xen (4.6.0-1ubuntu4) xenial; urgency=low

  * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.

 -- Stefan Bader <stefan.bader@canonical.com>  Fri, 19 Feb 2016 12:08:31 +0100

xen (4.6.0-1ubuntu3) xenial; urgency=low

  * Fix unmount error message on shutdown and init script ordering issues:
    - d/xen-utils-common.xenstored.init: Introduce new init script which only
      starts xenstored (but also shuts it down on stop). Prevent this one to
      be run on upgrade.
    - d/xen-utils-common.xen.init:
      * Add X-Start-Before/X-Stop-After dependencies on libvirt-bin
      * Remove xenstored related code
  * d/scripts/xen-init-list: Revert back to unmodified version from Debian.
    With the ordering fixed, libvirt guests should be handled by its own
    script before xendomains is run.
  * d/control, d/libxen-dev.install and d/rules.real:
    Add xenlight.pc and xlutil.pc to be packaged as part of libxen-dev in
    multi-arch suitable location. Also declare libxen-dev as multi-arch
    same.
  * Additional Security Patches:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 18 Feb 2016 18:20:38 +0100

xen (4.6.0-1ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 16 Dec 2015 12:06:10 +0100

xen (4.6.0-1ubuntu1) xenial; urgency=low

  * Merge of Xen-4.6 from Debian. Remaining changes:
    - debian/control, debian/rules.gen:
      Generate transitional xen-hypervisor packages.
    - debian/rules.real:
      Install the grub.d config file.
    - debian/scripts/xen-init-list:
      Ignore libxl guests not created by the xl toolstack (e.g. libvirt).
    - debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      Minor readability improvements (maybe get rid of those)
    - debian/xen-hypervisor-4.6.xen.cfg:
      Additional config file to simplify grub configuration.
    - debian/xen-utils-4.6.postinst, debian/xen-utils-4.6.prerm:
      Remove update-alternatives call.
    - debian/xen-utils-common.xen.init:
      Fix consoled_stop_real and additional code to start and attach a
      qemu instance to dom0 (needed for pygrub booting QCOW2 PVM guests).
      Note: Also contains a work-around for a kernel bug which should be
      dropped in the next release.
    - debian/patches/ubuntu-config-prefix-fix.patch:
      Modifies configure and tools/configure to use the correct (versioned)
      libexec path.
    - Additional security fixes:
      * XSA-156 / CVE-2015-5307
        x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 02 Dec 2015 18:57:48 +0100

xen (4.6.0-1) unstable; urgency=medium

  * New upstream release.
  * CVE-2015-7812
  * CVE-2015-7813
  * CVE-2015-7814
  * CVE-2015-7835
  * CVE-2015-7969
  * CVE-2015-7970
  * CVE-2015-7971
  * CVE-2015-7972

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Nov 2015 21:49:07 +0100

xen (4.5.1-0ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <stefan.bader@canonical.com>  Tue, 03 Nov 2015 08:39:07 -0600

xen (4.5.1-0ubuntu1) wily; urgency=low

  * New upstream stable release (4.5.1)
    - Replacing the following security changes by upstream versions:
      * CVE-2014-3969 / XSA-98 (update),
        CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118,
        CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
        CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123,
        CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127
    - Included security changes which where not yet applied:
      * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136
  * Applying additional Xen Security Advisories:
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 02 Sep 2015 16:37:39 +0200

xen (4.5.1~rc1-1) experimental; urgency=medium

  [ Ian Campbell ]
  * Use xen-init-dom0 from initscript when it is available.
  * Install some user facing docs in xen-utils-common. (Closes: #688308)

  [ Bastian Blank ]
  * New upstream release candidate.

 -- Bastian Blank <waldi@debian.org>  Sun, 31 May 2015 21:59:56 +0200

xen (4.5.0-1ubuntu4) vivid; urgency=low

  * Applying Xen Security Advisories:
    * CVE-2014-3969 / XSA-98 (update)
      - xen: arm: correct arm64 version of gva_to_ma_par
    * CVE-2015-2752 / XSA-125
      - Limit XEN_DOMCTL_memory_mapping hypercall to only process up
        to 64 GFNs (or less)
    * CVE-2015-2751 / XSA-127
      - domctl: don't allow a toolstack domain to call domain_pause() on
        itself

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Apr 2015 10:10:27 +0200

xen (4.5.0-1ubuntu3) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-0268 / XSA-117
      * xen/arm: vgic-v2: Don't crash the hypervisor if the SGI
        target mode is invalid
    - CVE-2015-1563 / XSA-118
      * xen/arm: vgic: message in the emulation code should be
        rate-limited
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 04 Mar 2015 12:34:49 +0100

# For older changelog entries, run 'apt-get changelog libxenstore3.0'