On 31.08.2016 10:43, Stefan Bader wrote:> On 30.08.2016 18:56, Ian Jackson wrote: >> Hi. I've been looking at the BTS and PTS and security tracker, and it >> looks like maybe you could do with some help ? >> >> Issues I noticed include: >> >> * 4.7, the latest Xen upstream release, is not in sid > > If it is of any help, I did some initial work with 4.7[1]. You would have to > work around some distro specific things but I tried to keep them at a minimum. > Some things might be useful (like starting qemu for dom0, having xenstored in > its own sysvinit file. the sysvinit dependency hinting). One thing I still have > to fix is to have abiname style changes for the new libs.FWIW, I think I got the library naming cleaned up now (~rc5). Slightly different approach as I had to either keep the major.minor .so versions (I believe because of the map files) or libvirt would fail to compile against the xen lib. -Stefan> > -Stefan > > > [1] https://launchpad.net/~smb/+archive/ubuntu/xen/+packages >> >> * Even leaving that aside, sid doesn't seem to have all the security >> fixes which ought to be expected. >> >> * The BTS could do with a bit of gardening, perhaps. >> >> Please let me know what, if anything, you think you would like help >> with. >> >> FYI I also looked at security-tracker.debian.org pages for all the >> unfixed vulnerabilities in wheezy and jessie, and I think the >> decisions not to backport those fixes are reasonable in each case. >> >> Thanks, >> Ian. >>-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20160831/b9f668ed/attachment.sig>
Stefan Bader writes ("Re: [Pkg-xen-devel] Help wanted with Debian Xen packages ?"):> FWIW, I think I got the library naming cleaned up now > (~rc5). Slightly different approach as I had to either keep the > major.minor .so versions (I believe because of the map files) or > libvirt would fail to compile against the xen lib.I haven't looked at this but it sounds annoying. Xen 4.8 is freezing RSN. I would like to get Xen 4.8 into stretch. I think we should probably be aiming to upload a lateish Xen 4.8 RC into stretch when it comes out. Xen 4.8.0 will have been out for a while by the Debian soft freeze in January. Getting 4.8 into sid and stretch will also mean that the recent security vulnerabilities will be fixed; currently stretch is in rather poor shape. Ian.
On 27.09.2016 17:07, Ian Jackson wrote:> Stefan Bader writes ("Re: [Pkg-xen-devel] Help wanted with Debian Xen packages ?"): >> FWIW, I think I got the library naming cleaned up now >> (~rc5). Slightly different approach as I had to either keep the >> major.minor .so versions (I believe because of the map files) or >> libvirt would fail to compile against the xen lib. > > I haven't looked at this but it sounds annoying.Though I would not say I am very proficient in this area, it feels like the soversioning and map files are moves into a better direction. The existing ones which get renamed and drop the soversion were just using the Xen version for that, regardless of what functions were kept or changed. The new ones seem to go for soversions that change only when the api changes. So having the rename plus keeping the soversion of the new libs felt like the best compromise. The renaming allows to have multiple versions of libxen installed. Which became more problematic with libxl. Not when only the xen toolstack is used, but with other packages linking against (one version of) it. Like libvirt, it will either work or not, depending on which version of the hypervisor is running and against which version of libxl it got compiled against.> > Xen 4.8 is freezing RSN. I would like to get Xen 4.8 into stretch. I > think we should probably be aiming to upload a lateish Xen 4.8 RC into > stretch when it comes out. Xen 4.8.0 will have been out for a while > by the Debian soft freeze in January. Getting 4.8 into sid and > stretch will also mean that the recent security vulnerabilities will > be fixed; currently stretch is in rather poor shape.Yeah, its lagging quite a bit. Moving there will face the same lib issues. Not sure whether the src deb from my ppa would be a help to start from. Some of the debian patches will always have to be refreshed manually, but at least some of the no longer needed ones would be gone from there. What likely needs better review is some of the new things which I did not pick for the binary package because they were not used before and nothing seemed to complain about them missing (like some fsimage lib IIRC). -Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20160930/b5048059/attachment.sig>