XSAs 170 And 154, Repository Layouts, And CentOS-release-xen 8-1

Home » CentOS-Virt » XSAs 170 And 154, Repository Layouts, And CentOS-release-xen 8-1
CentOS-Virt 10 Comments

I have the following packages going through the CBS:
* A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154
* A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154
* A CentOS 6 xen-4.4.3-11, with XSAs 170

All these should show up in mirrors hopefully sometime later today. As usual, please report any problems here.

Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I
didn’t have a suitable backport of XSA-154. It’s only applicable when PCI-passthrough is in effect, so it’s not that critical.

Additionally, we’ve moved to the new repository layout. Repositories will now be tagged with the release; so C6 will have xen-44 and xen-46, and C7 will have xen-46. For now, the existing xen/
repository will be a symlink — to xen-44 for C6 and to xen-46 for C7.

There will be new CentOS-release-xen packages coming down the line. As described elsewhere:

* CentOS-release-xen-44 will always point to the xen-44 repository
* CentOS-release-xen-46 will always point to the xen-46 repository
* CentOS-release-xen will (normally) point to whatever the most recent release is.

For the time being, the C6 version of CentOS-release-xen will remain pointing to xen-44.

These packages can be installed at the same time; yum will choose the most recent release of all available.

= What you need to do (C6 users only)
* If you want to stay on xen-44:

yum install CentOS-release-xen-44
yum remove CentOS-release-xen

* If you want to update to xen-46 and stay there until you choose to update:

yum install CentOS-release-xen-46
yum remove CentOS-release-xen

* If you want to update to xen-46, and also get further updates automatically:

yum install CentOS-release-xen-46

= What you need to do (C7 users)
Much less urgent, since we don’t plan to upgrade until 4.8, but:

* If you want to stay on 46 until you choose to update:

yum install CentOS-release-xen-46
yum remove CentOS-release-xen

* If you want to get further updates automatically:

Do nothing, you’re already set.

10 thoughts on - XSAs 170 And 154, Repository Layouts, And CentOS-release-xen 8-1

  • I now have a build of Xen 4.4 with XSA-154 going through the build system. For users who need it, it should be available on buildlogs
    (via CentOS-virt-xen-testing) sometime later this afternoon. The signed version on mirrors may be delayed until tomorrow.

    And that really will be the last Xen 4.4 XSA update I personally port. :-)

    However, if anyone wants to push any further changes to 4.4, feel free to send a pull request to this tree:

    https://github.com/CentOS-virt7/xen

    And I’ll be happy to review it and push it through the CBS. I’ve made a detailed how-to, so hopefully it shouldn’t be too difficult.

    Peace,
    -George

  • For C6 users:

    Would this be instead (to get latest and always stay one latest):

    yum remove CentOS-release-xen44 CentOS-release-xen46
    yum install CentOS-release-xen

    (instead of installing CentOS-release-xen46)

  • As discussed on this list in the past .. the SIG in general is going to maintain 1 version of xen current for each CentOS version. And the goal currently (as I understand it) is to move to every even point release, if that release works within the gcc/glibc parameters for that CentOS
    Version.

    So, xen 4.8 will be the one following 4.6, etc.

    That means that the older versions (ie 4.4 on CentOS-6) will be orphaned if someone from the community does not step up, join the SIG, and maintain the packages.

    Specifically for Xen-4.4.x on CentOS-6, I will maintain that so long as upstream xenproject.org continues to produce XSA patches for Xen-4.4. Once xenproject.org stops support for xen-4.4 then an announcement will be made and that branch will stop being updated.

    Thanks, Johnny Hughes

  • you dont need that CentOS-release-xen anymore.

    once there is enough traction, the ‘xen’ repo itself will go away ( its a symlink right now, pointing to the latest xen-XX in each of the CentOS
    repos )

    Regards

  • Domains using the distribution provided pvgrub won’t boot after upgrade.

    Old location of pvgrub:

    /usr/lib/xen/boot/pv-grub-x86_32.gz
    /usr/lib/xen/boot/pv-grub-x86_64.gz

    New location of pvgrub:

    /usr/lib64/xen/boot/pv-grub-x86_32.gz
    /usr/lib64/xen/boot/pv-grub-x86_64.gz

  • Long-term, yes. :-) But for the time being, CentOS-release-xen still points to 4.4, so if you want 4.6, you have to install the 46 package.

    The idea is to give people currently on 4.4, who may want to *stay* on
    4.4, a window to notice (and test) the new CentOS-release-xen-44
    package before having CentOS-release-xen automatically update.

    -George

  • FYI I’ve got a new version that provides symbolic links for backwards compatibility which should have hit buildlogs (aka CentOS-virt-xen-testing) two hours ago, but hasn’t for some reason…

    -George

  • can you check and let me know – I’ve looked at the pending queues a few minutes back and found nothing there. So anything due to buildlogs or cdn should be pushed already

    regards