texi2html ghostscript tetex-latex - requires kpartx - fix license * Wed Oct 21 2020 tv 4.14.0-5.mga8 + Revision: 1637766 - create a xen-licenses collecting all sub licenses - split runtime in order to minimize deps - add xen-hypervisor-abi provides - do not hard requires the full qemu stack (deps!) * Tue Oct 20 2020 tv 4.14.0-4.mga8 + Revision: 1637400 - x86: Race condition in Xen mapping code [XSA-345] - undue deferral of IOMMU TLB flushes [XSA-346] - unsafe AMD IOMMU page table updates [XSA-347] - do not require non existing kernel-server on arm * Wed Sep 23 2020 tv 4.14.0-3.mga8 + Revision: 1629525 - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (rhbz#1881619) - Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (rhbz#1881616) - race when migrating timers between x86 HVM vCPU-s [XSA-336, CVE-2020-25604] (rhbz#1881618) - PCI passthrough code reading back hardware registers [XSA-337, CVE-2020-25595] (rhbz#1881587) - once valid event channels may not turn invalid [XSA-338, CVE-2020-25597] (rhbz#1881588) - x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (rhbz#1881617) - Missing memory barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603] (rhbz#1881583) - out of bounds event channels available to 32-bit x86 domains [XSA-342, CVE-2020-25600] (rhbz#1881582) - races with evtchn_reset() [XSA-343, CVE-2020-25599] (rhbz#1881581) - lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344, CVE-2020-25601] (rhbz#1881586) * Tue Aug 25 2020 tv 4.14.0-2.mga8 + Revision: 1618903 - QEMU: usb: out-of-bounds r/w access issue [XSA-335, CVE-2020-14364] (rhbz#1871850) * Sat Aug 01 2020 tv 4.14.0-1.mga8 + Revision: 1610277 - update to 4.14.0 remove or adjust patches now included or superceded upstream adjust xen.hypervisor.config bison and flex packages now needed for hypervisor build /usr/bin/vchan-socket-proxy and /usr/sbin/xenhypfs have been added with associated libraries and man page - revise documentation build dependencies drop tex, texinfo, ghostscript, graphviz, discount add perl(Pod::Html) perl(File::Find) - additional build dependency for ocaml on perl(Data::Dumper) * Wed Jul 08 2020 tv 4.13.1-3.mga8 + Revision: 1603032 - incorrect error handling in event channel port allocation leads to DoS [XSA-317, CVE-2020-15566] (#1854465) - inverted code paths in x86 dirty VRAM tracking leads to DoS [XSA-319, CVE-2020-15563] (#1854463) - xen: insufficient cache write-back under VT-d leads to DoS [XSA-321, CVE-2020-15565] (#1854467) - missing alignment check in VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564] (#1854458) - non-atomic modification of live EPT PTE leads to DoS [XSA-328, CVE-2020-15567] (#1854464) * Thu Jun 11 2020 tv 4.13.1-2.mga8 + Revision: 1592274 - Special Register Buffer speculative side channel [XSA-320] * Tue May 19 2020 tv 4.13.1-1.mga8 + Revision: 1586256 - update to 4.13.1 * Wed May 06 2020 tv 4.13.0-21.mga8 + Revision: 1581249 - force gcc >= 10 - build aarch64 hypervisor with -mno-outline-atomics to fix gcc 10 build * Wed Apr 15 2020 tv 4.13.0-19.mga8 + Revision: 1567543 - multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (rhbz#1823912, rhbz#1823914) - Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (rhbz#1823784) - Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (rhbz#1823926) - Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (rhbz#1823943) * Sun Apr 12 2020 tv 4.13.0-18.mga8 + Revision: 1566923 - try even harder to fix armv7 * Sun Apr 12 2020 tv 4.13.0-17.mga8 + Revision: 1566914 - try harder to fix armv7 * Sun Apr 12 2020 tv 4.13.0-16.mga8 + Revision: 1566910 - try to fix build on arm * Fri Apr 10 2020 tv 4.13.0-15.mga8 + Revision: 1566161 - rebuild for brltty 6.1 * Tue Mar 10 2020 tv 4.13.0-14.mga8 + Revision: 1555341 - setting for --with-system-ipxe should be a rom file (rhbz#1778516) - add weak depends on ipxe-roms-qemu and qemu-system-x86-core - build flask/xenpolicy * Fri Feb 28 2020 umeabot 4.13.0-13.mga8 + Revision: 1551376 - Rebuild for ocaml 4.10.0 final * Thu Feb 20 2020 umeabot 4.13.0-12.mga8 + Revision: 1546201 - Mageia 8 Mass Rebuild * Fri Jan 31 2020 pterjan 4.13.0-11.mga8 + Revision: 1486154 - Fix build on armv8l machines (by using arm32 rather than arm64) * Fri Jan 31 2020 tv 4.13.0-10.mga8 + Revision: 1486013 - use linux32 to hide the 64bitness of the build host & not build ACPI stuff - enable do disable ocaml support if needed * Fri Jan 31 2020 tv 4.13.0-9.mga8 + Revision: 1485972 - use --disable-qemu-traditional on armv7 - restore XEN_TARGET_ARCH=arm32 * Fri Jan 31 2020 tv 4.13.0-8.mga8 + Revision: 1485925 - try to workaround armv7 failing on 64bit aarch64 build host * Fri Jan 31 2020 tv 4.13.0-7.mga8 + Revision: 1485849 - try to workaround armv7 build failure * Tue Jan 28 2020 tv 4.13.0-6.mga8 + Revision: 1484597 - tag some files as %%config - move oxenstored into ocaml-xen - update %%descr * Thu Jan 23 2020 tv 4.13.0-5.mga8 + Revision: 1482247 - build fixes for OCaml 4.10.0 and gcc 10 * Fri Jan 17 2020 pterjan 4.13.0-4.mga8 + Revision: 1481223 - Attempt again to fix armv7hl build * Fri Jan 17 2020 pterjan 4.13.0-3.mga8 + Revision: 1481222 - Attempt to fix armv7hl build * Wed Jan 15 2020 tv 4.13.0-2.mga8 + Revision: 1478033 - arm: a CPU may speculate past the ERET instruction [XSA-312] - add weak requires for perl (/etc/xen/scripts/locking.sh) * Fri Dec 20 2019 tv 4.13.0-1.mga8 + Revision: 1469043 - update config file - update to 4.13.0 - remove patches now included or superceded upstream - adjust xen.hypervisor.config - /usr/sbin/xen-tmem-list-parse has been removed - pkgconfig files have moved to %%{_libdir}/pkgconfig - /usr/sbin/xen-ucode has been added (x86 only) - fix build with OCaml 4.09.0 * Thu Dec 12 2019 tv 4.12.1-6.mga8 + Revision: 1466026 - denial of service in find_next_bit() [XSA-307, CVE-2019-19581, CVE-2019-19582] (#1782211) - denial of service in HVM/PVH guest userspace code [XSA-308, CVE-2019-19583] (#1782206) - privilege escalation due to malicious PV guest [XSA-309, CVE-2019-19578] (#1782210) - Further issues with restartable PV type change operations [XSA-310, CVE-2019-19580] (#1782207) - vulnerability in dynamic height handling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208) - add patches needed to apply XSA-311 * Wed Nov 27 2019 tv 4.12.1-5.mga8 + Revision: 1463124 - Device quarantine for alternate pci assignment methods [XSA-306] * Wed Nov 13 2019 tv 4.12.1-4.mga8 + Revision: 1459858 - add missing XSA-299 patches - x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] - TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] * Sun Nov 03 2019 tv 4.12.1-3.mga8 + Revision: 1457483 - VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] - missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] - Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (#1767726) - add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] - passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424] (#1767731) - ARM: Interrupts are unconditionally unmasked in exception handlers [XSA-303, CVE-2019-18422] * Sun Sep 15 2019 tv 4.12.1-2.mga8 + Revision: 1441507 - rebuild with new rpm linked perl-URPM * Fri Aug 09 2019 tv 4.12.1-1.mga8 + Revision: 1428475 - new release * Thu Jul 04 2019 tv 4.12.0-3.mga8 + Revision: 1418400 - Unlimited Arm Atomics Operations [XSA-295] (#1720760) - some debug files are now properly packaged in debuginfo rpms - fix HVM DomU boot on some chipsets - fix expected FTBFS with Python 3.8 (#1704807) * Wed May 15 2019 tv 4.12.0-2.mga7 + Revision: 1397871 - Microarchitectural Data Sampling speculative side channel [XSA-297, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091] - additional patches so above applies cleanly * Sun Apr 14 2019 tv 4.12.0-1.mga7 + Revision: 1389949 - reeable i586 but disable cross compiling hypervisor for now - fix filelist for aarch64 - temporary disable i586 - update to 4.12.0 - remove patches for issues now fixed upstream - replace xen.use.fedora.ipxe.patch with --with-system-ipxe - drop xen.glibcfix.patch xen.gcc8.temp.fix.patch which are no longer needed - rediff patches - xen.hypervisor.config refresh - kdd is now xen-kdd, xenmon.py is now xenmon, fsimage.so is now xenfsimage.so fs libdir is now xenfsimage libdir - xen-ringwatch xen-bugtool have been dropped - remove remaining traces of efiming and efi_flags logic - switch from python2 to python3 * Wed Mar 06 2019 tv 4.11.1-1.mga7 + Revision: 1372036 - enable to disable building docs - update to 4.11.1 - construct ovmf.bin from edk2-ovmf package (rhbz#1656651) - xen: various flaws (rhbz#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update [XSA-291] x86: insufficient TLB flushing when using PCID [XSA-292] x86: PV kernel context switch corruption [XSA-293] x86 shadow: Insufficient TLB flushing when using PCID [XSA-294] remove patches for issues now fixed upstream adjust xen.use.fedora.ipxe.patch * Thu Nov 22 2018 tv 4.11.0-9.mga7 + Revision: 1333165 - insufficient TLB flushing / improper large page mappings with AMD IOMMUs [XSA-275] (#1651665) - x86: DoS from attempting to use INVPCID with a non-canonical addresses [XSA-279] (#1651970) - xen: various flaws (#1652251) resource accounting issues in x86 IOREQ server handling [XSA-276] x86: incorrect error handling for guest p2m page removals [XSA-277] Fix for XSA-240 conflicts with shadow paging [XSA-280] * Wed Nov 07 2018 tv 4.11.0-8.mga7 + Revision: 1328822 - guest use of HLE constructs may lock up host [XSA-282] * Sat Nov 03 2018 pterjan 4.11.0-7.mga7 + Revision: 1327850 - Only require grub on architectures where it exists - Kill old Requires on glibc-xen * Tue Oct 30 2018 tv 4.11.0-6.mga7 + Revision: 1326740 - x86: Nested VT-x usable even when disabled [XSA-278, CVE-2018-18883] (rhbz#1643118) * Thu Oct 25 2018 wally 4.11.0-5.mga7 + Revision: 1325485 - fix build on i586 - update file list for arm/aarch64 + daviddavid - rebuild for new ocaml 4.07.1 + tv - set /usr/bin/python2 at the start of another python script - reenable EFI images now that we've fixed binutils - BR libfdt-devel on arm * Thu Sep 13 2018 tv 4.11.0-2.mga7 + Revision: 1258876 - temporary unlist missing efi images - set properly libexecdir on ix86 - sync patches with FC - fix build on ix86 - 4.11.0 - replace use of deprecated brctl command (rhbz#1588712) - Speculative register leakage from lazy FPU context switching * Thu May 31 2018 tv 4.10.1-2.mga7 + Revision: 1233265 - fix build with glibc 2.27 - Speculative Store Bypass [XSA-263, CVE-2018-3639] (with extra patches so it applies cleanly) * Wed May 09 2018 tv 4.10.1-1.mga7 + Revision: 1227910 - 4.10.1 - make doc noarch * Thu Feb 01 2018 tv 4.10.0-2.mga7 + Revision: 1198465 - try harder to have a cross build for ix86 - fix ix86 build - sync patches with FC - new release * Tue Jun 20 2017 tmb 4.6.5-2.mga6 + Revision: 1107965 - fix XSA-216 to XSA-225 * Sun Jun 04 2017 tmb 4.6.5-1.mga6 + Revision: 1106636 - sync with Fedora 4.6.5-6 (fixes all security issues up to XSA-215) * Mon Sep 26 2016 pterjan 4.6.1-8.mga6 + Revision: 1056531 - Rebuild for fix in ocaml * Thu Jun 16 2016 daviddavid 4.6.1-7.mga6 + Revision: 1021767 - add patch from fedora to fix build with new systemd * Fri May 13 2016 tv 4.6.1-6.mga6 + Revision: 1014808 - sync patches with FC * Thu Apr 21 2016 tv 4.6.1-5.mga6 + Revision: 1004111 - adjust file list - disable patch 92 again and explain why I had disabled it in the first place :-) - do apply patch 92 - sync CVE patches with FC - do not include qemu language files * Mon Apr 18 2016 tv 4.6.1-4.mga6 + Revision: 1003363 - use %%doc - do not reinvent %%doc - drop static libs - requires qemu & drop ROMs already packaged - xen support is in 256k seabios binary when it exists - build an efi boot image where it is supported * Mon Apr 11 2016 alien 4.6.1-2.mga6 + Revision: 1000425 - Fixed xenstored mount by turning off selinux support + tv - remove unused BR - kill old obsolete tags - add some BRs for doc * Sun Apr 03 2016 tv 4.6.1-1.mga6 + Revision: 997741 - new release - sync patches with FC - drop merged patches - adjust file list - the project name is "Xen", not "XEN" + tmb - vnc/tls: don't use depricated gnutls functions - vnc/tls: Fix compilation with newer versions of GNU-TLS - sync in upstream fixes from upstream stable 4.5 branch - PV superpage functionality missing sanity checks (XSA167 / CVE-2016-1570) - VMX: intercept issue with INVLPG on non-canonical address (XSA-168 / CVE-2016-1571) + luigiwalser - rebuild for gnutls + blino - buildrequire spice and usbredirparser on ARM as well * Tue Jan 05 2016 neoclust 4.5.2-6.mga6 + Revision: 919848 - Do not build xen on ARM * Thu Dec 24 2015 tmb 4.5.2-5.mga6 + Revision: 914470 - paravirtualized drivers incautious about shared memory contents (CVE-2015-8550 / XSA-155) * Thu Dec 24 2015 tmb 4.5.2-4.mga6 + Revision: 914226 - memory: split and tighten maximum order permitted in memops (CVE-2015-8338 / XSA-158) - memory: fix XENMEM_exchange error handling (CVE-2015-8339 + CVE-2015-8340 / XSA-159) - libxl: Fix bootloader-related virtual memory leak on pv build failure - x86/PoD: Make p2m_pod_empty_cache() restartable - x86/vmx: improvements to vmentry failure handling - x86/HVM: don't inject #DB with error code - VMX: fix/adjust trap injection - sched: fix locking for insert_vcpu() in credit1 and RTDS - x86/vPMU: document as unsupported (XSA-163) - x86/boot: check for not allowed sections before linking - x86/ept: remove unnecessary sync after resolving misconfigured entries - evtchn: don't reuse ports that are still "busy" - VT-d: drop unneeded Ivybridge quirk workaround - x86/time: fix domain type check in tsc_set_info() - x86: don't leak ST(n)/XMMn values to domains first using them (CVE-2015-8555 / XSA-165) - x86/HVM: avoid reading ioreq state more than once (XSA-166) - net: pcnet: add check to validate receive data size (XSA-162 / CVE-2015-7504) - MSI-X: avoid array overrun upon MSI-X table writes (XSA-164 / CVE pending) - x86: make debug output consistent in hvm_set_callback_via (XSA-169 / CVE pending) * Tue Dec 01 2015 neoclust 4.5.2-3.mga6 + Revision: 907488 - Do not enable spice support on arm * Tue Nov 10 2015 tmb 4.5.2-2.mga6 + Revision: 900407 - fix xsa156 * Wed Nov 04 2015 tmb 4.5.2-1.mga6 + Revision: 897747 - update to 4.5.2 (maintenance release) * drop merged xsa security fixes * Fri Oct 30 2015 tmb 4.5.1-2.mga6 + Revision: 896795 - fix XSA145 - XSA153 * Wed Oct 14 2015 tmb 4.5.1-1.mga6 + Revision: 890554 - add missing xsa135 fixes to qemu-xen-traditional - add fixes for xsa137-xsa142 - fix ixpe ath9k build with gcc 5.1+ - update to 4.5.1 (fixes XSA-117 to XSA-136) * Fri Feb 20 2015 alien 4.5.0-4.mga5 + Revision: 816020 - Fix virtio-9p support (shared folders) * Thu Feb 19 2015 alien 4.5.0-3.mga5 + Revision: 815803 - Fix service startup * Thu Feb 19 2015 alien 4.5.0-2.mga5 + Revision: 815785 - Add Spice support - Fix seabios * Mon Feb 02 2015 alien 4.5.0-1.mga5 + Revision: 813108 - Update to version 4.5.0 - xend has now been removed - remus has been integrated with xl - add internal qemu translations - include remus network buffering * Tue Dec 02 2014 philippem 4.4.1-5.mga5 + Revision: 800394 - remove dependency on python-pyxml and change to python-lxml * Wed Oct 15 2014 umeabot 4.4.1-4.mga5 + Revision: 738855 - Second Mageia 5 Mass Rebuild * Sat Sep 27 2014 tv 4.4.1-3.mga5 + Revision: 730736 - rebuild for missing pythoneggs deps + umeabot - Mageia 5 Mass Rebuild * Sat Sep 06 2014 tv 4.4.1-1.mga5 + Revision: 672956 - new release + pterjan - Rebuild for new Python * Mon Mar 31 2014 tv 4.4.0-5.mga5 + Revision: 610946 - readd back old ipxe tarball (we need to package edk2 + cross-binutils before packaging ipxe) - add units files to file list - install modules sysconfig file w/o executable permission - add systemd units from FC - further sync with FC - sync stubdoms with FC - drop old qemu-xen-4.0.0-rc4.tar.gz * Mon Mar 31 2014 tv 4.4.0-4.mga5 + Revision: 610826 - revert major bump for now (libification is wrong for quite some time with mixed majors) * Mon Mar 31 2014 tv 4.4.0-3.mga5 + Revision: 610820 - fix conflict with qemu * Sun Mar 30 2014 tv 4.4.0-2.mga5 + Revision: 610357 - bump major * Sun Mar 30 2014 tv 4.4.0-1.mga5 + Revision: 610096 - adjust file list - new release * Fri Nov 08 2013 alien 4.3.1-2.mga4 + Revision: 550006 - Fix XSA-75(No CVE yet) - Host crash due to guest VMX instruction execution * Sun Nov 03 2013 alien 4.3.1-1.mga4 + Revision: 549232 - Update to version 4.3.1 * Fri Nov 01 2013 alien 4.3.0-7.mga4 + Revision: 548766 - fix Security bug XSA73/No CVE yet - Lock order reversal between page allocation and grant table locks * Tue Oct 29 2013 alien 4.3.0-6.mga4 + Revision: 547869 - Security fix XSA72/CVE-2013-4416: ocaml xenstored mishandles oversized message replies * Tue Oct 22 2013 umeabot 4.3.0-5.mga4 + Revision: 544714 - Mageia 4 Mass Rebuild * Tue Oct 15 2013 pterjan 4.3.0-4.mga4 + Revision: 500002 - Rebuild to add different pythonegg provides for python 2 and 3 * Mon Oct 14 2013 alien 4.3.0-3.mga4 + Revision: 497613 + rebuild (emptylog) * Mon Oct 14 2013 alien 4.3.0-2.mga4 + Revision: 497500 - fix building in 32bit * Mon Oct 14 2013 alien 4.3.0-1.mga4 + Revision: 497469 - Exclude unsupported i586 hypervisor - Fix building without fetcher - Update to new version 4.3.0 - include polarssl for stubdom - add xencov & xencov_split executables - rediff xencommon patch - remove upstreamed patches - Fix XSA62,XSA63,XSA64,XSA66,XSA67,XSA68,XSA69,XSA70: CVE-2013-1442, CVE-2013-4355, CVE-2013-4356, CVE-2013-4361, CVE-2013-4368, CVE-2013-4369, CVE-2013-4370, CVE-2013-4371 * Wed Jun 12 2013 tv 4.2.2-1.mga4 + Revision: 442161 - add man fix from FC - new release - drop merged patches - drop useless gcc-4.5 support patch - add security patches from FC + fwang - rebuild for new brlapi * Thu May 02 2013 alien 4.2.1-16.mga3 + Revision: 412012 - Fix CVE-2013-1918 and CVE-2013-1952 * Thu Apr 18 2013 alien 4.2.1-15.mga3 + Revision: 410438 - Fix CVE-2013-1917 & CVE-2013-1919 * Wed Apr 17 2013 alien 4.2.1-14.mga3 + Revision: 410392 - Fix CVE-2013-1920 - Fix CVE-2012-5634, CVE-2013-0151, CVE-2013-0152, CVE-2013-0153, CVE-2013-0154 & CVE-2013-0215 * Tue Apr 09 2013 alien 4.2.1-12.mga3 + Revision: 409145 - Fix libvirtd crash after shutdown guest * Fri Apr 05 2013 alien 4.2.1-11.mga3 + Revision: 408343 - fix missing requires * Thu Apr 04 2013 alien 4.2.1-10.mga3 + Revision: 407565 - fix and split ocaml packages * Sat Mar 30 2013 tv 4.2.1-9.mga3 + Revision: 406775 - patch 4: fix qemu-system-i386 path in xencommons service (mga#9294) * Sun Mar 24 2013 colin 4.2.1-8.mga3 + Revision: 404859 - Add systemd requires and general post/pre fixes (mga#9302) * Sun Mar 03 2013 alien 4.2.1-7.mga3 + Revision: 401283 - typo in filename - helperscripts are only moved if different arch - Move helper scripts to location they are looked after by various scripts and hardcoded binaries * Sat Mar 02 2013 alien 4.2.1-6.mga3 + Revision: 401170 - Fix creation of log directory * Sat Mar 02 2013 alien 4.2.1-5.mga3 + Revision: 401025 - Fix xenstored detection * Wed Jan 16 2013 colin 4.2.1-4.mga3 + Revision: 388627 - Use tmpfiles to create /run dirs. * Mon Jan 14 2013 umeabot 4.2.1-3.mga3 + Revision: 386743 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Sun Jan 13 2013 alien 4.2.1-2.mga3 + Revision: 361563 - Fix udev migration - fix /run being tmpfs * Tue Jan 08 2013 alien 4.2.1-1.mga3 + Revision: 343172 - Update to new version * Thu Aug 23 2012 guillomovitch 4.1.3-1.mga3 + Revision: 283231 - new version + alien - add security patches * Sun Jun 10 2012 tv 4.1.2-5.mga3 + Revision: 259292 - require kmod instead of module-init-tools * Mon Mar 26 2012 alien 4.1.2-4.mga2 + Revision: 226967 - Fix for dom0 .xz compressed kernels * Tue Mar 13 2012 guillomovitch 4.1.2-3.mga2 + Revision: 223229 - debian patch for CVE-2012-0029 * Tue Mar 06 2012 malo 4.1.2-2.mga2 + Revision: 219491 - rebuild for new vde - rename xen-ocaml to ocaml-xen, per OCaml policy * Wed Jan 25 2012 tmb 4.1.2-1.mga2 + Revision: 201370 - update to 4.1.2 - kernel-xen-pvops is now merged with kernel-server - drop defattr * Thu Nov 03 2011 dmorgan 4.1.1-2.mga2 + Revision: 161928 - Change tetex-texi2html into texi2html + fwang - drop invalid Default-Enabled keyword - br gcrypt + tv - new release * Mon Apr 11 2011 tmb 4.1.0-2.mga1 + Revision: 83471 - rebuild for missing x86_64 packages * Sun Apr 10 2011 tmb 4.1.0-1.mga1 + Revision: 83034 - update to 4.1.0 - add ipxe sources - require kernel-xen-pvops * Mon Mar 07 2011 saispo 4.0.1-1.mga1 + Revision: 65925 - imported package xen