File: changelog

package info (click to toggle)
xen 4.11.1+92-g6c33308a8d-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 36,276 kB
  • sloc: ansic: 488,072; asm: 7,866; python: 7,435; makefile: 7,336; sh: 6,425; ml: 4,752; perl: 4,223; cpp: 1,829; lex: 708; yacc: 656; pascal: 433
file content (1766 lines) | stat: -rw-r--r-- 63,900 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high

  * Mention MDS and the need for updated microcode and disabling
    hyper-threading in NEWS.
  * Mention the ucode=scan option in the grub.d/xen documentation.

 -- Hans van Kranenburg <hans@knorrie.org>  Sat, 22 Jun 2019 11:15:08 +0200

xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high

  * Update to new upstream version 4.11.1+92-g6c33308a8d, which also
    contains the following security fixes:
    - Fix: grant table transfer issues on large hosts
      XSA-284 (no CVE yet) (Closes: #929991)
    - Fix: race with pass-through device hotplug
      XSA-285 (no CVE yet) (Closes: #929998)
    - Fix: x86: steal_page violates page_struct access discipline
      XSA-287 (no CVE yet) (Closes: #930001)
    - Fix: x86: Inconsistent PV IOMMU discipline
      XSA-288 (no CVE yet) (Closes: #929994)
    - Fix: missing preemption in x86 PV page table unvalidation
      XSA-290 (no CVE yet) (Closes: #929996)
    - Fix: x86/PV: page type reference counting issue with failed IOMMU update
      XSA-291 (no CVE yet) (Closes: #929995)
    - Fix: x86: insufficient TLB flushing when using PCID
      XSA-292 (no CVE yet) (Closes: #929993)
    - Fix: x86: PV kernel context switch corruption
      XSA-293 (no CVE yet) (Closes: #929999)
    - Fix: x86 shadow: Insufficient TLB flushing when using PCID
      XSA-294 (no CVE yet) (Closes: #929992)
    - Fix: Microarchitectural Data Sampling speculative side channel
      XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
      (Closes: #929129)
  * Note that the fixes for XSA-297 will only have effect when also loading
    updated cpu microcode with MD_CLEAR functionality. When using the
    intel-microcode package to include microcode in the dom0 initrd, it has to
    be loaded by Xen. Please refer to the hypervisor command line
    documentation about the 'ucode=scan' option.
  * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
    next upload.

 -- Hans van Kranenburg <hans@knorrie.org>  Tue, 18 Jun 2019 09:50:19 +0200

xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium

  Minor useability improvements and fixes:
  * bash-completion: also complete 'xen'  [Hans van Kranenburg]
  * /etc/default/xen: Handle with ucf again, like in stretch.
    Closes:#923401.  [Ian Jackson]

  Build fix:
  * Fix FTBFS when building only arch-indep binaries (eg
    dpkg-buildpackage -A).  Was due to dh-exec bug wrt not-installed.
    Closes:#923013.  [Hans van Kranenburg; report from Santiago Vila]

  Documentation fix:
  * grub.d/xen.cfg: dom0_mem max IS needed  [Hans van Kranenburg]

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 28 Feb 2019 16:37:04 +0000

xen (4.11.1+26-g87f51bf366-2) unstable; urgency=medium

  * Packaging change: override spurious lintian warning about
    fsimage.so rpath.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 22 Feb 2019 16:07:37 +0000

xen (4.11.1+26-g87f51bf366-1) unstable; urgency=medium

  Significant changes:
  * Update to new upstream version 4.11.1+26-g87f51bf366.
    (This is from the upstream stable branch.)  [Ian Jackson]
  * Build and use oxenstored rather than the C xenstored by default.
    [Ian Jackson and Hans van Kranenburg]
  * xen init script: rewrite and reorganise xenstored start logic.
    [Hans van Kranenburg]

  Documentation etc. improvements:
  * Refresh hypervisor and dom0 command line options documentation.
    (Closes: #919758)  [Hans van Kranenburg; report from Gergely]
  * Ship /etc/default/xen, a striped and tidied version of upstream
    sysconfig.xencommons.in.  [Hans van Kranenburg]

  Significant bugfixes:
  * xen init script: Do nothing if running for wrong Xen package.
    Avoids mystery loss of xenconsoled.  Closes:#851654.
    [Ian Jackson; report from Wolodja Wentland]
  * Make pygrub work again (by fixing python module and shared library
    paths).  Closes:#912381.  [Ian Jackson; earlier, Bastian Blank;
    report from Dimitar Angelov, also Torben Schou Jensen]

  Packaging bugfixes:
  * Have xen-utils-common suggest xen-doc, because it contains a broken
    symlink to it.  Closes:#911046.
    [Hans van Kranenburg; report from Andreas Beckmann]
  * Have xenstore-utils declare Breaks on xen-utils-common to make
    piuparts happy.  Closes:#911045.
    [Hans van Kranenburg, report from Andreas Beckmann]
  * hotplug-common: Strip arch-specific libdir from config file
    Closes:#862236.  [Ian Jackson; report from Stefan B├╝hler]
  * xendomains init script; Add dependency on $network.
    Closes:#798510.  [Francois Lesueur]
  * xendomains init script; Add should-dependency on nfs-kernel-server
    Closes:#826871.  [Geoffrey McRae]

  Packaging minor fixes and improvements [Hans van Kranenburg]:
  * debian/libxenstore3.0.symbols: revert ea2334dfe0
  * debian/control: add dh-python build-dep
  * d/xen-utils-V...: override xen-shim-syms lintian
  * debian/control: bump debhelper builddep to 10
  * debian/.gitignore: ignore more debhelper snippets
  * bash-completion: install completion rules for xl
  * xen init script: don't fail when being run in domU
  * Remove xend cruft from various init scripts etc.

  Packaging minor fixes and improvements [Ian Jackson]:
  * xen version/upgrade handling: Improve an error message
  * xen init script: silently exit status 0 if not running under xen
  * xen init script: Tidy up wrong/missing Xen version error handling
  * debian/rules: Fix tiny typos
  * hotplug-common: Do not adjust LD_LIBRARY_PATH

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 22 Feb 2019 15:11:45 +0000

xen (4.11.1-1) unstable; urgency=medium

  * debian/control: Add Homepage, Vcs-Browser and Vcs-Git.
    (Closes: #911457)
  * grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086)
  * debian/rules: Don't exclude the actual pygrub script.
  * Update to new upstream version 4.11.1, which also contains:
    - Fix: insufficient TLB flushing / improper large page mappings with AMD
      IOMMUs
      XSA-275 CVE-2018-19961 CVE-2018-19962
    - Fix: resource accounting issues in x86 IOREQ server handling
      XSA-276 CVE-2018-19963
    - Fix: x86: incorrect error handling for guest p2m page removals
      XSA-277 CVE-2018-19964
    - Fix: x86: Nested VT-x usable even when disabled
      XSA-278 CVE-2018-18883
    - Fix: x86: DoS from attempting to use INVPCID with a non-canonical
      addresses
      XSA-279 CVE-2018-19965
    - Fix for XSA-240 conflicts with shadow paging
      XSA-280 CVE-2018-19966
    - Fix: guest use of HLE constructs may lock up host
      XSA-282 CVE-2018-19967
  * Update version handling patching to put the team mailing list address in
    the first hypervisor log line and fix broken other substitutions.
  * Disable handle_iptable hook in vif-common script. See #894013 for more
    information.

 -- Hans van Kranenburg <hans@knorrie.org>  Wed, 02 Jan 2019 20:59:40 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium

  * debian/rules: Cope if xen-utils-common not being built
    (Fixes binary-indep FTBFS.)

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 15 Oct 2018 18:07:11 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-4) unstable; urgency=medium

  * Many packaging fixes to fix FTBFS on all arches other than amd64.
  * xen-vbd-interface(7): Provide properly-formatted NAME section
  * Add pandoc and markdown to Build-Depends - fixes missing docs.
  * Revert "tools-xenstore-compatibility.diff" apropos of discussion
    https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg00838.html

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 15 Oct 2018 12:15:36 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-3) unstable; urgency=medium

  * hypervisor package postinst: Actually install (avoids need to
    run update-grub by hand).
  * debian/control: Adding Section to source stanza
  * debian/control: Add missing Replaces on old xen-utils-common
  * debian/rules: Add a -n to a gzip rune to improve reproducibility

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 12 Oct 2018 16:55:48 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-2) unstable; urgency=medium

  * Redo as an upload with binaries, because source-only uploads to NEW
    are not allowed.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 05 Oct 2018 19:38:52 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1) unstable; urgency=medium

  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg;
    merging in 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1.

 -- Ian Jackson <ian.jackson@citrix.com>  Fri, 05 Oct 2018 18:39:58 +0100

xen (4.11.1~pre+1.733450b39b-1) unstable; urgency=medium

  * Completely overhauled the packaging.  In the source package, things
    are very much simpler now with only a few hundred loc of templating
    and scriptery.  In the binary packages the resulting changes are:
     - We now provide -dbgsym packages in the standard way
      - Shared libraries with unstable ABI upstream (ie, whose
        ABI changes with the Xen version) are now in
        libxen<version>-misc rather than libxen<version> and
        have more conventional-looking filenames.
     - Shared libraries with a stable ABI upstream are now each in their
       own package, named after the soname (ABI version), as is
       conventional.  The sonames and minor versions of these are
       no longer mangled.
     - xs.h, replaced upstream by xenstore.h, is now in
       /usr/include/xenstore-compat (as shipped upstream), with
       symlinks left behind.
     - fsimage*.h is no longer shipped (it's namespace-grabbish).
     - libxenvchan.h is in /usr/include as it is in upstream,
       not buried in /usr/include/xen/io
     - /etc/xen/cpupool, a not very interesting example config file,
       has been moved into /usr/share/doc/.
     - There is a new xen-doc package, in which the upstream HTML
       documentation, and various other bits, is now provided.  This
       replaces the text format documentation previously provided in
       xen-utils-common (but the manpages are still there).
     - Utilities which use on libraries with stable ABIs upstream
       are no longer subjected to the Xen version wrapper.
     - Several utilities are now provided in /usr/bin which were
       previously only available buried in /usr/lib/xen-<version>:
          xen-detect xenalyze xencons xencov_split xen-cpuid
       (version-wrapped, where necessary).
     - Likewise very many utilities and daemons in /usr/sbin:
          gdbsx xen-bugtool xen-ringwatch xen-tmem-list-parse
          xenmon xenpmd flask-* xen-kdd xen-diag xen-hptool
          xen-hvmcrash xen-hvmctx xen-livepatch xen-lowmemd
          xen-mfndump xenbaked xenconsoled xencov xenlockprof
          xenstored xenwatchdogd
     - xend and xm are long gone, so remove the support for the
       TOOLSTACK setting in /etc/default/xen.  /usr/sbin/xen just
       runs xl now.  Remove mentions of xend-config.sxp and all
       *.sxp files.  Drop the xend init script.
     - There is no longer any Built-Using.  This is no longer true for
       seabios, which is depended on and used at runtime, rather than
       being embedded into hvmloader.  (The source package also previously
       tried to mention ipxe-qemu in Built-Using but that's (i) dependent
       upstream on CONFIG_ROMBIOS which we disable, and not a
       build-dependency either.)
     - The hvmloader and xen-shim binaries no longer have their .note
       and .comment section(s) stripped.  .note is needed for xen-shim
       to work properly and to find the corresponding debug files.
       And .comment is tiny and harmless AFAICT.
     - Hypervisor debug map files are installed in /usr/lib/debug.
     - The xl bash_completion file from upstream is installed.
     - libxenvchan.h is installed.
     - We install xen-*.efi in /boot.
     - Sections of some packages have been rationalised.
     - We install a doc-base control file.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Wed, 03 Oct 2018 18:45:02 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1) experimental; urgency=medium

  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
  * Remove stubdom/grub.patches/00cvs from the upstream source because it's
    not DFSG compliant. (license-problem-gfdl-invariants)
  * Override statically-linked-binary lintian error about
    usr/lib/xen-4.11/boot/xen-shim

 -- Hans van Kranenburg <hans@knorrie.org>  Tue, 11 Sep 2018 15:34:34 +0200

xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium

  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error

  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.

  [ John Keates ]
  * Enable OVMF (Closes: #858962)

 -- Hans van Kranenburg <hans@knorrie.org>  Sun, 08 Jul 2018 14:30:32 +0200

xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high

  * Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2
    plus a number of bugfixes and security fixes.
    Result is that we now include security fixes for:
       XSA-231 CVE-2017-14316
       XSA-232 CVE-2017-14318
       XSA-233 CVE-2017-14317
       XSA-234 CVE-2017-14319
       (235 already included in 4.8.1-1+deb9u3)
       XSA-236 CVE-2017-15597
       XSA-237 CVE-2017-15590
       XSA-238 (no CVE yet)
       XSA-239 CVE-2017-15589
       XSA-240 CVE-2017-15595
       XSA-241 CVE-2017-15588
       XSA-242 CVE-2017-15593
       XSA-243 CVE-2017-15592
       XSA-244 CVE-2017-15594
       XSA-245 (no CVE yet)
    and a number of upstream functionality fixes, which are not easily
    disentangled from the security fixes.
  * Apply two more security fixes:
       XSA-246 (no CVE yet)
       XSA-247 (no CVE yet)

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 25 Nov 2017 11:26:37 +0000

xen (4.8.1-1+deb9u3) stretch-security; urgency=high

  * Security fixes for
      XSA-226 CVE-2017-12135
      XSA-227 CVE-2017-12137
      XSA-228 CVE-2017-12136
      XSA-230 CVE-2017-12855
      XSA-235 (no CVE yet)
  * Adjust changelog entry for 4.8.1-1+deb9u2 to record
    that XSA-225 fix was indeed included.
  * Security fix for XSA-229 not included as that bug is in Linux, not Xen.
  * Security fixes for XSA-231..234 inc. not inclued as still embargoed.

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Thu, 07 Sep 2017 19:17:58 +0100

xen (4.8.1-1+deb9u2) stretch-security; urgency=high

  * Security fixes for
      XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
      XSA-221 XSA-222 XSA-223 XSA-224 XSA-225

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 20 Jun 2017 14:06:34 +0100

xen (4.8.1-1+deb9u1) unstable; urgency=medium

  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660).  (Xen 4.7 and later is not affected by XSA-215.)

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 02 May 2017 12:19:57 +0100

xen (4.8.1-1) unstable; urgency=high

  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228   Closes:#859560
      XSA-207 / no cve yet      Closes:#856229
      XSA-206 / no cve yet      no Debian bug

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 18 Apr 2017 18:05:00 +0100

xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium

  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Mon, 23 Jan 2017 16:03:31 +0000

xen (4.8.0-1) unstable; urgency=high

  * Update to upstream Xen 4.8.0.
    Includes the following security fixes:
        XSA-201   CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818
        XSA-198   CVE-2016-9379 CVE-2016-9380
        XSA-196   CVE-2016-9378 CVE-2016-9377   Closes:#845669
        XSA-195   CVE-2016-9383
        XSA-194   CVE-2016-9384                 Closes:#845667
        XSA-193   CVE-2016-9385
        XSA-192   CVE-2016-9382
        XSA-191   CVE-2016-9386
    Includes other bugfixes too:
        Closes:#812166, Closes:#818525.

  Cherry picks from upstream:
  * Security fixes:
        XSA-204   CVE-2016-10013                 Closes:#848713
        XSA-203   CVE-2016-10025
        XSA-202   CVE-2016-10024
    For completeness, the following XSAs do not apply here:
        XSA-197   CVE-2016-9381      Bug is in qemu
        XSA-199   CVE-2016-9637      Bug is in qemu
        XSA-200   CVE-2016-9932      Xen 4.8 is not affected
  * Cherry pick a build failure fix:
      "x86/emul: add likely()/unlikely() to test harness"

  [ Ian Jackson ]
  * Drop -lcrypto search from upstream configure, and from our
    Build-Depends.  Closes:#844419.
  * Change my own email address to my work (Citrix) address.  When
    uploading, I will swap hats to effectively sponsor my own upload.

  [ Ian Campbell ]
  * Start a qemu process in dom0 to service the toolstacks loopback disk
    attaches. (Closes: #770456)
  * Remove correct pidfile when stopping xenconsoled.
  * Check that xenstored has actually started before talking to it.
    Incorporate a timeout so as not to block boot (Mitigates #737613)
  * Correct syntax error in xen-init-list when running with xend
    (Closes: #763102)
  * Apply SELinux labels to directories created by initscripts. Patch from
    Russell Coker. (Closes: #764912)
  * Include a reportbug control file to redirect bugs to src:xen for
    packages which contain the Xen version in the name.  Closes:#796370.

  [ Lubomir Host ]
  * Fix xen-init-name to not fail looking for a nonexistent 'config'
    entry in xl's JSON output.  Closes:#818129.

 -- Ian Jackson <ian.jackson@eu.citrix.com>  Thu, 22 Dec 2016 14:51:46 +0000

xen (4.8.0~rc5-1) unstable; urgency=medium

  * New upstream version, Xen 4.8.0 RC5.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 11 Nov 2016 15:26:58 +0000

xen (4.8.0~rc3-1) unstable; urgency=medium

  * Upload 4.8.0~rc3 to unstable.  (RC5 is out upstream, but let's not
    update to that in the middle of the Xen 4.6 -> 4.8 transition.)
  * No source changes.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 05 Nov 2016 15:08:47 +0000

xen (4.8.0~rc3-0exp2) experimental; urgency=medium

  * Build-Depend on iasl on all architectures.  ARM has ACPI now.
    Fixes FTBFS on arm64 (at least).
  * Add qemu-utils and seabios to Suggests.
  * Pass -no-pie -fno-pic to x86 emulator test build.  (Patch
    also submitted upstream.)  Fixes FTBFS on i386 with GCC6.
  * Add myself to Uploaders.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Tue, 01 Nov 2016 18:00:25 +0000

xen (4.8.0~rc3-0exp1) experimental; urgency=high

  * New upstream version, Xen 4.8.0 RC3.
    Fixes many outstanding CVEs.
  * Incorporated many changes from 4.8.0-0ubuntu2
    - libxen-dev is M-A: same
    - Work around grep bug http://bugs.launchpad.net/bugs/1547466
    - debian/xen-hypervisor-4.6.xen.cfg:
      Additional config file to simplify grub configuration.
    - Use new library/abiname scheme.
    - Document what xl and xm are in default.xen
    - Add libvirtd dependency to xendomains init script
    (Thanks to Stefan Bader and others.)

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 24 Oct 2016 17:31:27 +0100

xen (4.6.0-1+nmu2) unstable; urgency=medium

  * Ensure debian/control.md5sum is correctly updated. Fixes FTBFS of
    4.6.0-1+nmu1 on buildds where linux-support-4.2.0-1 is not expected to be
    installed.

 -- Ian Campbell <ijc@debian.org>  Tue, 09 Feb 2016 16:41:16 +0000

xen (4.6.0-1+nmu1) unstable; urgency=medium

  * Non-maintainer upload.
  * Drop unused patching in of $(PREFIX), $(SBINDIR) and $(BINDIR)
    which are no longer used by the upstream build system.
  * Use correct/consistent LIBEXEC dirs throughout build
    (Closes: #805508).

 -- Ian Campbell <ijc@debian.org>  Tue, 19 Jan 2016 14:43:54 +0000

xen (4.6.0-1) unstable; urgency=medium

  * New upstream release.
  * CVE-2015-7812
  * CVE-2015-7813
  * CVE-2015-7814
  * CVE-2015-7835
  * CVE-2015-7969
  * CVE-2015-7970
  * CVE-2015-7971
  * CVE-2015-7972

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Nov 2015 21:49:07 +0100

xen (4.5.1~rc1-1) experimental; urgency=medium

  [ Ian Campbell ]
  * Use xen-init-dom0 from initscript when it is available.
  * Install some user facing docs in xen-utils-common. (Closes: #688308)

  [ Bastian Blank ]
  * New upstream release candidate.

 -- Bastian Blank <waldi@debian.org>  Sun, 31 May 2015 21:59:56 +0200

xen (4.5.0-1) experimental; urgency=medium

  [ Ian Campbell ]
  * New upstream release

 -- Bastian Blank <waldi@debian.org>  Wed, 21 Jan 2015 20:21:45 +0100

xen (4.5.0~rc3-1) experimental; urgency=medium

  * New upstream release candidate.
  * Re-add xend config.

 -- Bastian Blank <waldi@debian.org>  Wed, 17 Dec 2014 22:37:23 +0100

xen (4.4.1-6) unstable; urgency=medium

  * Fix starvation of writers in locks.
    CVE-2014-9065

 -- Bastian Blank <waldi@debian.org>  Thu, 11 Dec 2014 15:56:08 +0100

xen (4.4.1-5) unstable; urgency=medium

  * Fix excessive checks of hypercall arguments.
    CVE-2014-8866
  * Fix boundary checks of emulated MMIO access.
    CVE-2014-8867
  * Fix additional memory leaks in xl. (closes: #767295)

 -- Bastian Blank <waldi@debian.org>  Sun, 30 Nov 2014 20:13:32 +0100

xen (4.4.1-4) unstable; urgency=medium

  [ Bastian Blank ]
  * Make operations pre-emptible.
    CVE-2014-5146, CVE-2014-5149
  * Don't allow page table updates from non-PV page tables.
    CVE-2014-8594
  * Enforce privilege level while loading code segment.
    CVE-2014-8595
  * Fix reference counter leak.
    CVE-2014-9030
  * Use linux 3.16.0-4 stuff.
  * Fix memory leak in xl. (closes: #767295)

  [ Ian Campbell ]
  * Add licensing for tools/python/logging to debian/copyright.
    (Closes: #759384)
  * Correctly include xen-init-name in xen-utils-common. (Closes: #769543)
  * xen-utils recommends grub-xen-host package (Closes: #770460)

 -- Bastian Blank <waldi@debian.org>  Thu, 27 Nov 2014 20:17:36 +0100

xen (4.4.1-3) unstable; urgency=medium

  [ Bastian Blank ]
  * Remove unused build-depencencies.
  * Extend list affected systems for broken interrupt assignment.
    CVE-2013-3495
  * Fix race in hvm memory management.
    CVE-2014-7154
  * Fix missing privilege checks on instruction emulation.
    CVE-2014-7155, CVE-2014-7156
  * Fix uninitialized control structures in FIFO handling.
    CVE-2014-6268
  * Fix MSR range check in emulation.
    CVE-2014-7188

  [ Ian Campbell ]
  * Install xen.efi into /boot for amd64 builds.

 -- Bastian Blank <waldi@debian.org>  Fri, 17 Oct 2014 16:27:46 +0200

xen (4.4.1-2) unstable; urgency=medium

  * Re-build with correct content.
  * Use dh_lintian.

 -- Bastian Blank <waldi@debian.org>  Wed, 24 Sep 2014 20:23:14 +0200

xen (4.4.1-1) unstable; urgency=medium

  * New upstream release.
    - Fix several vulnerabilities. (closes: #757724)
      CVE-2014-2599, CVE-2014-3124,
      CVE-2014-3967, CVE-2014-3968,
      CVE-2014-4021

 -- Bastian Blank <waldi@debian.org>  Sun, 21 Sep 2014 10:45:47 +0200

xen (4.4.0-5) unstable; urgency=medium

  [ Ian Campbell ]
  * Expand on the descriptions of some packages. (Closes: #466683)
  * Clarify where xen-utils-common is required. (Closes: #612403)
  * No longer depend on gawk. Xen can now use any awk one of which is always
    present. (Closes: #589176)
  * Put core dumps in /var/lib/xen/dump and ensure it exists.
    (Closes: #444000)

  [ Bastian Blank ]
  * Handle JSON output from xl in xendomains init script.

 -- Bastian Blank <waldi@debian.org>  Sat, 06 Sep 2014 22:11:20 +0200

xen (4.4.0-4) unstable; urgency=medium

  [ Bastian Blank ]
  * Also remove unused OCaml packages from control file.
  * Make library packages multi-arch: same. (closes: #730417)
  * Use debhelper compat level 9. (closes: #692352)

  [ Ian Campbell ]
  * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
  * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
  * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)

 -- Bastian Blank <waldi@debian.org>  Sat, 30 Aug 2014 13:34:04 +0200

xen (4.4.0-3) unstable; urgency=medium

  [ Ian Campbell ]
  * Use correct SeaBIOS binary which supports Xen (Closes: #737905).

  [ Bastian Blank ]
  * Really update config.{sub,guess}.

 -- Bastian Blank <waldi@debian.org>  Fri, 29 Aug 2014 16:33:19 +0200

xen (4.4.0-2) unstable; urgency=medium

  * Remove broken and unused OCaml-support.

 -- Bastian Blank <waldi@debian.org>  Mon, 18 Aug 2014 15:18:42 +0200

xen (4.4.0-1) unstable; urgency=medium

  [ Bastian Blank ]
  * New upstream release.
    - Update scripts for compatiblity with latest coreutils.
      (closes: #718898)
    - Fix guest reboot with xl toolstack. (closes: #727100)
    - CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code.
      (closes: #730254)
    - xl support for global VNC options. (closes: #744157)
    - vif scripts can now be named relative to /etc/xen/scripts.
      (closes: #744160)
    - Support for arbitrary sized SeaBIOS binaries. (closes: #737905)
    - pygrub searches for extlinux.conf in the expected places.
      (closes: #697407)
    - Update scripts to use correct syntax for ip command.
      (closes: #705659)
  * Fix install of xend configs to not break compatibility.

  [ Ian Campbell ]
  * Disable blktap1 support using new configure option instead of by patching.
  * Disable qemu-traditional and rombios support using new configure option
    instead of by patching. No need to build-depend on ipxe any more.
  * Use system qemu-xen via new configure option instead of patching.
  * Use system seabios via new configure option instead of patching.
  * Use EXTRA_CFLAGS_XEN_TOOLS and APPEND_{CPPFLAGS,LDFLAGS} during build.
  * Add support for armhf and arm64.
  * Update config.{sub,guess}.

 -- Bastian Blank <waldi@debian.org>  Sat, 09 Aug 2014 13:09:00 +0200

xen (4.3.0-3) unstable; urgency=low

  * Revive hypervisor on i386.

 -- Bastian Blank <waldi@debian.org>  Fri, 18 Oct 2013 00:15:16 +0200

xen (4.3.0-2) unstable; urgency=low

  * Force proper install order. (closes: #721999)

 -- Bastian Blank <waldi@debian.org>  Sat, 05 Oct 2013 15:03:36 +0000

xen (4.3.0-1) unstable; urgency=low

  * New upstream release.
    - Fix HVM PCI passthrough. (closes: #706543)
  * Call configure with proper arguments.
  * Remove now empty xen-docs package.
  * Disable external code retrieval.
  * Drop all i386 hypervisor packages.
  * Drop complete blktap support.
  * Create /run/xen.
  * Make xen-utils recommend qemu-system-x86. (closes: #688311)
    - This version comes with audio support. (closes: #635166)
  * Make libxenlight and libxlutil public. (closes: #644390)
    - Set versioned ABI name.
    - Install headers.
    - Move libs into normal library path.
  * Use build flags in the tools build.
    - Fix fallout from harderning flags.
  * Update Standards-Version to 3.9.4. No changes.

 -- Bastian Blank <waldi@debian.org>  Thu, 05 Sep 2013 13:54:03 +0200

xen (4.2.2-1) unstable; urgency=low

  * New upstream release.
    - Fix build with gcc 4.8. (closes: #712376)
  * Build-depend on libssl-dev. (closes: #712366)
  * Enable hardening as much as possible.
  * Re-enable ocaml build fixes. (closes: #695176)
  * Check for out-of-bound values in CPU affinity setup.
    CVE-2013-2072
  * Fix information leak on AMD CPUs.
    CVE-2013-2076
  * Recover from faults on XRSTOR.
    CVE-2013-2077
  * Properly check guest input to XSETBV.
    CVE-2013-2078

 -- Bastian Blank <waldi@debian.org>  Thu, 11 Jul 2013 00:28:24 +0200

xen (4.2.1-2) unstable; urgency=low

  * Actually upload to unstable.

 -- Bastian Blank <waldi@debian.org>  Sun, 12 May 2013 00:20:58 +0200

xen (4.2.1-1) experimental; urgency=low

  * New upstream release.
  * Enable usage of seabios.
  * Fix some toolchain issues.

 -- Bastian Blank <waldi@debian.org>  Sat, 11 May 2013 23:55:46 +0200

xen (4.2.0-2) experimental; urgency=low

  * Support JSON output in domain init script helper.

 -- Bastian Blank <waldi@debian.org>  Mon, 01 Oct 2012 15:11:30 +0200

xen (4.2.0-1) experimental; urgency=low

  * New upstream release.

 -- Bastian Blank <waldi@debian.org>  Tue, 18 Sep 2012 13:54:30 +0200

xen (4.2.0~rc3-1) experimental; urgency=low

  * New upstream snapshot.

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Sep 2012 20:28:46 +0200

xen (4.2.0~rc2-1) experimental; urgency=low

  * New upstream snapshot.
  * Build-depend against libglib2.0-dev and libyajl-dev.
  * Disable seabios build for now.
  * Remove support for Lenny and earlier.
  * Support build-arch and build-indep make targets.

 -- Bastian Blank <waldi@debian.org>  Sun, 13 May 2012 12:21:10 +0000

xen (4.1.4-4) unstable; urgency=high

  * Make several long runing operations preemptible.
    CVE-2013-1918
  * Fix source validation for VT-d interrupt remapping.
    CVE-2013-1952

 -- Bastian Blank <waldi@debian.org>  Thu, 02 May 2013 14:30:29 +0200

xen (4.1.4-3) unstable; urgency=high

  * Fix return from SYSENTER.
    CVE-2013-1917
  * Fix various problems with guest interrupt handling.
    CVE-2013-1919
  * Only save pointer after access checks.
    CVE-2013-1920
  * Fix domain locking for transitive grants.
    CVE-2013-1964

 -- Bastian Blank <waldi@debian.org>  Fri, 19 Apr 2013 13:01:57 +0200

xen (4.1.4-2) unstable; urgency=low

  * Use pre-device interrupt remapping mode per default. Fix removing old
    remappings.
    CVE-2013-0153

 -- Bastian Blank <waldi@debian.org>  Wed, 06 Feb 2013 13:04:52 +0100

xen (4.1.4-1) unstable; urgency=low

  * New upstream release.
    - Disable process-context identifier support in newer CPUs for all
      domains.
    - Add workarounds for AMD errata.
    - Don't allow any non-canonical addresses.
    - Use Multiboot memory map if BIOS emulation does not provide one.
    - Fix several problems in tmem.
      CVE-2012-3497
    - Fix error handling in domain creation.
    - Adjust locking and interrupt handling during S3 resume.
    - Tighten more resource and memory range checks.
    - Reset performance counters. (closes: #698651)
    - Remove special-case for first IO-APIC.
    - Fix MSI handling for HVM domains. (closes: #695123)
    - Revert cache value of disks in HVM domains.

 -- Bastian Blank <waldi@debian.org>  Thu, 31 Jan 2013 15:44:50 +0100

xen (4.1.3-8) unstable; urgency=high

  * Fix error in VT-d interrupt remapping source validation.
    CVE-2012-5634
  * Fix buffer overflow in qemu e1000 emulation.
    CVE-2012-6075
  * Update patch, mention second CVE.
    CVE-2012-5511, CVE-2012-6333

 -- Bastian Blank <waldi@debian.org>  Sat, 19 Jan 2013 13:55:07 +0100

xen (4.1.3-7) unstable; urgency=low

  * Fix clock jump due to incorrect annotated inline assembler.
    (closes: #599161)
  * Add support for XZ compressed Linux kernels to hypervisor and userspace
    based loaders, it is needed for any Linux kernels newer then Wheezy.
    (closes: #695056)

 -- Bastian Blank <waldi@debian.org>  Tue, 11 Dec 2012 18:54:59 +0100

xen (4.1.3-6) unstable; urgency=high

  * Fix error handling in physical to machine memory mapping.
    CVE-2012-5514

 -- Bastian Blank <waldi@debian.org>  Tue, 04 Dec 2012 10:51:43 +0100

xen (4.1.3-5) unstable; urgency=high

  * Fix state corruption due to incomplete grant table switch.
    CVE-2012-5510
  * Check range of arguments to several HVM operations.
    CVE-2012-5511, CVE-2012-6333
  * Check array index before using it in HVM memory operation.
    CVE-2012-5512
  * Check memory range in memory exchange operation.
    CVE-2012-5513
  * Don't allow too large memory size and avoid busy looping.
    CVE-2012-5515

 -- Bastian Blank <waldi@debian.org>  Mon, 03 Dec 2012 19:37:38 +0100

xen (4.1.3-4) unstable; urgency=high

  * Use linux 3.2.0-4 stuff.
  * Fix overflow in timer calculations.
    CVE-2012-4535
  * Check value of physical interrupts parameter before using it.
    CVE-2012-4536
  * Error out on incorrect memory mapping updates.
    CVE-2012-4537
  * Check if toplevel page tables are present.
    CVE-2012-4538
  * Fix infinite loop in compatibility code.
    CVE-2012-4539
  * Limit maximum kernel and ramdisk size.
    CVE-2012-2625, CVE-2012-4544

 -- Bastian Blank <waldi@debian.org>  Tue, 20 Nov 2012 15:51:01 +0100

xen (4.1.3-3) unstable; urgency=low

  * Xen domain init script:
    - Make sure Open vSwitch is started before any domain.
    - Properly handle and show output of failed migration and save.
    - Ask all domains to shut down before checking them.

 -- Bastian Blank <waldi@debian.org>  Tue, 18 Sep 2012 13:26:32 +0200

xen (4.1.3-2) unstable; urgency=medium

  * Don't allow writing reserved bits in debug register.
    CVE-2012-3494
  * Fix error handling in interrupt assignment.
    CVE-2012-3495
  * Don't trigger bug messages on invalid flags.
    CVE-2012-3496
  * Check array bounds in interrupt assignment.
    CVE-2012-3498
  * Properly check bounds while setting the cursor in qemu.
    CVE-2012-3515
  * Disable monitor in qemu by default.
    CVE-2012-4411

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Sep 2012 19:41:46 +0200

xen (4.1.3-1) unstable; urgency=medium

  * New upstream release: (closes: #683286)
    - Don't leave the x86 emulation in a bad state. (closes: #683279)
      CVE-2012-3432
    - Only check for shared pages while any exist on teardown.
      CVE-2012-3433
    - Fix error handling for unexpected conditions.
    - Update CPUID masking to latest Intel spec.
    - Allow large ACPI ids.
    - Fix IOMMU support for PCI-to-PCIe bridges.
    - Disallow access to some sensitive IO-ports.
    - Fix wrong address in IOTLB.
    - Fix deadlock on CPUs without working cpufreq driver.
    - Use uncached disk access in qemu.
    - Fix buffer size on emulated e1000 device in qemu.
  * Fixup broken and remove applied patches.

 -- Bastian Blank <waldi@debian.org>  Fri, 17 Aug 2012 11:25:02 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low

  [ Ian Campbell ]
  * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018)
  * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528)

  [ Bastian Blank ]
  * Actually build-depend on new enough version of dpkg-dev.
  * Add xen-sytem-* meta-packages. We are finally in a position to do
    automatic upgrades and this package is missing. (closes: #681376)

 -- Bastian Blank <waldi@debian.org>  Sat, 28 Jul 2012 10:23:26 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4) unstable; urgency=low

  * Add Build-Using info to xen-utils package.
  * Fix build-arch target.

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Jul 2012 19:52:30 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-3) unstable; urgency=low

  * Remove /usr/lib/xen-default. It breaks systems if xenstored is not
    compatible.
  * Fix init script usage.
  * Fix udev rules for emulated network devices:
    - Force names of emulated network devices to a predictable name.

 -- Bastian Blank <waldi@debian.org>  Sun, 01 Jul 2012 16:59:04 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-2) unstable; urgency=low

  * Fix pointer missmatch in interrupt functions. Fixes build on i386.

 -- Bastian Blank <waldi@debian.org>  Fri, 15 Jun 2012 18:00:51 +0200

xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low

  * New upstream snapshot.
    - Fix privilege escalation and syscall/sysenter DoS while using
      non-canonical addresses by untrusted PV guests. (closes: #677221)
      CVE-2012-0217
      CVE-2012-0218
    - Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
      cause a DoS of the host.
      CVE-2012-2934
  * Don't fail if standard toolstacks are not available. (closes: #677244)

 -- Bastian Blank <waldi@debian.org>  Thu, 14 Jun 2012 17:06:25 +0200

xen (4.1.2-7) unstable; urgency=low

  * Really use ucf.
  * Update init script dependencies:
    - Start $syslog before xen.
    - Start drbd and iscsi before xendomains. (closes: #626356)
    - Start corosync and heartbeat after xendomains.
  * Remove /var/log/xen on purge. (closes: #656216)

 -- Bastian Blank <waldi@debian.org>  Tue, 22 May 2012 10:44:41 +0200

xen (4.1.2-6) unstable; urgency=low

  * Fix generation of architectures for hypervisor packages.
  * Remove information about loop devices, it is incorrect. (closes: #503044)
  * Update xendomains init script:
    - Create directory for domain images only root readable. (closes: #596048)
    - Add missing sanity checks for variables. (closes: #671750)
    - Remove not longer supported config options.
    - Don't fail if no config is available.
    - Remove extra output if domain was restored.

 -- Bastian Blank <waldi@debian.org>  Sun, 06 May 2012 20:07:41 +0200

xen (4.1.2-5) unstable; urgency=low

  * Actually force init script rename. (closes: #669341)
  * Fix long output from xl.
  * Move complete init script setup.
  * Rewrite xendomains init script:
    - Use LSB output functions.
    - Make output more clear.
    - Use xen toolstack wrapper.
    - Use a python script to properly read domain details.
  * Set name for Domain-0.

 -- Bastian Blank <waldi@debian.org>  Mon, 23 Apr 2012 11:56:45 +0200

xen (4.1.2-4) unstable; urgency=low

  [ Bastian Blank ]
  * Build-depend on ipxe-qemu instead of ipxe. (closes: #665070)
  * Don't longer use a4wide latex package.
  * Use ucf for /etc/default/xen.
  * Remove handling for old udev rules link and xenstored directory.
  * Rename xend init script to xen.

  [ Lionel Elie Mamane ]
  * Fix toolstack script to work with old dash. (closes: #648029)

 -- Bastian Blank <waldi@debian.org>  Mon, 16 Apr 2012 08:47:29 +0000

xen (4.1.2-3) unstable; urgency=low

  * Merge xen-common source package.
  * Remove xend wrapper, it should not be called by users.
  * Support xl in init script.
  * Restart xen daemons on upgrade.
  * Restart and stop xenconsoled in init script.
  * Load xen-gntdev module.
  * Create /var/lib/xen. (closes: #658101)
  * Cleanup udev rules. (closes: #657745)

 -- Bastian Blank <waldi@debian.org>  Wed, 01 Feb 2012 19:28:28 +0100

xen (4.1.2-2) unstable; urgency=low

  [ Jon Ludlam ]
  * Import (partially reworked) upstream changes for OCaml support.
    - Rename the ocamlfind packages.
    - Remove uuid and log libraries.
    - Fix 2 bit-twiddling bugs and an off-by-one
  * Fix build of OCaml libraries.
  * Add OCaml library and development package.
  * Include some missing headers.

 -- Bastian Blank <waldi@debian.org>  Sat, 10 Dec 2011 19:13:25 +0000

xen (4.1.2-1) unstable; urgency=low

  * New upstream release.
  * Build-depend on pkg-config.
  * Add package libxen-4.1. Includes some shared libs.

 -- Bastian Blank <waldi@debian.org>  Sat, 26 Nov 2011 18:28:06 +0100

xen (4.1.1-3) unstable; urgency=low

  [ Julien Danjou ]
  * Remove Julien Danjou from the Uploaders field. (closes: #590439)

  [ Bastian Blank ]
  * Use current version of python. (closes: #646660)
  * Build-depend against liblzma-dev, it is used if available.
    (closes: #646694)
  * Update Standards-Version to 3.9.2. No changes.
  * Don't use brace-expansion in debhelper install files.

 -- Bastian Blank <waldi@debian.org>  Wed, 26 Oct 2011 14:42:33 +0200

xen (4.1.1-2) unstable; urgency=low

  * Fix hvmloader with gcc 4.6.

 -- Bastian Blank <waldi@debian.org>  Fri, 05 Aug 2011 23:58:36 +0200

xen (4.1.1-1) unstable; urgency=low

  * New upstream release.
  * Don't use qemu-dm if it is not needed. (Backport from xen-unstable.)
  * Use dh_python2.

 -- Bastian Blank <waldi@debian.org>  Mon, 18 Jul 2011 19:38:38 +0200

xen (4.1.0-3) unstable; urgency=low

  * Add ghostscript to build-deps.
  * Enable qemu-dm build.
    - Add qemu as another orig tar.
    - Remove blktap1, bluetooth and sdl support from qemu.
    - Recommend qemu-keymaps and qemu-utils.

 -- Bastian Blank <waldi@debian.org>  Thu, 28 Apr 2011 15:20:45 +0200

xen (4.1.0-2) unstable; urgency=low

  * Re-enable hvmloader:
    - Use packaged ipxe.
  * Workaround incompatibility with xenstored of Xen 4.0.

 -- Bastian Blank <waldi@debian.org>  Fri, 15 Apr 2011 11:38:25 +0200

xen (4.1.0-1) unstable; urgency=low

  * New upstream release.

 -- Bastian Blank <waldi@debian.org>  Sun, 27 Mar 2011 18:09:28 +0000

xen (4.1.0~rc6-1) unstable; urgency=low

  * New upstream release candidate.
  * Build documentation using pdflatex.
  * Use python 2.6. (closes: #596545)
  * Fix lintian override.
  * Install new tools: xl, xenpaging.
  * Enable blktap2.
    - Use own md5 implementation.
    - Fix includes.
    - Fix linking of blktap2 binaries.
    - Remove optimization setting.
  * Temporarily disable hvmloader, wants to download ipxe.
  * Remove xenstored pid check from xl.

 -- Bastian Blank <waldi@debian.org>  Thu, 17 Mar 2011 16:12:45 +0100

xen (4.0.1-2) unstable; urgency=low

  * Fix races in memory management.
  * Make sure that frame-table compression leaves enough alligned.
  * Disable XSAVE support. (closes: #595490)
  * Check for dying domain instead of raising an assertion.
  * Add C6 state with EOI errata for Intel.
  * Make some memory management interrupt safe. Unsure if really needed.
  * Raise bar for inter-socket migrations on mostly-idle systems.
  * Fix interrupt handling for legacy routed interrupts.
  * Allow to set maximal domain memory even during a running change.
  * Support new partition name in pygrub. (closes: #599243)
  * Fix some comparisions "< 0" that may be optimized away.
  * Check for MWAIT support before using it.
  * Fix endless loop on interrupts on Nehalem cpus.
  * Don't crash upon direct GDT/LDT access. (closes: #609531)
    CVE-2010-4255  
  * Don't loose timer ticks after domain restore.
  * Reserve some space for IOMMU area in dom0. (closes: #608715)
  * Fix hypercall arguments after trace callout.
  * Fix some error paths in vtd support. Memory leak.
  * Reinstate ACPI DMAR table.

 -- Bastian Blank <waldi@debian.org>  Wed, 12 Jan 2011 15:01:40 +0100

xen (4.0.1-1) unstable; urgency=low

  * New upstream release.
    - Fix IOAPIC S3 with interrupt remapping enabled.

 -- Bastian Blank <waldi@debian.org>  Fri, 03 Sep 2010 17:14:28 +0200

xen (4.0.1~rc6-1) unstable; urgency=low

  * New upstream release candidate.
    - Add some missing locks for page table walk.
    - Fix NMU injection into guest.
    - Fix ioapic updates for vt-d.
    - Add check for GRUB2 commandline behaviour.
    - Fix handling of invalid kernel images.
    - Allow usage of powernow.
  * Remove lowlevel python modules usage from pygrub. (closes: #588811)

 -- Bastian Blank <waldi@debian.org>  Tue, 17 Aug 2010 23:15:34 +0200

xen (4.0.1~rc5-1) unstable; urgency=low

  * New upstream release candidate.

 -- Bastian Blank <waldi@debian.org>  Mon, 02 Aug 2010 17:06:27 +0200

xen (4.0.1~rc3-1) unstable; urgency=low

  * New upstream release candidate.
  * Call dh_pyversion with the correct version.
  * Restart xen daemon on upgrade.

 -- Bastian Blank <waldi@debian.org>  Wed, 30 Jun 2010 16:30:47 +0200

xen (4.0.0-2) unstable; urgency=low

  * Fix python dependency. (closes: #586666)
    - Use python-support.
    - Hardcode to use python 2.5 for now.

 -- Bastian Blank <waldi@debian.org>  Mon, 21 Jun 2010 17:23:16 +0200

xen (4.0.0-1) unstable; urgency=low

  * Update to unstable.
  * Fix spelling in README.
  * Remove unnecessary build-depends.
  * Fixup xend to use different filename lookup.

 -- Bastian Blank <waldi@debian.org>  Thu, 17 Jun 2010 11:16:55 +0200

xen (4.0.0-1~experimental.2) experimental; urgency=low

  * Merge changes from 3.4.3-1.

 -- Bastian Blank <waldi@debian.org>  Fri, 28 May 2010 12:58:12 +0200

xen (4.0.0-1~experimental.1) experimental; urgency=low

  * New upstream version.
  * Rename source package to xen.
  * Build depend against iasl and uuid-dev.
  * Disable blktap2 support, it links against OpenSSL.
  * Update copyright file.

 -- Bastian Blank <waldi@debian.org>  Thu, 06 May 2010 15:47:38 +0200

xen-3 (3.4.3-1) unstable; urgency=low

  * New upstream version.
  * Disable blktap support, it is unusable with current kernels.
  * Disable libaio, was only used by blktap.
  * Drop device creation support. (closes: #583283)

 -- Bastian Blank <waldi@debian.org>  Fri, 28 May 2010 11:43:18 +0200

xen-3 (3.4.3~rc6-1) unstable; urgency=low

  * New upstream release candidate.
    - Relocate multiboot modules. (closes: #580045)
    - Support grub2 in pygrub. (closes: #573311)

 -- Bastian Blank <waldi@debian.org>  Sat, 08 May 2010 11:32:29 +0200

xen-3 (3.4.3~rc3-2) unstable; urgency=low

  * Again list the complete version in the hypervisor.
  * Fix path detection for bootloader, document it. (closes: #481105)
  * Rewrite README.

 -- Bastian Blank <waldi@debian.org>  Thu, 08 Apr 2010 16:14:58 +0200

xen-3 (3.4.3~rc3-1) unstable; urgency=low

  * New upstream release candidate.
  * Use 3.0 (quilt) source format.
  * Always use current python version.

 -- Bastian Blank <waldi@debian.org>  Mon, 01 Mar 2010 22:14:22 +0100

xen-3 (3.4.2-2) unstable; urgency=low

  * Remove Jeremy T. Bouse from uploaders.
  * Export blktap lib and headers.
  * Build amd64 hypervisor on i386. (closes: #366315)

 -- Bastian Blank <waldi@debian.org>  Sun, 22 Nov 2009 16:54:47 +0100

xen-3 (3.4.2-1) unstable; urgency=low

  * New upstream version.
  * Strip hvmloader by hand.
  * Remove extra license file from libxen-dev.

 -- Bastian Blank <waldi@debian.org>  Mon, 16 Nov 2009 20:57:07 +0100

xen-3 (3.4.1-1) unstable; urgency=low

  * New upstream version.

 -- Bastian Blank <waldi@debian.org>  Fri, 21 Aug 2009 21:34:38 +0200

xen-3 (3.4.0-2) unstable; urgency=low

  * Add symbols file for libxenstore3.0. (closes: #536173)
  * Document that ioemu is currently unsupported. (closes: #536175)
  * Fix location of fsimage plugins. (closes: #536174)

 -- Bastian Blank <waldi@debian.org>  Sat, 18 Jul 2009 18:05:35 +0200

xen-3 (3.4.0-1) unstable; urgency=low

  [ Bastian Blank ]
  * New upstream version.
  * Remove ioemu for now. (closes: #490409, #496367)
  * Remove non-pae hypervisor.
  * Use debhelper compat level 7.
  * Make the init script start all daemons.

 -- Bastian Blank <waldi@debian.org>  Tue, 30 Jun 2009 22:33:22 +0200

xen-3 (3.2.1-2) unstable; urgency=low

  * Use e2fslibs based ext2 support for pygrub. (closes: #476366)
  * Fix missing checks in pvfb code.
    See CVE-2008-1952. (closes: #487095)
  * Add support for loading bzImage files. (closes: #474509)
  * Enable TLS support in ioemu code.
  * Drop libcrypto usage because of GPL-incompatibility.
  * Remove AES code from blktap drivers. Considered broken.

 -- Bastian Blank <waldi@debian.org>  Sat, 28 Jun 2008 11:30:43 +0200

xen-3 (3.2.1-1) unstable; urgency=low

  * New upstream version.
  * Set rpath relative to ${ORIGIN}.
  * Add lintian override to xen-utils package.

 -- Bastian Blank <waldi@debian.org>  Thu, 22 May 2008 14:01:47 +0200

xen-3 (3.2.0-5) unstable; urgency=low

  * Provide correct directory to dh_pycentral.

 -- Bastian Blank <waldi@debian.org>  Mon, 14 Apr 2008 21:43:49 +0200

xen-3 (3.2.0-4) unstable; urgency=low

  * Pull in newer xen-utils-common.
  * Fix missing size checks in the ioemu block driver. (closes: #469654)
    See: CVE-2008-0928

 -- Bastian Blank <waldi@debian.org>  Fri, 07 Mar 2008 14:21:38 +0100

xen-3 (3.2.0-3) unstable; urgency=low

  * Clean environment for build.
  * Add packages libxenstore3.0 and xenstore-utils.
  * Move docs package in docs section to match overwrites.
  * Make the hypervisor only recommend the utils.
  * Cleanup installation. (closes: #462989)

 -- Bastian Blank <waldi@debian.org>  Tue, 12 Feb 2008 12:40:56 +0000

xen-3 (3.2.0-2) unstable; urgency=low

  * Fix broken patch. (closes: #462522)

 -- Bastian Blank <waldi@debian.org>  Sat, 26 Jan 2008 17:21:52 +0000

xen-3 (3.2.0-1) unstable; urgency=low

  * New upstream version.
  * Add package libxen-dev. Including public headers and static libs.
    (closes: #402249)
  * Don't longer install xenfb, removed upstream.

 -- Bastian Blank <waldi@debian.org>  Tue, 22 Jan 2008 12:51:49 +0000

xen-3 (3.1.2-2) unstable; urgency=low

  * Add missing rpath definitions.
  * Fix building of pae version.

 -- Bastian Blank <waldi@debian.org>  Sat, 08 Dec 2007 12:07:42 +0000

xen-3 (3.1.2-1) unstable; urgency=high

  * New upstream release:
    - Move shared file into /var/run. (closes: #447795)
      See CVE-2007-3919.
    - x86: Fix various problems with debug-register handling. (closes: #451626)
      See CVE-2007-5906.

 -- Bastian Blank <waldi@debian.org>  Sat, 24 Nov 2007 13:24:45 +0000

xen-3 (3.1.1-1) unstable; urgency=low

  * New upstream release:
    - Don't use exec with untrusted values in pygrub. (closes: #444430)
      See CVE-2007-4993.

 -- Bastian Blank <waldi@debian.org>  Fri, 19 Oct 2007 16:02:37 +0000

xen-3 (3.1.0-2) unstable; urgency=low

  * Switch to texlive for documentation.
  * Drop unused transfig.
  * Drop unused latex features from documentation.
  * Build depend against gcc-multilib for amd64. (closes: #439662)

 -- Bastian Blank <waldi@debian.org>  Fri, 31 Aug 2007 08:15:50 +0000

xen-3 (3.1.0-1) unstable; urgency=low

  [ Julien Danjou ]
  * New upstream version.

  [ Ralph Passgang ]
  * Added graphviz to Build-Indeps

  [ Bastian Blank ]
  * Upstream removed one part of the version. Do it also.
  * Merge utils packages.
  * Install blktap support.
  * Install pygrub.
  * Install xenfb tools.
  * xenconsoled startup is racy, wait a little bit.

 -- Bastian Blank <waldi@debian.org>  Mon, 20 Aug 2007 15:05:08 +0000

xen-3.0 (3.0.4-1-1) unstable; urgency=low

  [ Bastian Blank ]
  * New upstream version (closes: #394411)

  [ Guido Trotter ]
  * Actually try to build and release xen 3.0.4
  * Update build dependencies

 -- Guido Trotter <ultrotter@debian.org>  Wed, 23 May 2007 11:57:29 +0100

xen-3.0 (3.0.3-0-2) unstable; urgency=medium

  [Bastian Blank]
  * Remove device recreate code.
  * Remove build dependency on linux-support-X

  [ Guido Trotter ]
  * Add missing build dependency on zlib1g-dev (closes: #396557)
  * Add missing build dependencies on libncurses5-dev and x11proto-core-dev
    (closes: #396561, #396567)

 -- Guido Trotter <ultrotter@debian.org>  Thu,  2 Nov 2006 16:38:02 +0000

xen-3.0 (3.0.3-0-1) unstable; urgency=low

  * New upstream version.

 -- Bastian Blank <waldi@debian.org>  Fri, 20 Oct 2006 11:04:35 +0000

xen-3.0 (3.0.3~rc4+hg11760-1) unstable; urgency=low

  * New upstream snapshot.
  * Ignore update-grub errors. (closes: #392534)

 -- Bastian Blank <waldi@debian.org>  Sat, 14 Oct 2006 13:09:53 +0000

xen-3.0 (3.0.3~rc1+hg11686-1) unstable; urgency=low

  * New upstream snapshot.
  * Rename ioemu package to include the complete version.
  * Fix name of hypervisor. (closes: #391771)

 -- Bastian Blank <waldi@debian.org>  Mon,  9 Oct 2006 12:48:13 +0000

xen-3.0 (3.0.2-3+hg9762-1) unstable; urgency=low

  * New upstream snapshot.
  * Rename hypervisor and utils packages to include the complete version.
  * Redo build environment.

 -- Bastian Blank <waldi@debian.org>  Mon,  4 Sep 2006 18:43:12 +0000

xen-3.0 (3.0.2+hg9697-2) unstable; urgency=low

  [ Guido Trotter ]
  * Update xen-utils' README.Debian (closes: #372524)

  [ Bastian Blank ]
  * Adopt new python policy. (closes: #380990)
  * Add patch to make new kernels working on the hypervisor.

 -- Bastian Blank <waldi@debian.org>  Tue, 15 Aug 2006 19:20:08 +0000

xen-3.0 (3.0.2+hg9697-1) unstable; urgency=low

  [ Guido Trotter ]
  * Update Standards Version
  * Merge upstream fixes trunk (upstream 3.0.2-3 + a couple of fixes)

  [ Bastian Blank ]
  * Add xen-ioemu-3.0 package to support HVM guests (closes: #368496)

 -- Guido Trotter <ultrotter@debian.org>  Wed, 31 May 2006 10:50:05 +0200

xen-3.0 (3.0.2+hg9681-1) unstable; urgency=low

  * Update xen-hypervisor-3.0-i386 and xen-hypervisor-3.0-i386-pae
    descriptions, specifying what the difference between the two packages is
    (closes: #366019)
  * Merge upstream fixes trunk

 -- Guido Trotter <ultrotter@debian.org>  Thu, 18 May 2006 15:25:02 +0200

xen-3.0 (3.0.2+hg9656-1) unstable; urgency=low

  * Merge upstream fixes trunk
    - This includes a fix for CVE-2006-1056

 -- Guido Trotter <ultrotter@debian.org>  Thu, 27 Apr 2006 17:34:03 +0200

xen-3.0 (3.0.2+hg9651-1) unstable; urgency=low

  * Merge upstream fixes trunk
  * Fix PAE disabled in pae build (Closes: #364875) 

 -- Julien Danjou <acid@debian.org>  Wed, 26 Apr 2006 13:19:39 +0200

xen-3.0 (3.0.2+hg9646-1) unstable; urgency=low

  [ Guido Trotter ]
  * Merge upstream fixes trunk

  [ Bastian Blank ]
  * debian/patches/libdir.dpatch: Update to make xm save work

 -- Julien Danjou <acid@debian.org>  Mon, 24 Apr 2006 18:02:07 +0200

xen-3.0 (3.0.2+hg9611-1) unstable; urgency=low

  * Merge upstream bug fixes
  * Fix bug with xend init.d script

 -- Julien Danjou <acid@debian.org>  Wed, 12 Apr 2006 17:35:35 +0200

xen-3.0 (3.0.2+hg9598-1) unstable; urgency=low

  * New upstream release
  * Fix copyright file

 -- Julien Danjou <acid@debian.org>  Mon, 10 Apr 2006 17:02:55 +0200

xen-3.0 (3.0.1+hg8762-1) unstable; urgency=low

  * The "preserve our homes" release
  * Now cooperatively maintained by the Debian Xen Team
  * New upstream release (closes: #327493, #342249)
  * Build depend on transfig (closes: #321157)
  * Use gcc rather than gcc-3.4 to compile (closes: #323698)
  * Split xen-hypervisor-3.0 and xen-utils-3.0
  * Build both normal and pae hypervisor packages
  * Change maintainer and add uploaders field
  * Add force-reload support for init script xendomains
  * Remove dependency against bash
  * Bump standards version to 3.6.2.2
  * xen-utils-3.0 conflicts and replaces xen
  * Add dpatch structure to the package
  * Remove build-dependency on gcc (it's build essential anyway)
  * Make SrvServer.py not executable
  * Create NEWS.Debian file with important upgrade notices
  * Update copyright file
  * Remove the linux-patch-xen package
  * Removed useless build-dependencies: libncurses5-dev, wget
  * Changed xendomains config path to /etc/default
  * xen-utils-3.0 now provides xen-utils and xen-hypervisor-3.0-i386 &
    xen-hypervisor-3.0-i386-pae & xen-hypervizor-amd64 now provide
    xen-hypervisor
  * Made xen-utils-3.0.postinst more fault-tolerant, so that upgrading
    xen2 -> xen3 don't fail because of a running xen2 hypervisor
  * Updated the "Replaces & Conflicts"
  * Install only and correctly udev files
  * Compile date is no more in current locale
  * Add patch which add the debian version and maintainer in the version
    string and removes the banner.
  * Don't install unusable cruft in xen-utils
  * Remove libxen packages (no stable API/ABI)

 -- Julien Danjou <acid@debian.org>  Wed,  5 Apr 2006 16:05:07 +0200

xen (2.0.6-1) unstable; urgency=low

  * Patches applied upstream: non-xen-init-exit.patch, add-build.patch,
    python-install.patch, disable-html-docs.patch.
  * New upstream released.  Closes: #311336.
  * Remove comparison to UML from xen short description.  Closes: #317066.
  * Make packages conflicts with 1.2 doc debs.  Closes: #304285.
  * Add iproute to xen depends, as it uses /bin/ip.  Closes: #300488,
    #317468.

 -- Adam Heath <doogie@brainfood.com>  Wed, 06 Jul 2005 12:35:50 -0500

xen (2.0.5-3) experimental; urgency=low

  * Change priority/section to match the overrides file.

 -- Adam Heath <doogie@brainfood.com>  Fri, 18 Mar 2005 12:43:50 -0600

xen (2.0.5-2) experimental; urgency=low

  * Mike McCallister <mike+debian@metalogue.com>,
    Tommi Virtanen <tv@debian.org>, Tom Hibbert <tom@nsp.co.nz>:
    Fix missing '.' in update-rc.d call in xen.postinst.  Closes: #299384

 -- Adam Heath <doogie@brainfood.com>  Fri, 18 Mar 2005 11:39:56 -0600

xen (2.0.5-1) experimental; urgency=low

  * New upstream.
  * Remove pic-lib.patch, tools-misc-TARGETS.patch, and clean-mttr.patch
    as they have been applied upstream(in various forms).
  * xend now starts at priority 20, stops at 21, while xendomains starts
    at 21, and stops at 20.

 -- Adam Heath <doogie@brainfood.com>  Fri, 11 Mar 2005 14:33:33 -0600

xen (2.0.4-4) experimental; urgency=low

  * Bah, major booboo.  Add /boot to debian/xen.install, so xen.gz will
    get shipped.  Reported by Clint Adams <schizo@debian.org>.

 -- Adam Heath <doogie@brainfood.com>  Tue, 15 Feb 2005 13:00:57 -0600

xen (2.0.4-3) experimental; urgency=low

  * Fix file overlap(/usr/share/doc/xen/examples/*) between xen and
    xen-docs.  Reported by Tupshin Harper <tupshin@tupshin.com>.

 -- Adam Heath <doogie@brainfood.com>  Sun, 06 Feb 2005 01:22:45 -0600

xen (2.0.4-2) experimental; urgency=low

  * Fix kernel patch generation.  It was broken when I integrated with
    debian's kernel source.  I used a symlink, and diff doesn't follow
    those.

 -- Adam Heath <doogie@brainfood.com>  Sat, 05 Feb 2005 18:16:35 -0600

xen (2.0.4-1) experimental; urgency=low

  * New upstream.
  * xen.deb can now install on a plain kernel; that is, the init scripts
    exit successfully if /proc/xen/privcmd doesn't exist.  This allows
    for dual-boot setups.
  * Manpages do not yet exist xend, xenperf, xensv, xfrd, nor xm.  xend
    xfrd are daemons, and take little if any options.  I've not had a need
    to use xenperf nor xensv yet.  xm has nice built in help(xm help).
  * Upstream now requires either linux 2.4.29, or 2.6.10.  Since 2.4.29 is
    not yet in debian, disable the 2.4 patch generation.  Closes: #271245.
  * Not certain how the kernel-patch-xen was empty.  It's not now, with
    the repackaging.  Closes: #272299.
  * Xen no longer produces kernel images, so problems about missing features
    are no longer valid.  Closes: #253924.
  * Acknowledge nmu bugs:
    * No longer build-depend on gcc 3.3, as the default gcc works. Closes:
      #243048.

 -- Adam Heath <doogie@brainfood.com>  Sat, 05 Feb 2005 18:04:27 -0600

xen (2.0.3-0.1) unstable; urgency=low

  * Changes from Tommi Virtanen:
    * Added dh-kpatches and libcurl3-dev to Build-Depends.
    * Add /etc/xen/sv/params.py and /etc/xen/xend/params.py.
    * Add xmexample1 and xmexample2 to xen/doc/examples.

 -- Adam Heath <doogie@brainfood.com>  Wed, 26 Jan 2005 10:55:07 -0600

xen (2.0.3-0) unstable; urgency=low

  * New upstream.  Closes: #280733.
  * Repackaged from scratch.
  * Using unreleased patch management system.  See debian/README.build.
    * After extracting the .dsc, there are no special steps needed
    * Those wanting to change the source, use the normal procedures for
      any package, including using interdiff(or other tool) to send a
      patch to me or the bts.
  * No longer try to do anything fancy with regard to the layout of the
    built kernels.  Now, only patches are distributed.  Please make use of
    the xen support in kernel-package.
  * Early preview release to #debian-devel.

 -- Adam Heath <doogie@brainfood.com>  Tue, 25 Jan 2005 13:24:54 -0600

xen (1.2-4.1) unstable; urgency=high

  * NMU
  * Remove gcc-3.2 from Build-Depends as isn't used during build
    (Closes: #243048)

 -- Frank Lichtenheld <djpig@debian.org>  Sat, 21 Aug 2004 17:42:28 +0200

xen (1.2-4) unstable; urgency=low

  * Added xen-docs.README.Debian, which explains the kernel image layout,
    and contains references on the locations differ from what is mentioned
    by the upstream documentation.  Closes: #230345.

 -- Adam Heath <doogie@brainfood.com>  Fri, 26 Mar 2004 17:36:41 -0600

xen (1.2-3) unstable; urgency=low

  * Add kernel-source-2.4.25 and kernel-patch-debian-2.4.25 to
    Build-Depends-Indep.

 -- Adam Heath <doogie@brainfood.com>  Tue, 23 Mar 2004 20:14:39 -0600

xen (1.2-2) unstable; urgency=low

  * xen: moved /boot/xen.gz to /usr/lib/kernels/xen-i386/images/vmlinuz
  * kernel-image, kernel-modules: swapped i386/xeno to xeno/i386 in
    /usr/lib/kernels.
  * Add kernel-patch-nfs-swap deb.
  * Apply additional patches to kernel-image-xen:
    * nfs-group
    * nfs-swap

 -- Adam Heath <doogie@brainfood.com>  Thu, 04 Mar 2004 12:47:47 -0600

xen (1.2-1) unstable; urgency=low

  * Initial version.

 -- Adam Heath <doogie@brainfood.com>  Tue, 02 Mar 2004 13:21:52 -0600