%undefine _hardened_build ## # Preamble - macro language only, bash elsewhere ## # Build ocaml bits unless rpmbuild was run with --without ocaml # or ocamlopt is missing (the xen makefile doesn't build ocaml bits if it isn't there) # build xsm support unless rpmbuild was run with --without xsm # or required packages are missing %define with_xsm %{?_without_xsm: 0} %{?!_without_xsm: 1} %define with_xenxsm %{?_without_xenxsm: 0} %{?!_without_xenxsm: 1} %define with_tumeq %{?_without_tumeq: 0} %{?!_without_tumeq: 1} %define build_xsm %(test -x %{_bindir}/checkpolicy && test -x %{_bindir}/m4 && echo %{with_xsm} || echo 0) # no more python, python_sitearch will also use python3 %define __python /usr/bin/python3 %if ! %{defined _xenlib} %define _xenlib /usr/lib %endif # cross compile 64-bit hypervisor on ix86 unless rpmbuild was run # with --without crosshyp # introduce install_only %define install_only %{?_with_reuse: 1} %{?!_with_reuse: 0} # introduce scm_git %define scm_git %{?_without_scmgit: 0} %{?!_without_scmgit: 1} # build an efi boot image (where supported) unless rpmbuild was run with # --without efi %define build_efi %{?_without_efi: 0} %{?!_without_efi: 1} # xen only supports efi boot images on x86_64 %ifnarch x86_64 %define build_efi 0 %endif # Hypervisor ABI %define hv_abi 4.16 %define build_hyp 1 %define with_systemd_presets 1 %define with_systemd 1 %global _source_payload w5.xzdio %global _binary_payload w5.xzdio ## # dynamic global defines # fancy macro language ## %if 0%{?rhel} %global EFI_VENDOR redhat %endif %if 0%{?fedora} %global EFI_VENDOR fedora %endif %if 0%{?centos} %global EFI_VENDOR centos %endif %if 0%{?almalinux} %global EFI_VENDOR almalinux %endif %if 0%{?oraclelinux} %global EFI_VENDOR oraclelinux %endif # adapt to python3 %{!?python3_sitearch: %global python3_sitearch %(%{__python3} -Ic "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} # %{!?ocamllib: %global ocamllib %(ocamlfind printconf stdlib)} Summary: Xen is a virtual machine monitor Name: xen Version: 4.16.1 Epoch: 2 Release: 2%{?dist} Group: Development/Libraries License: GPLv2+ and LGPLv2+ and BSD URL: http://xen.org/ %global tarversion 4.16.1 ## define debug_package \{nil} #Source0: http://prymar56.org/xen/ubuntu/bionic/4dx/source/xen-{tarversion}.tar.xz #Source0: https://downloads.xenproject.org/release/xen/{tarversion}/xen-{tarversion}.tar.gz Source0: http://199.249.188.45/xen/debian/bullseye-nmu/4gx/source/xen_%{tarversion}.orig.tar.xz #https://downloads.xenproject.org/release/xen/{tarversion}/xen-{tarversion}.tar.gz Source1: cmdline Source2: %{name}.logrotate Source3: https://code.coreboot.org/p/seabios/downloads/seabios-1.12.1.tar.gz Source4: http://xenbits.xen.org/xen-extfiles/ipxe-git-1dd56dbd11082fb622c2ed21cfaced4f47d798a6.tar.gz Source5: ovmf.bin.4g Source6: ovmf.bin.sha1 #Source6: ovmf-dir.tar.gz.nov10 Source7: macros.prymar56 Source8: git_init Source9: xen_4.16_amd64.config # obsolete patch, but archive it #Source9: xen47-0051-EFI-support-for-C7-using-mingw-loader.patch.bad # used by stubdoms Source10: http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz Source11: http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz Source12: http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz Source13: http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 Source14: http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz Source15: http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz Source16: http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz Source17: http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 Source18: xcfg-el9 # last commit of ovmf is the lite version Source19: ovmf.bin.4g.lite # this script is used to create xcfg-el9 Source20: cfg-dump Source21: add-debug-perf.patch Source22: 0402-build-shortcut-to-make-qemu-xen.patch.not # below used by cfg-dump Source23: xenfigure.macro Source25: README.xenperf Source26: .gitignore Source27: qemu-kvm Source28: reuse-stubdom-4g.tar.xz Source30: extract-config-opts # same as *.br, but BuildRequires stripped out Source31: qemu-config.macro Source32: qemu-config.br Source33: tools-cfg Source34: README.cfg-dump Source35: README.install-sh #Source36: src-qemu-keymap.tar.xz %if %{defined _with_minsize} NoSource: 0 NoSource: 10 NoSource: 11 NoSource: 12 NoSource: 13 NoSource: 14 NoSource: 15 NoSource: 16 NoSource: 17 #NoSource: 0 10 11 12 13 14 15 16 17 %endif %include %{SOURCE7} %global buildtree %{_builddir}/%{name}-%{tarversion} # inline dynamic writer (prep) %{lua: flist= posix.files(rpm.expand("%{_topdir}/SOURCES")) tp={} for f in flist do g = string.match(f,'^xen4g.*%.patch$') if g ~= nil then table.insert(tp, f ) end g = string.match(f,'^misc.*%.patch$') if g ~= nil then table.insert(tp, f ) end g = string.match(f,'^qemu.*%.patch$') if g ~= nil then table.insert(tp, f ) end end table.sort(tp) for i,p in ipairs(tp) do print(string.format("Patch%03u: %s\n", i, p)) end } BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: transfig libidn-devel zlib-devel curl-devel BuildRequires: libX11-devel python3 python3-devel ghostscript #BuildRequires: texlive-latex texi2html #BuildRequires: texlive-times texlive-courier texlive-helvetic texlive-ntgclass BuildRequires: ncurses-devel libaio-devel # for the docs BuildRequires: perl perl(Pod::Man) perl(Pod::Text) texinfo qemuu-uncom BuildRequires: bison flex python3-markdown # perl-Pod-Simple # so that the makefile knows to install udev rules BuildRequires: udev %ifarch %{ix86} x86_64 # so that x86_64 builds pick up glibc32 correctly #BuildRequires: /usr/include/gnu/stubs-32.h glibc-devel(x86-32) BuildRequires: glibc-devel(x86-32) hostname # for the VMX "bios" BuildRequires: dev86 %endif BuildRequires: gettext BuildRequires: openssl-devel # For ioemu PCI passthrough ## #TPM stubdom support BuildRequires: libgcrypt-devel BuildRequires: libgcrypt BuildRequires: pixman-devel BuildRequires: cmake # Several tools now use uuid BuildRequires: libuuid-devel # iasl needed to build hvmloader BuildRequires: iasl # modern compressed kernels BuildRequires: bzip2-devel xz-devel lzo-devel libzstd-devel # libfsimage BuildRequires: e2fsprogs-devel # tools now require yajl and wget BuildRequires: yajl-devel wget %if %with_xsm # xsm policy file needs needs checkpolicy and m4 BuildRequires: checkpolicy m4 %endif # qemu-xen BR # now done via macro qemu-config.br %include %{SOURCE32} #Requires: bridge-utils Requires: python3-lxml Requires: udev >= 059 Requires: xen-runtime = %{epoch}:%{version}-%{release} # Not strictly a dependency, but kpartx is by far the most useful tool right # now for accessing domU data from within a dom0 so bring it in when the user # installs xen. Requires: kpartx Requires: chkconfig autoconf ExclusiveArch: %{ix86} x86_64 BuildRequires: ocaml, ocaml-findlib BuildRequires: figlet autoconf # efi image needs an ld that has -mi386pep option # for ovmf BuildRequires: xz-libs nasm # newlib-x86_32 BuildRequires: libgcc(x86-32) # remus_netbuf BuildRequires: libnl3-devel %if %with_tumeq BuildRequires: SDL-devel %endif %if %with_systemd_presets Requires(post): systemd Requires(preun): systemd Requires(postun): systemd BuildRequires: systemd BuildRequires: systemd-devel %endif %if %scm_git BuildRequires: git perl-Git %endif %if 0%{?el9} Requires: initscripts BuildRequires: initscripts %endif %description This package contains the xendomain script and systemd service file, needed to manage virtual machines running under the Xen hypervisor %package libs Summary: Libraries for Xen tools Group: Development/Libraries Requires(pre): /sbin/ldconfig Requires(post): /sbin/ldconfig Requires: xen-licenses %description libs This package contains the libraries needed to run applications which manage Xen virtual machines. %package runtime Summary: Core Xen runtime environment Group: Development/Libraries Requires: xen-libs = %{epoch}:%{version}-%{release} #Requires: /usr/bin/qemu-img /usr/bin/qemu-nbd # Ensure we at least have a suitable kernel installed, though we can't # force user to actually boot it. Requires: python%{python3_version_nodots} Requires: xen-hypervisor-abi = %{hv_abi} %description runtime This package contains the runtime programs and daemons which form the core Xen userspace environment. %package hypervisor Summary: Libraries for Xen tools Group: Development/Libraries Provides: xen-hypervisor-abi = %{hv_abi} Requires: xen-licenses %description hypervisor This package contains the Xen hypervisor %package doc Summary: Xen documentation Group: Documentation #BuildArch: noarch Requires: xen-licenses %description doc This package contains the Xen documentation. %package devel Summary: Development libraries for Xen tools Group: Development/Libraries Requires: xen-libs = %{epoch}:%{tarversion}-%{release} Requires: libuuid-devel %description devel This package contains what's needed to develop applications which manage Xen virtual machines. %package licenses Summary: License files from Xen source Group: Documentation %description licenses This package contains the license files from the source used to build the xen packages. %package ocaml Summary: Ocaml libraries for Xen tools Group: Development/Libraries Requires: xen-libs = %{epoch}:%{version}-%{release} %description ocaml This package contains libraries for ocaml tools to manage Xen virtual machines. %package ocaml-devel Summary: Ocaml development libraries for Xen tools Group: Development/Libraries Requires: ocaml-runtime,xen-ocaml # = {version}- {release} %description ocaml-devel This package contains libraries for developing ocaml tools to manage Xen virtual machines. %package -n qemuu Version: 6.1.1+1 Release: 2%{?dist} # build is staged to dist/uumeq Summary: Qemu upstream runtime environment Group: Development/Libraries Requires: xen-libs = %{epoch}:%{tarversion} Conflicts: qemu-system-x86 Conflicts: qemu-img >= 15:4.2.0 Conflicts: qemu-kvm-core >= 15:4.2.0 Requires: /usr/bin/qemu-img # Ensure we at least have a suitable kernel installed, though we can't # force user to actually boot it. Requires: xen-hypervisor-abi = %{hv_abi} %description -n qemuu This package contains the runtime programs which form the qemuu part of the core Xen userspace environment. %package -n qemuu-img Version: 6.1.1+1 Release: 2%{?dist} Conflicts: qemu-img >= 15:4.2.0 # build is staged to dist/uumeq Summary: QEMU command line tool for manipulating disk images %description -n qemuu-img This package contains the QEMU command line tool for manipulating disk images %if %with_tumeq %package -n qemut Version: 0.10.2+1 Release: 2%{?dist} # build is staged to dist/uumeq Summary: Qemu traditional runtime environment Group: Development/Libraries Requires: xen-libs = %{epoch}:%{tarversion} #Requires: /usr/bin/qemu-img /usr/bin/qemu-nbd # Ensure we at least have a suitable kernel installed, though we can't # force user to actually boot it. Requires: xen-hypervisor-abi = %{hv_abi} Requires: ipxe-roms-qemu %description -n qemut This package contains the runtime programs which form the qemut part of the core Xen userspace environment. %endif %if %{defined _with_storeutils} %package -n xenstore-guest-utils Summary: Portable xenstore command line utils %description -n xenstore-guest-utils This package contains client command line utils to query the xenstore DB from the client/VM installs Conflicts: xen-runtime = %{version}-%{release} %files -n xenstore-guest-utils %{_bindir}/xenstore %{_bindir}/xenstore-* %{_mandir}/man1/xenstore-* %{_libdir}/libxenstore*.so.* %{_libdir}/libxentoolcore*.so.* %doc README INSTALL %endif %define ocaml_flags OCAML_TOOLS=y #define efi_flags LD_EFI=/usr/x86_64-w64-mingw32/bin/ld # redefine this macro %global _libexecdir %{_xenlib} %prep %prep_reuse %setup -q -n %{name}-%{tarversion} %global pchcnt %{lua: if patches == nil then print("0") else print(#patches) end} %if 1==1 # untar seabios before any patching tar -xf %{SOURCE3} -C tools/firmware #(cd tools/firmware; mv seabios-1.12.1 seabios-dir) sed -i -e '/^$(Q)$(MAKE)/ s|$(Q)$(MAKE)|$(Q)+$(MAKE)|' tools/firmware/seabios-dir/Makefile %endif # introduce scm_git (use internal git repo with mbox patches) %if %scm_git # patches target tarball which has imports from these git repos ### # define macro which sets up the internal git repo cp -p %{SOURCE26} ./.gitignore %global git_init %(cat %{SOURCE8}) %git_init %else # inline dynamic writer (prep) %autopatch -p1 %endif cp -p %{SOURCE4} tools/firmware/etherboot/ipxe.tar.gz cp -p %{SOURCE28} /tmp/reuse-stubdom-4g.tar.xz #if [ ! -f /usr/bin/qemu-keymap ]; then #fakeroot tar xf %{SOURCE36} #-C /usr/bin #fi mkdir -p tools/firmware/ovmf-dir/ cp -p %{SOURCE5} tools/firmware/ovmf-dir/ovmf.bin cp -p %{SOURCE5} ./ovmf.bin cp -p %{SOURCE19} ./ovmf.bin.lite # no need to build this until upstream changes # no Makefile, no joy # (cd {buildtree}/tools/firmware;cp ovmf-makefile ovmf-dir/Makefile) # stubdom sources cp -v %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} stubdom # fix for gmp-crosslib config bug (xen bugzilla) is now a patch to stubdom ## write last commit title in this build to changeset tag in `xl info` echo -n "0a5387a01165b46c8-x86/spec-ctrl: Mitigate Branch Type Confusion when possible-Tue 12 Jul 2022 08:25" > .scmversion sed -i -e '/EXTRAVER/ s/.2-pre/.1/' xen/Makefile ; ## below now done in misc-0406*patch sed -i -e '/MAKELEVEL/d' tools/Makefile #export XEN_VENDORVERSION=4 #sed -i -e 's|xenstore\/compat\/include|xenstore/include/compat|' tools/Makefile #sed -i -e '/EXTRAVER/ s/.1-pre/.0/' xen/Makefile sed -i -e '/^[[:space:]]\+gzip/ s/gzip \-f \-9/gzip -n -f -9/' extras/mini-os/Makefile ; # python3 support sed -i -e '/^PY_CFLAGS/ s/$/ -Wno-error/' tools/python/Makefile sed -i -e '/^extra_compile_args/ s/-Werror/-Wno-error/' tools/python/setup.py ## # build - use bash now ## %build %prep_reuse ./autogen.sh #if build_efi #define efi_flags LD_EFI=/usr/x86_64-w64-mingw32/bin/ld #mkdir -p dist/install/boot/efi/efi/{_proj} #endif mkdir -p dist/install%{ocamllib}/stublibs export XEN_DOMAIN="prymar56.org" %if 1==0 #export EFI_VENDOR %if 0%{?rhel} EFI_VENDOR=redhat %endif %if 0%{?fedora} EFI_VENDOR=fedora %endif %if 0%{?centos} EFI_VENDOR=centos %endif %if 0%{?almalinux} EFI_VENDOR=almalinux %endif %if 0%{?oraclelinux} EFI_VENDOR=oraclelinux %endif %endif mkdir -p dist/install/boot/kcfg mkdir -p dist/install/boot/efi/EFI/%{EFI_VENDOR} #export XEN_VENDORVERSION=4 %if %{defined _with_xenperf} ## # build xen with performance counter (now using kconfig method, Config.mk method is obsolete) ## # setup temp WD for xen debug build tdir=$(mktemp -u perf-XXXXXX) mkdir ${tdir} # get all root files, then 2 folders, skip other folders find . -maxdepth 1 -type f -exec cp -t ${tdir} {} + cp -a xen ${tdir}/ cp -a config ${tdir}/ # add default kconfig cp -p %{SOURCE9} ${tdir}/xen/.config # modify kconfig in WD (cd ${tdir};patch -p1 < %{SOURCE21}) #sed -i -e '/^# CONFIG_DEBUG is not/d' ${tdir}/xen/.config # start debug build export XEN_EXTRAVERSION=.0-perf %{__make} -j5 -C ${tdir}/xen cp -p ${tdir}/xen/.config dist/install/boot/kcfg/xen-%{hv_abi}-perf.config cp ${tdir}/xen/xen.gz dist/install/boot/xen-%{hv_abi}-perf.gz cp ${tdir}/xen/xen.efi dist/install/boot/efi/EFI/%{EFI_VENDOR}/xen-%{hv_abi}-perf.efi unset XEN_EXTRAVERSION %endif #export XEN_VENDORVERSION=4 export PYTHON=/usr/bin/python3 # build default hypervisor in tmp tdir=$(mktemp -u default-XXXXXX) echo ${tdir} > /dev/null mkdir ${tdir} find -maxdepth 1 -type f -exec cp -t ${tdir} {} + cp -al xen ${tdir}/ cp -al config ${tdir}/ ## # add default kconfig, .config # must be done before dynamic patch setup ## cp -p %{SOURCE9} ${tdir}/xen/.config PYTHON=/usr/bin/python3 %{__make} -j5 -C ${tdir}/xen cp -p ${tdir}/xen/.config dist/install/boot/kcfg/xen-%{hv_abi}.config cp ${tdir}/xen/xen.gz dist/install/boot/xen-%{hv_abi}.gz cp ${tdir}/xen/xen.efi dist/install/boot/efi/EFI/%{EFI_VENDOR}/xen-%{hv_abi}.efi #export LD_EFI=/usr/x86_64-w64-mingw32/bin/ld #set; %define _uumeqpath /usr/bin/qemu-system-i386 # this rule is in /Makefile # configure run in the tools-cfg makefile export CMNVAR="%cmnvars" export XTRACT_CFGS= %global _libexecdir %{_xenlib} # this makefile runs tools/configure %{__make} -f %{SOURCE33} %if 1 == 0 # skip default hypervisor build in main xen root, reserve that for xsm build cp -p %{SOURCE9} xen/.config set;exit 1 %{__make} -j5 -C xen # install-xen rule replacement cp -p xen/.config dist/install/boot/kcfg/xen-%{hv_abi}.config cp xen/xen.gz dist/install/boot/xen-%{hv_abi}.gz cp xen/xen.efi dist/install/boot/efi/EFI/%{EFI_VENDOR}/xen-%{hv_abi}.efi %endif cp -p install.sh dist/ chmod +x dist/install.sh %if %with_tumeq sed -i -e '/^CONFIG_ROMBIOS/ s|= n$|= y|' config/Tools.mk ; %endif set; PYTHON=/usr/bin/python3 %{__make} -j5 dist-tools PYTHON=/usr/bin/python3 %{__make} -j5 dist-docs # system-qemu patch was set in config, so build qemu-xen, staged to dist/uumeq sed -i -e '/^CONFIG_QEMU_XEN/ s|= n$|= y|' config/Tools.mk ; # shebang line in qemu scripts must point to python3 sed -i -e '1s|python$|python3|' tools/qemu-xen/scripts/*.py if [ ! -d $PWD/tools/pkg-config ]; then CONFIG_UUMEQ=y %{__make} -j3 -C tools fi if [ ! -f $PWD/dist/uumeq%{_uumeqpath} ]; then mkdir -p $PWD/dist/uumeq/usr/bin PYTHON=/usr/bin/python3 CONFIG_UUMEQ=y %{__make} -j3 subdir-install-qemu-xen-dir -C tools DESTDIR=$PWD/dist/uumeq ln -sf ../lib/xen/bin/qemu-system-i386 $PWD/dist/uumeq/usr/bin/qemu-system-i386 ln -sf ../lib/xen/bin/qemu-io $PWD/dist/uumeq/usr/bin/qemu-io ln -sf ../lib/xen/bin/qemu-nbd $PWD/dist/uumeq/usr/bin/qemu-nbd ln -sf ../lib/xen/bin/qemu-img $PWD/dist/uumeq/usr/bin/qemu-img cp -p %{SOURCE27} $PWD/dist/uumeq/usr/bin/qemu-kvm mkdir -p $PWD/dist/uumeq/etc/ld.so.conf.d/ ; echo "/usr/lib/xen/lib/qemu/" >> $PWD/dist/uumeq/etc/ld.so.conf.d/qemu-6.0.conf ; fi if [ -d $PWD/dist/uumeq/usr/lib/xen/lib/qemu ]; then chmod 755 $PWD/dist/uumeq/usr/lib/xen/lib/qemu/*.so fi %if %with_tumeq export QUT=${PWD}/dist/tumeq sed -i -e '/^CONFIG_QEMU_TRAD/ s|= n$|= y|' config/Tools.mk ; sed -i -e '/^CONFIG_ROMBIOS/ s|= n$|= y|' config/Tools.mk ; mkdir -p ${QUT}/usr/bin ; #env -u LDFLAGS $(MAKE) -j3 all -C tools/firmware DESTDIR=${QUT} # now pivot to the qemu-trad folder and install to our destination env -u LDFLAGS PYTHON=/usr/bin/python3 %{__make} -j3 subdir-install-qemu-xen-traditional-dir -C tools DESTDIR=${QUT} ## qemut cleanup ### ln -s ../lib/xen/bin/qemu-dm ${QUT}/usr/bin/qemu-dm sed -i -e '/^CONFIG_QEMU_TRAD/ s|= y$|= n|' config/Tools.mk ; install -D -m644 tools/qemu-xen-traditional/README ${QUT}/usr/share/doc/qemut/README.qemut %endif %if 1==0 if [ -f config/Stubdom.mk ]; then sed -i -e '/^CONFIG_QEMU_TRAD/ s|= n$|= y|' config/Tools.mk ; sed -i -e '/^CONFIG_QEMU_XEN/ s|= n$|= y|' config/Tools.mk ; PYTHON=/usr/bin/python3 %{__make} -j5 dist-stubdom fi %endif %if %with_xenxsm ## # build xen with XSM/flask (now using kconfig method, Config.mk method is obsolete) ## ## # add default kconfig, .config # must be done before dynamic patch setup ## #export EFI_VENDOR export XEN_DOMAIN="prymar56.org" cp -p %{SOURCE9} xen/.config # modify kconfig sed -i -e '/^# CONFIG_XSM/ i CONFIG_XSM=y\ CONFIG_XSM_FLASK=y\ CONFIG_XSM_FLASK_AVC_STATS=y\ CONFIG_XSM_FLASK_POLICY=y\ CONFIG_XSM_SILO=y\ # CONFIG_XSM_DUMMY_DEFAULT is not set\ CONFIG_XSM_FLASK_DEFAULT=y\ # CONFIG_XSM_SILO_DEFAULT is not set\ # CONFIG_LATE_HWDOM is not set /^# CONFIG_XSM/d' xen/.config #sed -i -e '/^# CONFIG_XSM/d' xen/.config # start build export XEN_EXTRAVERSION=.1-xsm %{__make} -j5 -C xen cp -p xen/.config dist/install/boot/kcfg/xen-%{hv_abi}-xsm.config cp xen/xen.gz dist/install/boot/xen-%{hv_abi}-xsm.gz cp xen/xen.efi dist/install/boot/efi/EFI/%{EFI_VENDOR}/xen-%{hv_abi}-xsm.efi unset XEN_EXTRAVERSION %endif ## install ## %install #if [ ! -f config/Stubdom.mk ]; then if [ -f config/Stubdom.mk ]; then # stubdom build is disabled if [ -f /tmp/reuse-stubdom-4g.tar.xz ]; then tar -xf /tmp/reuse-stubdom-4g.tar.xz -C dist/install/usr/lib/xen/boot fi fi (cd dist/uumeq;find . -type f -or -type l | sed -e s/^.// -e /^$/d) | sort -u > uumeq.lst sed -i -e '/man\/man/ s|$|.gz|' uumeq.lst # need only one line for the bios dir sed -i -e '/usr\/share\/qemu-xen/d' uumeq.lst #sed -i -e '/doc\/qemu/d' uumeq.lst # prep for qemuu-img pkg grep 'qemu-img' uumeq.lst > uumeq-img.lst grep 'qemu-nbd' uumeq.lst >> uumeq-img.lst grep 'qemu-io' uumeq.lst >> uumeq-img.lst sed -i -e '/qemu-img/d' uumeq.lst sed -i -e '/qemu-nbd/d' uumeq.lst sed -i -e '/qemu-io/d' uumeq.lst %if %with_tumeq (cd dist/tumeq;find . -type f -or -type l | sed -e s/^.// -e /^$/d) | sort -u > tumeq.lst %endif (cd dist/install;find . -type f -or -type l | sed -e s/^.// -e /^$/d) | sort -u > main.lst grep '^%{_sbindir}' main.lst | sed -e '/oxenstored/ d' | sed -e '/bin\/qemu/ d' | sed -e '/bin\/ivsh/ d' | sort > runtime.lst (cd dist/install;find ./usr/lib/xen/bin -type f -or -type l | sed -e '/bin\/qemu/ d' | sed -e '/bin\/ivsh/ d' | sed -e s/^.// -e /^$/d) | sort -u >> runtime.lst rm -rf %{buildroot} ## for tools/ocaml install mkdir -p %{buildroot}%{ocamllib}/stublibs #if build_efi #mkdir -p {buildroot}/boot/efi/efi/{_proj} #endif mkdir -p %{buildroot}/usr/share/doc/xen/html/ #rm -rf \$RPM_BUILD_ROOT %{?ocaml_flags} dist/install.sh $RPM_BUILD_ROOT/ %if %{defined _with_uncom} cp -p dist/uumeq/usr/lib/%name/bin/qemu-keymap $RPM_BUILD_ROOT/usr/bin %endif %if %build_xsm # policy file should be in /boot/flask mkdir %{buildroot}/boot/flask mv %{buildroot}/boot/xenpolicy* %{buildroot}/boot/flask %else rm -f %{buildroot}/boot/xenpolicy* %endif ## kconfig cleanup ## ## ovmf cleanup ## if [ -f ovmf.bin ]; then install -m 644 ovmf.bin %{buildroot}/usr/share/qemu-xen/qemu/ install -m 644 ovmf.bin.lite %{buildroot}/usr/share/qemu-xen/qemu/ fi ## qemuu cleanup ## #cp -p tools/qemu-xen/README README.qemuu ############ troubleshoot packaging: list files ############ %if 1==0 find %{buildroot} -print | xargs ls -ld | sed -e 's|.*%{buildroot}||' > f1.list %endif ############ kill unwanted stuff ############ # stubdom: newlib rm -rf %{buildroot}/usr/*-xen-elf # hypervisor symlinks rm -rf %{buildroot}/boot/xen-4.0.gz rm -rf %{buildroot}/boot/xen-4.gz %if !%build_hyp rm -rf %{buildroot}/boot %endif # silly doc dir fun rm -rf %{buildroot}%{_datadir}/pkgconfig # Pointless helper rm -f %{buildroot}%{_sbindir}/xen-python-path rm -rf %{buildroot}%{_xenlib}exec/ #rm -rf {buildroot}{_xenlib}/xen/libexec/ # #rm -rf {buildroot}/usr/share/xen/man # README's not intended for end users rm -f %{buildroot}/%{_sysconfdir}/xen/README* # standard gnu info files rm -rf %{buildroot}/usr/info # adhere to Static Library Packaging Guidelines rm -rf %{buildroot}/%{_libdir}/*.a %if %build_efi # clean up extra efi files rm -rf %{buildroot}/usr/lib64/efi %endif ############ fixup files in /etc ############ # udev # modules mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/modules # logrotate mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # sysconfig mkdir -p %{buildroot}%{_sysconfdir}/sysconfig # systemd ############ create dirs in /var ############ mkdir -p %{buildroot}%{_localstatedir}/lib/xen/images mkdir -p %{buildroot}%{_localstatedir}/log/xen/console ############ troubleshoot packaging: list files ############ %if 1==0 find %{buildroot} -print | xargs ls -ld | sed -e 's|.*%{buildroot}||' > f2.list diff -u f1.list f2.list || true %endif ### ## # assemble license files - use bash ## if [ ! -d licensedir ]; then mkdir licensedir # avoid licensedir to avoid recursion, also stubdom/ioemu and dist # which are copies of files elsewhere find . -path licensedir -prune -o -path stubdom/ioemu -prune -o \ -path dist -prune -o -name COPYING -o -name LICENSE | while read file; do mkdir -p licensedir/`dirname $file` install -m 644 $file licensedir/$file done fi %if %{defined _with_reuse} (cd %{buildroot};/usr/lib/rpm/brp-compress) # /usr/lib/rpm/redhat/brp-compress %endif %if %{defined _with_uncom} echo ${PWD} > /dev/null #cp -p SOURCE25 ./ #cp -p ./usr/lib/{name}/bin/qemu-keymap ./usr/bin/qemu-keymap %package -n qemuu-uncom Version: 6.1.1+1 Release: 2%{?dist} Summary: extra qemuu build depends for %{name} Group: Development/Lbraries #Requires: xen-hypervisor-abi = {hv_abi} AutoReqProv: 0 Conflicts: qemuu >= 6.0.0 %description -n qemuu-uncom This package provides a build depends for qemuu in package %{name}. %files -n qemuu-uncom %defattr(-,root,root) %doc README INSTALL /usr/bin/qemu-keymap %endif %if %{defined _with_xenperf} cp -p %SOURCE25 ./ %package perf-hypervisor Summary: Dual xen-hypervisor for package %{name} Group: Development/Lbraries Requires: xen-hypervisor-abi = %{hv_abi} AutoReqProv: 0 %description perf-hypervisor This package provides a second hypervisor with xenperf and debug support for package %{name}. Debug information is useful when developing applications that use this package or when debugging this package. %files perf-hypervisor %defattr(-,root,root) %doc README INSTALL README.xenperf /boot/kcfg/%{name}-%{hv_abi}-perf.config /boot/xen-%{hv_abi}-perf.gz /boot/efi/EFI/%{EFI_VENDOR}/%{name}-%{hv_abi}-perf.efi %endif %{nil} ############ all done now ############ %post /bin/systemctl enable xendomains.service %preun %if %with_systemd_presets %systemd_preun xendomains.service %else if [ $1 == 0 ]; then %if %with_sysv /sbin/chkconfig --del xendomains %endif %if %with_systemd /bin/systemctl disable xendomains.service # /bin/systemctl disable xen-qemu-dom0-disk-backend.service %endif fi %endif %post runtime %if %with_systemd /bin/systemctl enable xenconsoled.service /bin/systemctl enable xen-init-dom0.service # /bin/systemctl enable xen-qemu-dom0-disk-backend.service /bin/systemctl enable xenstored.service %endif %preun runtime %if %with_systemd_presets %systemd_preun xenstored.service xenconsoled.service xen-init-dom0.service %else if [ $1 == 0 ]; then %if %with_sysv /sbin/chkconfig --del xenconsoled /sbin/chkconfig --del xenstored %endif %if %with_systemd /bin/systemctl disable xenstored.service /bin/systemctl disable xenconsoled.service # /bin/systemctl disable xen-qemu-dom0-disk-backend.service %endif fi %endif %if %with_systemd_presets %postun runtime %systemd_postun runtime %endif %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %if %build_hyp %post hypervisor if [ $1 == 1 -a -f /sbin/grub2-mkconfig -a -f /boot/grub2/grub.cfg ]; then /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg fi %postun hypervisor if [ -f /sbin/grub2-mkconfig -a -f /boot/grub2/grub.cfg ]; then /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg fi %endif %post ocaml %preun ocaml %if %with_systemd_presets %postun ocaml %systemd_postun ocal %endif %post -n qemuu #xen-qemu-dom0-disk-backend.service %if %with_systemd /bin/systemctl enable xen-qemu-dom0-disk-backend.service %endif %preun -n qemuu %if %with_systemd_presets %systemd_preun xen-qemu-dom0-disk-backend.service %else if [ $1 == 0 ]; then %if %with_systemd /bin/systemctl disable xen-qemu-dom0-disk-backend.service %endif fi %endif %files # Base package contains xl, xendomains & python stuff #files -f xen-xm.lang ## # path here is determined by setup macro in prep ## %defattr(-,root,root) %doc README INSTALL %{_bindir}/xencons %{_bindir}/xenalyze %{_bindir}/vchan-socket-proxy %{python_sitearch}/%{name} %{python_sitearch}/xen-*.egg-info # Startup script # Guest autostart links %dir %{_sysconfdir}/%{name}/auto # Autostart of guests %config(noreplace) %{_sysconfdir}/sysconfig/xendomains /etc/rc.d/init.d/xendomains %if %with_systemd %{_unitdir}/xendomains.service %{_xenlib}/%{name}/bin/xendomains %endif %files libs %defattr(-,root,root) %{_libdir}/*.so.* %{_libdir}/fs %if %with_tumeq %files -n qemut -f tumeq.lst %defattr(-,root,root) #license COPYING %doc README INSTALL # QEMU runtime files #{_datadir}/xen/qemu/* %endif %files -n qemuu -f uumeq.lst %defattr(-,root,root) #license COPYING %doc README INSTALL # QEMU runtime files %{_datadir}/qemu-xen/qemu/* %{_datadir}/qemu-xen/icons/* %exclude %{_datadir}/qemu-xen/applications/* #doc {_xenlib}/{name}/share/doc/qemu/* %dir %{_xenlib}/%{name}/lib/ %files -n qemuu-img -f uumeq-img.lst %defattr(-,root,root) #license COPYING %doc README INSTALL # All runtime stuff except for XenD/xm python stuff %files runtime -f runtime.lst %defattr(-,root,root) %doc README INSTALL # Hotplug rules # config(noreplace) {_sysconfdir}/udev/rules.d/* %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/scripts/ %{_sysconfdir}/%{name}/scripts/* %{_sysconfdir}/rc.d/init.d/* # belongs in qemut %exclude %{_sysconfdir}/%{name}/scripts/qemu* # in xen %exclude %{_sysconfdir}/rc.d/init.d/xendomains %{_sysconfdir}/bash_completion.d/xl %{_unitdir}/* # its in xen %exclude %{_unitdir}/xendomains.service %config(noreplace) %{_sysconfdir}/sysconfig/xen* %config(noreplace) %{_sysconfdir}/xen/xl.conf %config(noreplace) %{_sysconfdir}/xen/cpupool %config(noreplace) %{_sysconfdir}/xen/xlexample* #/usr/etc/qemu/target-x86_64.conf %{_xenlib}/modules-load.d/xen.conf # Auto-load xen backend drivers # Rotate console log files %config(noreplace) %{_sysconfdir}/logrotate.d/xen # Programs run by other programs %dir %{_xenlib}/%{name} %dir %{_xenlib}/%{name}/bin # man pages %{_mandir}/man1/xentop.1* %{_mandir}/man1/xentrace_format.1* %{_mandir}/man1/xenhypfs.1* %{_mandir}/man8/xentrace.8* %doc %{_mandir}/man1/xl.1* %doc %{_mandir}/man5/xl*5* %doc %{_mandir}/man7/x*7* #{_mandir}/man5/xlcpupool.cfg.5* %doc %{_mandir}/man1/xenstore* %{python_sitearch}/fsimage*.so %{python_sitearch}/grub %{python_sitearch}/pygrub-*.egg-info # The firmware %dir %{_xenlib}/%{name}/boot %ifarch %{ix86} x86_64 # HVM loader is always in _xenlib regardless of multilib %{_xenlib}/%{name}/boot/* %endif # General Xen state %dir %{_localstatedir}/lib/%{name} %dir %{_localstatedir}/lib/%{name}/dump %dir %{_localstatedir}/lib/%{name}/images # Xenstore persistent state %dir %{_localstatedir}/lib/xenstored # Xenstore runtime state %ghost %{_localstatedir}/run/xenstored # All xenstore CLI tools #{_bindir}/qemu-*-xen %{_bindir}/xenstore %{_bindir}/xenstore-* %{_bindir}/pygrub %{_bindir}/xentrace* %{_bindir}/xen-cpuid %{_bindir}/xen-detect %{_bindir}/xencov_split # Xen logfiles %dir %{_localstatedir}/log/xen # Guest/HV console logs %dir %{_localstatedir}/log/xen/console # exclude, already in `files xen` %exclude %{_sysconfdir}/sysconfig/xendomains %exclude %{_xenlib}/%{name}/bin/xendomains # exclude, already in `files qemuu` %exclude %{_xenlib}/%{name}/bin/qemu* #exclude %{_xenlib}/%{name}/bin/ivsh* %files hypervisor %if %build_hyp %defattr(-,root,root) %doc README INSTALL #/boot/xen-syms-* %exclude %{_xenlib}/debug/%{_xenlib}/xen/boot/xen-shim-syms %if %{defined _with_xenperf} %exclude /boot/xen*perf* %endif /boot/xen*.gz #/boot/xen.gz %dir /boot/kcfg /boot/kcfg/%{name}-%{hv_abi}.config %if %build_xsm %dir /boot/flask /boot/flask/xenpolicy* %endif %if %build_efi #dir /boot/efi/EFI/{_proj}/ /boot/efi/EFI/%{EFI_VENDOR}/%{name}-%{hv_abi}.efi %endif %if %with_xenxsm /boot/efi/EFI/%{EFI_VENDOR}/%{name}-%{hv_abi}-xsm.efi /boot/kcfg/%{name}-%{hv_abi}-xsm.config %endif %endif %files doc %defattr(-,root,root) %docdir %{_datadir}/doc/xen/html/ %{_datadir}/doc/xen/html/* %files devel %defattr(-,root,root) %{_includedir}/*.h %dir %{_includedir}/xen %{_includedir}/xen/* %dir %{_includedir}/xenstore-compat %{_includedir}/xenstore-compat/* %{_libdir}/*.so %{_libdir}/pkgconfig/* %files licenses %defattr(-,root,root) %doc README INSTALL %doc licensedir/* %files ocaml %defattr(-,root,root) %exclude %{ocamllib}/xen* %{ocamllib}/stublibs/*.so %{ocamllib}/stublibs/*.so.owner %{_sbindir}/oxenstored %config(noreplace) %{_sysconfdir}/xen/oxenstored.conf %files ocaml-devel %defattr(-,root,root) %{ocamllib}/xen* %clean rm -rf %{buildroot} %changelog * Wed Jul 13 2022 Mark Pryor - 2:4.16.1-2 - HEAD @ 0a5387a01165b46c8 x86/spec-ctrl: Mitigate Branch Type Confusion when possible-Tue 12 Jul 2022 08:25 - XSA-401 0022-x86-pv-Clean-up-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362. 0023-x86-pv-Fix-ABAC-cmpxchg-race-in-_get_page_type.diff:This is part of XSA-401 / CVE-2022-26362. - XSA-402 0024-x86-page-Introduce-_PAGE_-constants-for-memory-types.diff:This is part of XSA-402. 0025-x86-Don-t-change-the-cacheability-of-the-directmap.diff:This is CVE-2022-26363, part of XSA-402. 0026-x86-Split-cache_flush-out-of-cache_writeback.diff:This is part of XSA-402. 0027-x86-amd-Work-around-CLFLUSH-ordering-on-older-parts.diff:This is part of XSA-402. 0028-x86-pv-Track-and-flush-non-coherent-mappings-of-RAM.diff:This is CVE-2022-26364, part of XSA-402. - XSA-404 0030-x86-spec-ctrl-Make-VERW-flushing-runtime-conditional.diff:This is part of XSA-404. 0031-x86-spec-ctrl-Enumeration-for-MMIO-Stale-Data-control.diff:This is part of XSA-404. 0032-x86-spec-ctrl-Add-spec-ctrl-unpriv-mmio.diff:This is part of XSA-404. - XSA-407 0044-x86-spec-ctrl-Rework-spec_ctrl_flags-context-switchin.diff:This is part of XSA-407. 0045-x86-spec-ctrl-Rename-SCF_ist_wrmsr-to-SCF_ist_sc_msr.diff:This is part of XSA-407. 0047-x86-spec-ctrl-Rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.diff:This is part of XSA-407. 0048-x86-spec-ctrl-Support-IBPB-on-entry.diff:This is part of XSA-407. 0049-x86-cpuid-Enumeration-for-BTC_NO.diff:This is part of XSA-407. 0050-x86-spec-ctrl-Enable-Zen2-chickenbit.diff:This is part of XSA-407. 0051-x86-spec-ctrl-Mitigate-Branch-Type-Confusion-when-pos.diff:This is part of XSA-407 / CVE-2022-23825. * Sun May 22 2022 Mark Pryor - 1:4.16.1-1 - main: Requires/BR on initscripts * Fri May 20 2022 Mark Pryor - 1:4.16.1-1 - HEAD @ f26544492298cb82 update Xen version to 4.16.1-Tue 12 Apr 2022 05:21 - XSA-397 0090-x86-hap-do-not-switch-on-log-dirty-for-VRAM-tracking.diff:This is CVE-2022-26356 / XSA-397. - XSA-399 0091-VT-d-correct-ordering-of-operations-in-cleanup_domid_.diff:This is CVE-2022-26357 / XSA-399. - XSA-400 0092-VT-d-fix-de-assign-ordering-when-RMRRs-are-in-use.diff:This is CVE-2022-26358 / part of XSA-400. 0096-VT-d-re-assign-devices-directly.diff:This is CVE-2022-26359 / part of XSA-400. 0097-AMD-IOMMU-re-assign-devices-directly.diff:This is CVE-2022-26360 / part of XSA-400. 0103-IOMMU-x86-use-per-device-page-tables-for-quarantining.diff:This is CVE-2022-26361 / part of XSA-400 * Mon Mar 28 2022 Mark Pryor - 1:4.16.0-3 - HEAD @ c7a861b2d065e7c26f9 x86/cet: Remove XEN_SHSTKs dependency on EXPERT-Fri 25 Mar 2022 10:06 - XSA-398 0052-xen-arm-Introduce-new-Arm-processors.diff:This is part of XSA-398 / CVE-2022-23960. 0053-xen-arm-move-errata-CSV2-check-earlier.diff:This is part of XSA-398 / CVE-2022-23960. 0054-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.diff:This is part of XSA-398 / CVE-2022-23960. 0055-xen-arm-Add-Spectre-BHB-handling.diff:This is part of XSA-398 / CVE-2022-23960. 0056-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKAROU.diff:This is part of XSA-398 / CVE-2022-23960. 0057-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.diff:This is part of XSA-398 / CVE-2021-26401. * Sun Feb 13 2022 Mark Pryor - 1:4.16.0-2 - HEAD @ 2d8eade97343e99c x86/spec-ctrl: Support Intel PSFD for guests-Tue 8 Feb 2022 10:01 - qemuu: v6.1.1 from staging-4.16 - XSA-393 0014-xen-arm-p2m-Always-clear-the-P2M-entry-when-the-mappi.diff:This is CVE-2022-23033 / XSA-393. - XSA-394 0015-xen-grant-table-Only-decrement-the-refcounter-when-gr.diff:This is CVE-2022-23034 / XSA-394. - XSA-395 0016-passthrough-x86-stop-pirq-iteration-immediately-in-ca.diff:This is CVE-2022-23035 / XSA-395. * Sun Dec 05 2021 Mark Pryor - 1:4.16.0-1 - HEAD @ b0b4661fa3cba99 xen/Makefile: Set 4.16 version-Tue 30 Nov 2021 03:42 - final release - libxenstore.so.4 is new - new conditional, storeutils add package xenstore-guest-utils * Tue Nov 23 2021 Mark Pryor - 1:4.16~rc4-1 - HEAD @ 59505f48fabed Turn off debug by default-Tue 23 Nov 2021 08:43 - initial build of rc4 * Fri Nov 19 2021 Mark Pryor - 1:4.15.1-4 - HEAD @ 963ab606b1228788 - XSA-390 VT-d: fix reduced page table levels support when sharing tables-Fri 19 Nov 2021 06:16 * Fri Nov 12 2021 Mark Pryor - 1:4.15.1-3 - rebuilt for AL 8.5 * Fri Oct 29 2021 Mark Pryor - 1:4.15.1-2 - HEAD @ f50ef17c9884c0c2d48 x86/PV32: fix physdev_op_compat handling-Fri 15 Oct 2021 02:06 - qemu-xen: now v6.1.0 - XSA-386 VT-d: fix deassign of device with RMRR. This is CVE-2021-28702 / XSA-386 - XSA-384 0100-gnttab-deal-with-status-frame-mapping-race.diff.This is CVE-2021-28701 / XSA-384. * Fri Sep 10 2021 Mark Pryor - 1:4.15.1-1 - HEAD @ 84fa99099b920f7b update Xen version to 4.15.1-Fri 10 Sep 2021 00:03 - initial release * Sat Aug 28 2021 Mark Pryor - 1:4.15.0-7 - HEAD @ 91bb9e9b0c0e2af tools/firmware/ovmf: Use OvmfXen platform file is exist-Wed 25 Aug 2021 06:29 - XSA-378 0073-AMD-IOMMU-correct-global-exclusion-range-extending.diff:This is part of XSA-378 / CVE-2021-28695. 0074-AMD-IOMMU-correct-device-unity-map-handling.diff:This is part of XSA-378 / CVE-2021-28695. 0075-IOMMU-also-pass-p2m_access_t-to-p2m_get_iommu_flags.diff:This is part of XSA-378. 0076-IOMMU-generalize-VT-d-s-tracking-of-mapped-RMRR-regio.diff:This is part of XSA-378. 0077-AMD-IOMMU-re-arrange-complete-re-assignment-handling.diff:This is CVE-2021-28696 / part of XSA-378. 0078-AMD-IOMMU-re-arrange-exclusion-range-and-unity-map-re.diff:This is part of XSA-378. 0079-x86-p2m-introduce-p2m_is_special.diff:This is part of XSA-378. 0080-x86-p2m-guard-in-particular-identity-mapping-entries.diff:This is CVE-2021-28694 / part of XSA-378. - XSA-379 0081-x86-mm-widen-locked-region-in-xenmem_add_to_physmap_o.diff:This is CVE-2021-28697 / XSA-379. - XSA-380 0082-gnttab-add-preemption-check-to-gnttab_release_mapping.diff:This is part of CVE-2021-28698 / XSA-380. 0083-gnttab-replace-mapkind.diff:This is part of CVE-2021-28698 / XSA-380. - XSA-382 0084-gnttab-fix-array-capacity-check-in-gnttab_get_status_.diff:This is CVE-2021-28699 / XSA-382. - XSA-383 0085-xen-arm-Restrict-the-amount-of-memory-that-dom0less-d.diff:This is CVE-2021-28700 / XSA-383. - qemu-xen: upgrade to v6.0.0 from staging * Sun Aug 22 2021 Mark Pryor - 1:4.15.0-6.el8 - HEAD @ 6bbdcefd205903b2181b libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl-Thu 19 Aug 2021 09:46 - upgrade to qemu-6.0.0 * Tue Jul 27 2021 Mark Pryor - 4.15.0-5.el8 - HEAD @ dba774896f7dd7477 xen/arm: bootfdt: Always sort memory banks-Fri 16 Jul 2021 13:08 - XSA-372 0021-xen-arm-Create-dom0less-domUs-earlier.diff:This is part of XSA-372 / CVE-2021-28693. 0022-xen-arm-Boot-modules-should-always-be-scrubbed-if-boo.diff:This is part of XSA-372 / CVE-2021-28693. - XSA-373 0023-VT-d-size-qinval-queue-dynamically.diff:This is part of XSA-373 / CVE-2021-28692. 0024-AMD-IOMMU-size-command-buffer-dynamically.diff:This is part of XSA-373 / CVE-2021-28692. 0025-VT-d-eliminate-flush-related-timeouts.diff:This is part of XSA-373 / CVE-2021-28692. 0028-AMD-IOMMU-wait-for-command-slot-to-be-available.diff:This is part of XSA-373 / CVE-2021-28692. 0029-AMD-IOMMU-drop-command-completion-timeout.diff:This is part of XSA-373 / CVE-2021-28692. - XSA-375 0026-x86-spec-ctrl-Protect-against-Speculative-Code-Store-.diff:This is XSA-375 / CVE-2021-0089. - XSA-377 0027-x86-spec-ctrl-Mitigate-TAA-after-S3-resume.diff:This is XSA-377 / CVE-2021-28690. * Fri May 28 2021 Mark Pryor - 4.15.0-4.el8 - rebuild for 8.4 release * Wed May 05 2021 Mark Pryor - 4.15.0-3.el8 - odd versions are almalinux - initial build for almalinux 8.3 * Fri Apr 23 2021 Mark Pryor - 4.15.0-2.el8 - HEAD @ eb1f325186be9e02c3 x86/hpet: Dont enable legacy replacement mode unconditionally-Tue 20 Apr 2021 02:59 - configure: --with-rundir=/run * Thu Apr 08 2021 Mark Pryor - 4.15.0-1.el8 - HEAD @ e25aa9939ae0cd8 README, Makefile: Prep for release-Tue 6 Apr 2021 10:14 - final release 4.15.0 - new BR: libztd-devel * Mon Apr 05 2021 Mark Pryor - 4.15~rc5-1.el8 - HEAD @ 7fa14f3f525b4a2d66 x86/HPET: dont enable legacy replacement mode unconditionally-Fri 26 Mar 2021 10:12 - xen-4.15.x initial release * Tue Mar 23 2021 Mark Pryor - 4.14.1-2.el8 - HEAD @ ddb39ba714257de SUPPORT.MD: Clarify the support state for the Arm SMMUv{1, 2} drivers-Fri 19 Mar 2021 12:35 - XSA-360 0009-x86-dpci-do-not-remove-pirqs-from-domain-tree-on-unbi.diff:This is XSA-360. - XSA-364 0010-xen-page_alloc-Only-flush-the-page-to-RAM-once-we-kno.diff:This is XSA-364. - XSA-368 0033-libxl-Fix-domain-soft-reset-state-handling.diff:This is XSA-368. * Sat Jan 02 2021 Mark Pryor - 4.14.1-1.el8 - HEAD @ ad844aa352559a8b1 update Xen version to 4.14.1-Thu Dec 17 2020 08:47 - new minor release, initial build - qemuu: conflicts against latest virt module 15:4.2.0 and above - stubdom: reused in source as reuse-stubdom-4e.tar.xz - XSA-355 0081-memory-fix-off-by-one-in-XSA-346-change.diff:This is XSA-355. - XSA-353 0089-tools-ocaml-xenstored-do-permission-checks-on-xenstor.diff:This is XSA-353. - XSA-115 0090-tools-xenstore-allow-removing-child-of-a-node-exceedi.diff:This is part of XSA-115. 0091-tools-xenstore-ignore-transaction-id-for-un-watch.diff:This is part of XSA-115. 0092-tools-xenstore-fix-node-accounting-after-failed-node-.diff:This is part of XSA-115. 0093-tools-xenstore-simplify-and-rename-check_event_node.diff:This is part of XSA-115. 0094-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTRO.diff:This is part of XSA-115. 0095-tools-xenstore-rework-node-removal.diff:This is part of XSA-115. 0096-tools-xenstore-fire-watches-only-when-removing-a-spec.diff:This is part of XSA-115. 0097-tools-xenstore-introduce-node_perms-structure.diff:This is part of XSA-115. 0098-tools-xenstore-allow-special-watches-for-privileged-c.diff:This is part of XSA-115. 0099-tools-xenstore-avoid-watch-events-for-nodes-without-a.diff:This is part of XSA-115. 0100-tools-ocaml-xenstored-ignore-transaction-id-for-un-wa.diff:This is part of XSA-115. 0101-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMAI.diff:This is part of XSA-115. 0102-tools-ocaml-xenstored-unify-watch-firing.diff:This is part of XSA-115. 0103-tools-ocaml-xenstored-introduce-permissions-for-speci.diff:This is part of XSA-115. 0104-tools-ocaml-xenstored-avoid-watch-events-for-nodes-wi.diff:This is part of XSA-115. 0105-tools-ocaml-xenstored-add-xenstored.conf-flag-to-turn.diff:This is part of XSA-115. - XSA-322 0106-tools-xenstore-revoke-access-rights-for-removed-domai.diff:This is part of XSA-322. 0107-tools-ocaml-xenstored-clean-up-permissions-for-dead-d.diff:This is part of XSA-322. - XSA-323 0108-tools-ocaml-xenstored-Fix-path-length-validation.diff:This is part of XSA-323. - XSA-324 0109-tools-xenstore-drop-watch-event-messages-exceeding-ma.diff:This is XSA-324. - XSA-325 0110-tools-xenstore-Preserve-bad-client-until-they-are-des.diff:This is XSA-325. - XSA-330 0111-tools-ocaml-xenstored-delete-watch-from-trie-too-when.diff:This is XSA-330. - XSA-352 0112-tools-ocaml-xenstored-only-Dom0-can-change-node-owner.diff:This is XSA-352. - XSA-348 0115-x86-avoid-calling-svm-vmx-_do_resume.diff:This is XSA-348 / CVE-2020-29566. - XSA-356 0116-x86-irq-fix-infinite-loop-in-irq_move_cleanup_interru.diff:This is XSA-356 / CVE-2020-29567. - XSA-358 0117-evtchn-FIFO-re-order-and-synchronize-with-map_control.diff:This is XSA-358 / CVE-2020-29570. - XSA-359 0118-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from_.diff:This is XSA-359 / CVE-2020-29571. * Tue Nov 17 2020 Mark Pryor - 4.14.0-3.el8 - HEAD @ d101b417b784a26 x86/msr: Disallow guest access to the RAPL MSRs-Tue 10 Nov 2020 09:43 - XSA-286 xen4e-0059-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XPT.diff:This is (not really) XSA-286 xen4e-0060-x86-pv-Flush-TLB-in-response-to-paging-structure-chan.diff:This is XSA-286. - XSA-351 xen4e-0078-xen-arm-Always-trap-AMU-system-registers.diff:This is part of XSA-351 (or XSA-93 re-born). xen4e-0080-x86-msr-Disallow-guest-access-to-the-RAPL-MSRs.diff:This is part of XSA-351. - XSA-345 xen4e-0039-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-singl.diff xen4e-0040-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit-.diff xen4e-0041-x86-mm-Prevent-some-races-in-hypervisor-mapping-updat.diff - XSA-346 xen4e-0042-IOMMU-suppress-iommu_dont_flush_iotlb-when-about-to-f.diff xen4e-0043-IOMMU-hold-page-ref-until-after-deferred-TLB-flush.diff - XSA-347 xen4e-0044-AMD-IOMMU-convert-amd_iommu_pte-from-struct-to-union.diff xen4e-0045-AMD-IOMMU-update-live-PTEs-atomically.diff xen4e-0046-AMD-IOMMU-ensure-suitable-ordering-of-DTE-modificatio.diff - XSA-333 0021-x86-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-corr.diff:This is XSA-333. - XSA-334 0022-xen-memory-Don-t-skip-the-RCU-unlock-path-in-acquire_.diff:This is XSA-334. - XSA-336 0023-x86-vpt-fix-race-when-migrating-timers-between-vCPUs.diff:This is XSA-336. - XSA-337 0024-x86-msi-get-rid-of-read_msi_msg.diff:This is part of XSA-337. 0025-x86-MSI-X-restrict-reading-of-table-PBA-bases-from-BA.diff:This is part of XSA-337. - XSA-338 0026-evtchn-relax-port_is_valid.diff:This is XSA-338. - XSA-339 0027-x86-pv-Avoid-double-exception-injection.diff:This is XSA-339 - XSA-340 0028-xen-evtchn-Add-missing-barriers-when-accessing-alloca.diff:This is XSA-340. - XSA-342 0029-evtchn-x86-enforce-correct-upper-limit-for-32-bit-gue.diff:This is XSA-342. - XSA-343 0030-evtchn-evtchn_reset-shouldn-t-succeed-with-still-open.diff:This is part of XSA-343. 0031-evtchn-convert-per-channel-lock-to-be-IRQ-safe.diff:This is part of XSA-343. 0032-evtchn-address-races-with-evtchn_reset.diff:This is part of XSA-343. - XSA-344 0033-evtchn-arrange-for-preemption-in-evtchn_destroy.diff:This is part of XSA-344. 0034-evtchn-arrange-for-preemption-in-evtchn_reset.diff:This is part of XSA-344. * Sun Sep 13 2020 Mark Pryor - 4.14.0-2.el8 - HEAD @ 483b43c457332 x86/pv: Rewrite segment context switching from scratch-Fri 11 Sep 2020 05:11 * Sat Jul 25 2020 Mark Pryor - 4.14.0-1.el8 - HEAD @ 456957aaa1391e README, Makefile: Xen 4.14.0 release-Thu 23 Jul 2020 08:07 - final release - stubdom: enable c-stubdom - qemuu-img: new package conflicts with 15:2.12 * Wed Jul 01 2020 Mark Pryor - 4.14~rc3-1.el8 - HEAD @ fde76f895d0aa817 tools: Commit flex (2.6.4) & bison (3.3.2) output from Debian buster-Fri 19 Jun 2020 08:20 * Thu Jun 11 2020 Mark Pryor - 4.14~rc1-1.el8 - HEAD @ 2995d0afdf2d3fb44d0 x86/passthrough: introduce a flag for GSIs not requiring an EOI or unmask-Thu 11 Jun 2020 10:14 - 4.14 initial build - new is libxenhypfs- packged with libs * Mon May 18 2020 Mark Pryor - 4.13.1-1.el8 - HEAD @ 6278553325a9f76d update Xen version to 4.13.1-Thu 14 May 2020 05:19 - initial build RELEASE-4.13.1 * Mon Apr 13 2020 Mark Pryor - 4.13.0-3.el8 - HEAD @ 181614a71070ee1 AMD/IOMMU: fix off-by-one in amd_iommu_get_paging_mode() callers-Thu 9 Apr 2020 00:26 - qemuu: add stub, /usr/bin/qemu-kvm - virt module mitigation: new Conflicts from qemu-img * Wed Feb 05 2020 Mark Pryor - 4.13.0-2.el8 - HEAD @ 721f2c323ca55c77 x86: clear per cpu stub page information in cpu_smpboot_free-Wed 15 Jan 2020 05:24 - remove all python2 BR - XSA-312 0004-xen-arm-Place-a-speculation-barrier-sequence-followin.patch - tools/Makefile: correct lib include path to xenstore/include/compat reported by Kevin Buckley - qemuu: force moddir (ui-sdl.so) *.so to 755 to generate correct requires * Wed Dec 18 2019 Mark Pryor - 4.13.0-1.el8 - HEAD @ a2e84d8e42c9e878f 4.13.0: Update xen/Makefile XEN_EXTRAVERSION-Tue 17 Dec 2019 06:23 - initial release - xl now supports direct boot of LZ4 compressed kernels - XSA-306 xen4d-0005-IOMMU-default-to-always-quarantining-PCI-devices.diff - XSA-307 x86-Arm32-make-find_next_-zero_-bit-have-well-defined.diff:This is XSA-307. - XSA-308 x86-vtx-Work-around-SingleStep-STI-MovSS-VMEntry-fail.diff:This is XSA-308 - XSA-309 x86-mm-Don-t-reset-linear_pt_count-on-partial-validat.diff:This is XSA-309. - XSA-310 x86-mm-Set-old_guest_table-when-destroying-vcpu-paget.diff:This is part of XSA-310. x86-mm-alloc-free_lN_table-Retain-partial_flags-on-EI.diff:This is part of XSA-310. x86-mm-relinquish_memory-Grab-an-extra-type-ref-when-.diff:This is part of XSA-310. - XSA-311 AMD-IOMMU-Cease-using-a-dynamic-height-for-the-IOMMU-.diff:This is XSA-311. * Fri Nov 15 2019 Mark Pryor - 4.13~rc2-1.el8 - HEAD @ 8c4330818f6ee x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel-Tue 12 Nov 2019 09:12 - XSA-296 xen-hypercall-Don-t-use-BUG-for-parameter-checking-in.diff - XSA-298 x86-PV-check-GDT-LDT-limits-during-emulation.diff:This is XSA-298. - XSA-299 x86-mm-L1TF-checks-don-t-leave-a-partial-entry.diff:This is part of XSA-299. x86-mm-Don-t-re-set-PGT_pinned-on-a-partially-de-vali.diff:This is part of XSA-299. x86-mm-Separate-out-partial_pte-tristate-into-individ.diff:This is part of XSA-299. x86-mm-Use-flags-for-_put_page_type-rather-than-a-boo.diff:This is part of XSA-299. x86-mm-Rework-get_page_and_type_from_mfn-conditional.diff:This is part of XSA-299. x86-mm-Have-alloc_l-23-_table-clear-partial_flags-whe.diff:This is part of XSA-299. x86-mm-Always-retain-a-general-ref-on-partial.diff:This is part of XSA-299. x86-mm-Properly-handle-linear-pagetable-promotion-fai.diff:This is part of XSA-299. x86-mm-Fix-nested-de-validation-on-error.diff:This is part of XSA-299. x86-mm-Don-t-drop-a-type-ref-unless-you-held-a-ref-to.diff:This is part of XSA-299. - XSA-301 xen-arm-p2m-Avoid-aliasing-guest-physical-frame.diff:This is part of XSA-301. xen-arm-p2m-Avoid-off-by-one-check-on-p2m-max_mapped_.diff:This is part of XSA-301. xen-arm-p2m-Don-t-check-the-return-of-p2m_get_root_po.diff:This is part of XSA-301. - XSA-302 passthrough-quarantine-PCI-devices.diff - XSA-303 xen-arm32-entry-Split-__DEFINE_ENTRY_TRAP-in-two.diff:This is part of XSA-303. xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro-.diff:This is part of XSA-303. xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303. xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wit.diff:This is part of XSA-303. - XSA-304 xen4d-0012-x86-vtd-Hide-superpage-support-for-SandyBridge-IOMMUs.diff xen4d-0013-x86-vtx-Disable-executable-EPT-superpages-to-work-aro.diff - XSA-305 xen4d-0015-x86-tsx-Introduce-tsx-to-use-MSR_TSX_CTRL-when-availa.diff xen4d-0016-x86-spec-ctrl-Mitigate-the-TSX-Asynchronous-Abort-sid.diff * Mon Oct 14 2019 Mark Pryor - 4.13~rc1-1.el8 - HEAD @ 518c935fac4d30b3 Prep for 4.13.0-rc1: Set version to -rc-Mon 14 Oct 2019 03:31 - initial rc1, released - qemuu: v4.1.0 drop libssh2 depends for libssh use SDL2-devel and userland gets built-in static module * Sun Sep 29 2019 Mark Pryor - 4.12.1-1.el8 - HEAD @ 599d6d23cbb790a788 ioreq: fix hvm_all_ioreq_servers_add_vcpu fail path cleanup-Mon 23 Sep 2019 05:26 - initial release 4.12.1 - add python3 support from Mike Young - patch: force qemuu build to use pkg-config misc-0322-fix-qemu-extra-ldflags.patch * Tue Jun 25 2019 Mark Pryor - 4.11.2-1.el7.dev7 - HEAD @ 5b2572926747e3 update Xen version to 4.11.2-Tue 25 Jun 2019 00:12 - initial release 4.11.2 - XSA-297 x86-spec-ctrl-CPUID-MSR-definitions-for-Microarchitec.diff x86-spec-ctrl-Infrastructure-to-use-VERW-to-flush-pip.diff x86-spec-ctrl-Introduce-options-to-control-VERW-flush.diff - XSA-295 xen-arm-Add-an-isb-before-reading-CNTPCT_EL0-to-preve.diff:This is part of XSA-295. xen-grant_table-Rework-the-prototype-of-_set_status-f.diff:This is part of XSA-295. xen-arm64-bitops-Rewrite-bitop-helpers-in-C.diff:This is part of XSA-295. xen-arm32-bitops-Rewrite-bitop-helpers-in-C.diff:This is part of XSA-295. xen-arm-bitops-Consolidate-prototypes-in-one-place.diff:This is part of XSA-295. xen-arm64-cmpxchg-Simplify-the-cmpxchg-implementation.diff:This is part of XSA-295. xen-arm32-cmpxchg-Simplify-the-cmpxchg-implementation.diff:This is part of XSA-295. xen-arm-bitops-Implement-a-new-set-of-helpers-that-ca.diff:This is part of XSA-295. xen-arm-cmpxchg-Provide-a-new-helper-that-can-timeout.diff:This is part of XSA-295. xen-arm-Turn-on-SILO-mode-by-default-on-Arm.diff:This is part of XSA-295. xen-bitops-Provide-helpers-to-safely-modify-guest-mem.diff:This is part of XSA-295. xen-cmpxchg-Provide-helper-to-safely-modify-guest-mem.diff:This is part of XSA-295. xen-Use-guest-atomics-helpers-when-modifying-atomical.diff:This is part of XSA-295. xen-arm-Add-performance-counters-in-guest-atomic-help.diff:This is part of XSA-295. xen-arm-grant-table-Protect-gnttab_clear_flag-against.diff:This is part of XSA-295. - xsm: 0001-XSM-adjust-Kconfig-names.diff d/xen_flask_fix: add new xsm SILO feature - XSA-284 xen4b-0027-gnttab-set-page-refcount-for-copy-on-grant-transfer.diff:This is XSA-284. - XSA-285 xen4b-0028-IOMMU-x86-fix-type-ref-counting-race-upon-IOMMU-page-.diff:This is XSA-285. - XSA-287 xen4b-0029-steal_page-Get-rid-of-bogus-struct-page-states.diff:This is XSA-287. - XSA-288 xen4b-0030-xen-Make-coherent-PV-IOMMU-discipline.diff:This is XSA-288. - XSA-290 xen4b-0031-x86-mm-also-allow-L2-un-validation-to-be-fully-preemp.diff:This is part of XSA-290. xen4b-0032-x86-mm-add-explicit-preemption-checks-to-L3-un-valida.diff:This is part of XSA-290. - XSA-291 xen4b-0033-x86-mm-don-t-retain-page-type-reference-when-IOMMU-op.diff:This is XSA-291. - XSA-292 xen4b-0034-x86-mm-properly-flush-TLB-in-switch_cr3_cr4.diff:This is XSA-292. - XSA-293 xen4b-0035-x86-pv-Rewrite-guest-cr4-handling-from-scratch.diff:This is part of XSA-293. xen4b-0036-x86-pv-Don-t-have-cr4.fsgsbase-active-behind-a-guest-.diff:This is part of XSA-293. - XSA-294 xen4b-0037-x86-pv-_toggle_guest_pt-may-not-skip-TLB-flush-for-sh.diff:This is XSA-294. * Wed Dec 05 2018 Mark Pryor - 4.11.1-1.el7.dev7 - HEAD @ 96cbd0893f78399 update Xen version to 4.11.1-Thu 29 Nov 2018 06:04 - XSA-278 x86-vvmx-Disallow-the-use-of-VT-x-instructions-when-n.diff:This is XSA-278 - XSA-282 x86-extend-get_platform_badpages-interface.diff:This is part of XSA-282. x86-work-around-HLE-host-lockup-erratum.diff:This is part of XSA-282. - XSA-275 amd-iommu-fix-flush-checks.diff:This is part of XSA-275. AMD-IOMMU-suppress-PTE-merging-after-initial-table-cr.diff:This is part of XSA-275. - XSA-276 x86-hvm-ioreq-fix-page-referencing.diff:This is part of XSA-276. - XSA-277 x86-mm-Put-the-gfn-on-all-paths-after-get_gfn_query.diff:This is XSA-277. - XSA-279 x86-mm-Don-t-perform-flush-after-failing-to-update-a-.diff:This is XSA-279. - XSA-280 x86-shadow-move-OOS-flag-bit-positions.diff:This is part of XSA-280. x86-shadow-shrink-struct-page_info-s-shadow_flags-to-.diff:This is part of XSA-280. * Sun Sep 02 2018 Mark Pryor - 4.11.0-2.el7.dev7 - HEAD @ 733450b39b83d7891dd x86: write to correct variable in parse_pv_l1tf-Wed 15 Aug 2018 05:20 - XSA-268 xen4b-0030-ARM-disable-grant-table-v2.diff:This is XSA-268. - XSA-269 xen4b-0031-x86-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBU.diff:This is XSA-269. - XSA-272 xen4b-0032-tools-oxenstored-Make-evaluation-order-explicit.diff:This is XSA-272. - XSA-273 xen4b-0033-x86-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-m.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0034-x86-spec-ctrl-Introduce-an-option-to-control-L1TF-mit.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0035-x86-shadow-Infrastructure-to-force-a-PV-guest-into-sh.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0036-x86-mm-Plumbing-to-allow-any-PTE-update-to-fail-with-.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0037-x86-pv-Force-a-guest-into-shadow-mode-when-it-writes-.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0038-x86-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.diff:This is part of XSA-273 / CVE-2018-3646. xen4b-0039-x86-msr-Virtualise-MSR_FLUSH_CMD-for-guests.diff:This is part of XSA-273 / CVE-2018-3646. xen4b-0040-x86-spec-ctrl-Introduce-an-option-to-control-L1D_FLUS.diff:This is part of XSA-273 / CVE-2018-3620. xen4b-0041-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigat.diff:This is part of XSA-273. xen4b-0042-xl.conf-Add-global-affinity-masks.diff:This is part of XSA-273 / CVE-2018-3646. * Tue Jul 10 2018 Mark Pryor - 4.11.0-1.el7.dev7 - xen-4.11.0 (final) - HEAD @ 1eb6544a567e3e5133fa SUPPORT.md: Support lifetime for 4.11-Mon 9 Jul 2018 06:47 * Mon Jul 2 2018 Mark Pryor - 4.11~rc6-1.el7.dev7 - built with gcc7 (7.3) and binutils-2.28 devtoolset-7 (scl tools) - HEAD @ eb17ff9ce6a99a8761d3f-x86: guard against #NM-Thu 28 Jun 2018 00:39 - initial release of xen-4.11 (rc6+HEAD@staging-4.11) * Wed Jun 13 2018 Mark Pryor - 4.10.1-1.el7.dev7 - built with gcc7 (7.3) and binutils-2.28 devtoolset-7 (scl tools) - setup-applet: setup-sclo-c7 - mock cfg: epel-7-sclo-x86_64 - PryMar56 world premiere - qemu-config.macro, Source31, not used - XSA-267 xen4a-0048-x86-Support-fully-eager-FPU-context-switching.patch xen4a-0049-x86-spec-ctrl-Mitigations-for-LazyFPU.patch * Thu May 31 2018 Mark Pryor - 4.10.1-1.el7 - new Xen minor version, 4.10.1 - triple hypervisor build xenperf & xenxsm enabled on cmdline - pvshim built in tools/firmware/xen-dir (new) - HEAD @ 7b35e7807c9efba0f xen/x86: use PCID feature-Tue 29 May 2018 00:38 - XSA-258 libxl: Specify format of inserted cdrom - XSA-259 x86: fix slow int80 path after XPTI additions - XSA-260 xen4a-0001-x86-traps-Fix-dr6-handing-in-DB-handler.diff: CVE-2018-8897. xen4a-0002-x86-pv-Move-exception-injection-into-compat_-test_all.diff: CVE-2018-8897. xen4a-0003-x86-traps-Use-an-Interrupt-Stack-Table-for-DB.diff: CVE-2018-8897. xen4a-0004-x86-traps-Fix-handling-of-DB-exceptions-in-hypervisor.diff: CVE-2018-8897. - XSA-261 xen4a-0005-x86-vpt-add-support-for-IO-APIC-routed-interrupts.diff - XSA-262 xen4a-0006-x86-HVM-guard-against-emulator-driving-ioreq-state-in.diff - XSA-263 http://xenbits.xen.org/xsa/xsa263-4.10/ xen4a-0023-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.diff xen4a-0024-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-v.diff xen4a-0025-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec_.diff xen4a-0026-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATIV.diff xen4a-0027-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid-.diff xen4a-0028-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-co.diff xen4a-0029-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-HV.diff xen4a-0030-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_C.diff xen4a-0031-x86-cpuid-Improvements-to-guest-policies-for-speculat.diff xen4a-0032-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line-.diff xen4a-0033-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-Byp.diff xen4a-0034-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-B.diff xen4a-0035-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-u.diff * Tue May 15 2018 Mark Pryor - 4.10.0-7.el7 - initial build for 7.5.1804 (May 9, 2018) * Thu Mar 29 2018 Mark Pryor - 4.10.0-6.el7 - HEAD @ b6a6458b13dc6f xen/arm: Flush TLBs before turning on the MMU to avoid stale entries-Fri 2 Mar 2018 16:28 - split off qemut, provides qemu-dm * Fri Mar 16 2018 Mark Pryor - 4.10.0-5.el7 - XSA-252 xen4a-0069-memory-don-t-implicitly-unpin-for-decrease-reservatio.patch - XSA-255 xen4a-0070-gnttab-ARM-don-t-corrupt-shared-GFN-array.patch xen4a-0071-gnttab-don-t-blindly-free-status-pages-upon-version-c.patch - XSA-256 xen4a-0072-x86-hvm-Disallow-the-creation-of-HVM-domains-without-.patch - qemuu: back to SDL1.2 and 2 audio drivers - tools/Makefile: do not modify MAKELEVEL * Fri Mar 02 2018 Mark Pryor - 4.10.0-4.el7 - move qemu-config into its own macro (Source31) auto-config of qemu - configure now run as a rule in /Makefile extract-config-opts: borrow from debian-qemu team (Source30) - stop using the install-xen rule * Mon Feb 12 2018 Mark Pryor - 4.10.0-3.el7 - HEAD @ 3921128fcb3501318f523 xen/arm: vsmc: Dont implement function IDs that dont exist-Thu 8 Feb 2018 16:25 - XSA-254 xen4a-0017-x86-entry-Remove-support-for-partial-cpu_user_regs-fr.diff xen4a-0022-xen-arm-Introduce-enable-callback-to-enable-a-capabil.diff xen4a-0023-xen-arm64-Add-missing-MIDR-values-for-Cortex-A72-A73-.diff xen4a-0024-xen-arm-cpuerrata-Add-MIDR_ALL_VERSIONS.diff xen4a-0025-xen-arm64-Add-skeleton-to-harden-the-branch-predictor.diff xen4a-0026-xen-arm64-Implement-branch-predictor-hardening-for-af.diff xen4a-0017-x86-entry-Remove-support-for-partial-cpu_user_regs-fr.diff xen4a-0022-xen-arm-Introduce-enable-callback-to-enable-a-capabil.diff xen4a-0023-xen-arm64-Add-missing-MIDR-values-for-Cortex-A72-A73-.diff xen4a-0024-xen-arm-cpuerrata-Add-MIDR_ALL_VERSIONS.diff xen4a-0025-xen-arm64-Add-skeleton-to-harden-the-branch-predictor.diff xen4a-0026-xen-arm64-Implement-branch-predictor-hardening-for-af.diff xen4a-0029-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY_-macros.diff xen4a-0030-xen-arm32-Add-missing-MIDR-values-for-Cortex-A17-and-.diff xen4a-0031-xen-arm32-entry-Add-missing-trap_reset-entry.diff xen4a-0032-xen-arm32-Add-skeleton-to-harden-branch-predictor-ali.diff xen4a-0033-xen-arm32-Invalidate-BTB-on-guest-exit-for-Cortex-A17.diff xen4a-0040-x86-entry-Rearrange-RESTORE_ALL-to-restore-register-i.diff xen4a-0041-x86-hvm-Use-SAVE_ALL-to-construct-the-cpu_user_regs-f.diff xen4a-0042-x86-entry-Erase-guest-GPR-state-on-entry-to-Xen.diff xen4a-0044-x86-Support-compiling-with-indirect-branch-thunks.diff xen4a-0045-x86-Support-indirect-thunks-from-assembly-code.diff xen4a-0046-x86-boot-Report-details-of-speculative-mitigations.diff xen4a-0047-x86-amd-Try-to-set-lfence-as-being-Dispatch-Serialisi.diff xen4a-0048-x86-Introduce-alternative-indirect-thunks.diff xen4a-0049-x86-feature-Definitions-for-Indirect-Branch-Controls.diff xen4a-0050-x86-cmdline-Introduce-a-command-line-option-to-disabl.diff * Sat Dec 23 2017 Mark Pryor - 4.10.0-2.el7 - HEAD @ 9dc5eda576bafca47 x86/vmx: Don-t use hvm_inject_hw_exception() in long_mode_do_msr_write()-Wed 20 Dec 2017 06:45 - qemuu build: staged to dist/uumeq newpatch(2): misc-0403*,misc-0405* * Wed Dec 13 2017 Mark Pryor - 4.10.0-1.el7 - 4.10 Initial release (Closes: #5432) - XSA 240 (2) x86-don-t-wrongly-trigger-linear-page-table-assertion.diff:This is part of XSA-240. - XSA 248 x86-mm-don-t-wrongly-set-page-ownership.diff:This is XSA-248. - XSA 249 x86-shadow-fix-refcount-overflow-check.diff:This is XSA-249. - XSA 250 x86-shadow-fix-ref-counting-error-handling.diff:This is XSA-250. - XSA 251 x86-paging-don-t-unconditionally-BUG-on-finding-SHARE.diff:This is XSA-251. * Sun Dec 10 2017 Mark Pryor - 4.10~rc7-1.el7 - HEAD @ fd07c6d0f004286c x86/hvm: fix interaction between internal and external emulation-Fri 1 Dec 2017 10:13 - first build from the new branch staging-4.10 - split off qemuu package using the makefile rule from 0402-build-shortcut-to-make-qemu-xen.patch.not * Fri Nov 17 2017 Mark Pryor - 4.10~rc5-1.el7 - HEAD @ eb0660c6950e08e x86/hvm: Fix altp2m_vcpu_enable_notify error handling-Thu 16 Nov 2017 09:25 - xen_4a.config dynamically written for perf-hypervisor build - XSA-243 x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh.patch The fix for XSA-243 / CVE-2017-15592 (c/s bf2b4eadcf379) introduced a change - XSA-240 x86-don-t-wrongly-trigger-linear-page-table-assertio.patch * Fri Nov 03 2017 Mark Pryor - 4.10~rc3-1.el7 - rc3 initial build - HEAD @ bb2c1a1cc98a22e arm/xen: vpl011: Fix SBSA UART interrupt assertion-Fri 27 Oct 2017 10:11 * Tue Oct 24 2017 Mark Pryor - 4.10~rc2-1.el7 - 2nd release candidate - HEAD @ e77dabc58c4b6c74 libxl: annotate s to be nonnull in libxl__enum_from_string-Fri 20 Oct 2017 03:40 * Fri Oct 20 2017 Mark Pryor - 4.10~rc1-1.el7 - Initial Release (Closes: #87654) - HEAD @ 24fb44e971a62b34 Config.mk, xen/Makefile: Update version to 4.10[.0]-rc-Mon 16 Oct 2017 07:24 * Sun Oct 08 2017 Mark Pryor - 4.9.0-5.el7 - HEAD @ 1cdcb36701fd22aec (XSA-245) xen/arm: Correctly report the memory region in the dummy NUMA helpers-Fri 6 Oct 2017 05:59 - 11 patches from staging-4.9 - 49 patches from qemu-2.8 upstream: https://tracker.debian.org/news/877656 qemuu-patch.macro qseries * Fri Sep 22 2017 Mark Pryor - 4.9.0-4.el7 - HEAD @ 2cc3d32f40c71cb24 gnttab: also validate PTE permissions upon destroy/replace-Tue 12 Sep 2017 15:01 - XSA-231 xen-mm-make-sure-node-is-less-than-MAX_NUMNODES - XSA-232 grant_table-fix-GNTTABOP_cache_flush-handling - XSA-233 tools-xenstore-dont-unlink-connection-object-twice.diff - XSA-234 gnttab-also-validate-PTE-permissions-upon-destroy-rep - move hypervisor kconfigs (xen-4.9*.config) into boot/kcfg/ - first build in new release 7.4.1708 - split-off perf-hypervisor package * Mon Sep 04 2017 Mark Pryor - 4.9.0-3.el7 - HEAD @ d23bcc5ae7342a6 gnttab: avoid spurious maptrack handle allocation failures-Mon 28 Aug 2017 02:40 - xenperf: new switch to build debug/xenperf hypervisor separate from default hypervisor * Sat Aug 19 2017 Mark Pryor - 4.9.0-2.el7 - HEAD @9bf14bbf990843bfe gnttab: fix: dont use possibly unbounded tail calls-Thu 24 Aug 2017 06:57 - XSA-226 gnttab-fix-transitive-grant-handling gnttab-don-t-use-possibly-unbounded-tail-calls gnttab-fix-don-t-use-possibly-unbounded-tail-calls - XSA-227 grant-disallow-misaligned-PTEs.patch:This is CVE-2017-12137 / XSA-227 - XSA-228 gnttab-split-maptrack-lock-to-make-it-fulfill-its-pur.patch:This is CVE-2017-12136 - XSA-230 gnttab-correct-pin-status-fixup-for-copy.patch:This is XSA-230 - custom macros, prep_reuse & xenfigure, moved to rpmmacrosdir/macros.prymar56 - 2 backports from qemu-xen staging-4.9, including: CVE-2017-5579: serial: fix memory leak in serial exit - 4 backports from staging cpufreq: only stop ondemand governor if already started VT-d: don't panic/warn on iommu=no-igfx VT-d PI: disable VT-d PI when CPU-side PI isn't enabled x86/hvm: Fixes to hvmemul_insn_fetch() * Thu Jul 13 2017 Mark Pryor - 4.9.0-1.el7 - rebuilt ovmf.bin.49 - Initial Release (Closes: #1465707) * Thu Jul 13 2017 Mark Pryor - 4.9.0-1.fc25 - Initial Release (Closes: #1465707) - rebuilt ovmf.bin.49 with 5920a9d commit * Fri Jun 23 2017 Mark Pryor - 4.9~rc9-1.fc25 - XSA-217,218,219,220,221,222,223,224 * Sun Mar 19 2017 Mark Pryor - 4.9~unstable-1.fc25 - patched to @ of staging-4.9 * Sun Mar 12 2017 Mark Pryor - 4.8.0-1.fc25 - patched to @ of staging-4.8 - XSA-207,208,209 * Thu Oct 13 2016 Mark Pryor - 4.7.0-8.fc24 - 10 patches {0040,0049} from staging-4.7 - XSA-190 * Mon Sep 19 2016 Mark Pryor - 4.7.0-7.fc24 - 9 patches {0031,0039} from staging-4.7 - added pvgrub downgrade since native 4.7 pv-grub fails with domU kernel-4.x.x * Wed Sep 07 2016 Mark Pryor - 4.7.0-6.fc24 - 13 patches {0018,0030} from staging-4.7 - no more ipxe git download - XSA 185,188 - new binary rebuild of ovmf.bin.47 * Mon Aug 29 2016 Mark Pryor - 4.7.0-5 - 3 patches {0015,0017} from staging-4.7 * Sun Aug 21 2016 Mark Pryor - 4.7.0-4 - 8 patches {0007,0014} from staging * Wed Aug 03 2016 Mark Pryor - 4.7.0-3 - XSA 182,183,184 * Fri Jul 22 2016 Mark Pryor - 4.7.0-2 - fc24: added Epoch tag so that distro packages don't clobber us - moved gmp-crosslib config fix to patch - binary rebuild for 5th week of fc24 - 4 patches from staging-4.7 * Tue Jun 21 2016 Mark Pryor - 4.7.0-1 - fc24: Distro released today & xen-4.7.0 released yesterday * Wed Jun 08 2016 Mark Pryor - 4.7.0-rc5 - 3rd rpm build for fc24 * Tue May 17 2016 Mark Pryor - 4.7.0-rc3 - 2nd rpm build for fc24 * Sat May 14 2016 Mark Pryor - 4.7.0-rc2 - 1st rpm build for fc24 - all build depends moved to ocaml-devel (reduce requires load) - new BR-pod2html has its own module now * Sat Feb 13 2016 Mark Pryor - 4.7-unstable.7 - 6th rpm build for Centos 7.2.1511 - add 63 patches * Thu Feb 11 2016 Mark Pryor - 4.7-unstable.6 - 5th rpm build for Centos 7.2.1511 - added 70 patches to date from xen staging, 1 qemu-xen * Fri Jan 22 2016 Mark Pryor - 4.7-unstable.5 - 4th rpm build for Centos 7.2.1511 - new tarball * Sun Jan 10 2016 Mark Pryor - 4.7-unstable.4 - 3rd rpm build for Centos 7.2.1511 - all patches to date in staging except the build stuff (KCONFIG) * Tue Dec 15 2015 Mark Pryor - 4.7-unstable.2 - 1st rpm build for Centos 7.2.1511 - obsolete the EFI patch. No more mingw32 linker needed - 20 patches from staging (1 day of work) * Thu Dec 03 2015 Mark Pryor - 4.7-unstable.1 - 13th rpm build for Centos 7.1.1503 - Preview of 4.7-unstable for C7 * Fri Nov 27 2015 Mark Pryor - 4.6.0-4 - 12th rpm build for Centos 7.1.1503 - patches: 3 CVE backports from staging-4.6 & 3 from mini-os.git - added remus netlink socket support * Mon Nov 02 2015 Mark Pryor - 4.6.0-3 - 11th rpm build for Centos 7.1.1503 - 32 patches from qemu-trad, brought over from xenserver into new git repo, qemu-xen-traditional.git - all the XSA series from staging-4.6 to date (146-152): http://pastebin.centos.org/35841/raw/ - added ovmf build * Wed Oct 21 2015 Mark Pryor - 4.6.0-2 - 10th rpm build for Centos 7.1.1503 - 7 backports from staging-4.6 * Wed Oct 07 2015 Mark Pryor - 4.6.0-1 - 9th rpm build for Centos 7.1.1503 - new release, 7 patches are signed and formatted by me * Tue Sep 29 2015 Mark Pryor - 4.6.0-rc4.1 - 8th rpm build for Centos 7.1.1503 - 2 patches from qemu-trad: 1c8d43cbdf0f 2b5684137e81 * Wed Sep 09 2015 Mark Pryor - 4.6.0-rc3.1 - 7th rpm build for Centos 7.1.1503 - 2 patches from qemu-trad: 1c8d43cbdf0f 2b5684137e81 * Fri Sep 04 2015 Mark Pryor - 4.6.0-rc2.3 - 6th rpm build for Centos 7.1.1503 - patch from staging: *46rc2-b2700877adac.patch * Fri Aug 28 2015 Mark Pryor - 4.6.0-rc2.2 - 5th rpm build for Centos 7.1.1503 - patch from staging to date - from qemu-upstream-unstable: 604ad155f685162b1 b05befcbea71a9 - from qemu-xen-trad: 5cdde31eacdd * Tue Aug 18 2015 Mark Pryor - 4.6.0-rc1.2 - 4th rpm build for Centos 7.1.1503 - patch from staging to date * Thu Aug 13 2015 Mark Pryor - 4.6.0-rc1.1 - 3rd rpm build for Centos 7.1.1503 - patch from staging to date * Sat Aug 01 2015 Mark Pryor - 4.6-unstable - 2nd rpm build for Centos 7.1.1503 * Tue Jul 14 2015 Mark Pryor - 4.6-unstable - 1st rpm build for Centos 7.1.1503 - protobuild for 4.6