George Dunlap
2016-Feb-17 12:30 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
I have the following packages going through the CBS: * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.4.3-11, with XSAs 170 All these should show up in mirrors hopefully sometime later today. As usual, please report any problems here. Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I didn't have a suitable backport of XSA-154. It's only applicable when PCI-passthrough is in effect, so it's not that critical. Additionally, we've moved to the new repository layout. Repositories will now be tagged with the release; so C6 will have xen-44 and xen-46, and C7 will have xen-46. For now, the existing xen/ repository will be a symlink -- to xen-44 for C6 and to xen-46 for C7. There will be new centos-release-xen packages coming down the line. As described elsewhere: * centos-release-xen-44 will always point to the xen-44 repository * centos-release-xen-46 will always point to the xen-46 repository * centos-release-xen will (normally) point to whatever the most recent release is. For the time being, the C6 version of centos-release-xen will remain pointing to xen-44. These packages can be installed at the same time; yum will choose the most recent release of all available. = What you need to do (C6 users only) * If you want to stay on xen-44: yum install centos-release-xen-44 yum remove centos-release-xen * If you want to update to xen-46 and stay there until you choose to update: yum install centos-release-xen-46 yum remove centos-release-xen * If you want to update to xen-46, and also get further updates automatically: yum install centos-release-xen-46 = What you need to do (C7 users) Much less urgent, since we don't plan to upgrade until 4.8, but: * If you want to stay on 46 until you choose to update: yum install centos-release-xen-46 yum remove centos-release-xen * If you want to get further updates automatically: Do nothing, you're already set.
George Dunlap
2016-Feb-17 13:04 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On Wed, Feb 17, 2016 at 12:30 PM, George Dunlap <dunlapg at umich.edu> wrote:> I have the following packages going through the CBS: > * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.4.3-11, with XSAs 170 > > All these should show up in mirrors hopefully sometime later today. > As usual, please report any problems here. > > Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I > didn't have a suitable backport of XSA-154. It's only applicable when > PCI-passthrough is in effect, so it's not that critical.I now have a build of Xen 4.4 with XSA-154 going through the build system. For users who need it, it should be available on buildlogs (via centos-virt-xen-testing) sometime later this afternoon. The signed version on mirrors may be delayed until tomorrow. And that really will be the last Xen 4.4 XSA update I personally port. :-) However, if anyone wants to push any further changes to 4.4, feel free to send a pull request to this tree: https://github.com/CentOS-virt7/xen And I'll be happy to review it and push it through the CBS. I've made a detailed how-to, so hopefully it shouldn't be too difficult. Peace, -George
Pasi Kärkkäinen
2016-Feb-17 17:52 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On Wed, Feb 17, 2016 at 01:04:08PM +0000, George Dunlap wrote:> On Wed, Feb 17, 2016 at 12:30 PM, George Dunlap <dunlapg at umich.edu> wrote: > > I have the following packages going through the CBS: > > * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 > > * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 > > * A CentOS 6 xen-4.4.3-11, with XSAs 170 > > > > All these should show up in mirrors hopefully sometime later today. > > As usual, please report any problems here. > > > > Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I > > didn't have a suitable backport of XSA-154. It's only applicable when > > PCI-passthrough is in effect, so it's not that critical. > > I now have a build of Xen 4.4 with XSA-154 going through the build > system. For users who need it, it should be available on buildlogs > (via centos-virt-xen-testing) sometime later this afternoon. The > signed version on mirrors may be delayed until tomorrow. >Great!> And that really will be the last Xen 4.4 XSA update I personally port. :-) >:)> However, if anyone wants to push any further changes to 4.4, feel free > to send a pull request to this tree: > > https://github.com/CentOS-virt7/xen > > And I'll be happy to review it and push it through the CBS. I've made > a detailed how-to, so hopefully it shouldn't be too difficult. >Thanks a lot! Howto looks good. -- Pasi> Peace, > -George
Johnny Hughes
2016-Feb-18 13:57 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On 02/17/2016 06:30 AM, George Dunlap wrote: <snip> For C6 users:> * If you want to update to xen-46, and also get further updates automatically: > > yum install centos-release-xen-46Would this be instead (to get latest and always stay one latest): yum remove centos-release-xen44 centos-release-xen46 yum install centos-release-xen (instead of installing centos-release-xen46) <snip> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160218/428f9605/attachment-0002.sig>
Johnny Hughes
2016-Feb-18 14:18 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On 02/18/2016 07:57 AM, Johnny Hughes wrote:> On 02/17/2016 06:30 AM, George Dunlap wrote: > > <snip> > > For C6 users: > >> * If you want to update to xen-46, and also get further updates automatically: >> >> yum install centos-release-xen-46 > > Would this be instead (to get latest and always stay one latest): > > yum remove centos-release-xen44 centos-release-xen46 > yum install centos-release-xen > > (instead of installing centos-release-xen46) > > <snip>As discussed on this list in the past .. the SIG in general is going to maintain 1 version of xen current for each CentOS version. And the goal currently (as I understand it) is to move to every even point release, if that release works within the gcc/glibc parameters for that CentOS Version. So, xen 4.8 will be the one following 4.6, etc. That means that the older versions (ie 4.4 on CentOS-6) will be orphaned if someone from the community does not step up, join the SIG, and maintain the packages. Specifically for Xen-4.4.x on CentOS-6, I will maintain that so long as upstream xenproject.org continues to produce XSA patches for Xen-4.4. Once xenproject.org stops support for xen-4.4 then an announcement will be made and that branch will stop being updated. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160218/7181c754/attachment-0002.sig>
Karanbir Singh
2016-Feb-19 17:50 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On 18/02/16 13:57, Johnny Hughes wrote:> On 02/17/2016 06:30 AM, George Dunlap wrote: > > <snip> > > For C6 users: > >> * If you want to update to xen-46, and also get further updates automatically: >> >> yum install centos-release-xen-46 > > Would this be instead (to get latest and always stay one latest): > > yum remove centos-release-xen44 centos-release-xen46 > yum install centos-release-xenyou dont need that centos-release-xen anymore. once there is enough traction, the 'xen' repo itself will go away ( its a symlink right now, pointing to the latest xen-XX in each of the centos repos ) Regards -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc
Sarah Newman
2016-Feb-20 21:24 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On 02/17/2016 04:30 AM, George Dunlap wrote:> I have the following packages going through the CBS: > * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.4.3-11, with XSAs 170 > > All these should show up in mirrors hopefully sometime later today. > As usual, please report any problems here.Domains using the distribution provided pvgrub won't boot after upgrade. Old location of pvgrub: /usr/lib/xen/boot/pv-grub-x86_32.gz /usr/lib/xen/boot/pv-grub-x86_64.gz New location of pvgrub: /usr/lib64/xen/boot/pv-grub-x86_32.gz /usr/lib64/xen/boot/pv-grub-x86_64.gz
George Dunlap
2016-Feb-22 11:53 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On Thu, Feb 18, 2016 at 1:57 PM, Johnny Hughes <johnny at centos.org> wrote:> On 02/17/2016 06:30 AM, George Dunlap wrote: > > <snip> > > For C6 users: > >> * If you want to update to xen-46, and also get further updates automatically: >> >> yum install centos-release-xen-46 > > Would this be instead (to get latest and always stay one latest): > > yum remove centos-release-xen44 centos-release-xen46 > yum install centos-release-xen > > (instead of installing centos-release-xen46)Long-term, yes. :-) But for the time being, centos-release-xen still points to 4.4, so if you want 4.6, you have to install the 46 package. The idea is to give people currently on 4.4, who may want to *stay* on 4.4, a window to notice (and test) the new centos-release-xen-44 package before having centos-release-xen automatically update. -George
George Dunlap
2016-Feb-23 15:04 UTC
[CentOS-virt] XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
On Sat, Feb 20, 2016 at 9:24 PM, Sarah Newman <srn at prgmr.com> wrote:> On 02/17/2016 04:30 AM, George Dunlap wrote: >> I have the following packages going through the CBS: >> * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 >> * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 >> * A CentOS 6 xen-4.4.3-11, with XSAs 170 >> >> All these should show up in mirrors hopefully sometime later today. >> As usual, please report any problems here. > > Domains using the distribution provided pvgrub won't boot after upgrade. > > Old location of pvgrub: > > /usr/lib/xen/boot/pv-grub-x86_32.gz > /usr/lib/xen/boot/pv-grub-x86_64.gz > > New location of pvgrub: > > /usr/lib64/xen/boot/pv-grub-x86_32.gz > /usr/lib64/xen/boot/pv-grub-x86_64.gzFYI I've got a new version that provides symbolic links for backwards compatibility which should have hit buildlogs (aka centos-virt-xen-testing) two hours ago, but hasn't for some reason... -George
Seemingly Similar Threads
- XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
- XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
- XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
- XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
- CentOS-virt - Kernel Side-Channel Attacks