New bugfixes and enhancement updates are available for the only currently supported release of XCP-ng: 8.2 LTS.
We usually queue non-critical fixes or improvements for a grouped release, to avoid unnecessary maintenance tasks on your pools. This is one such grouped release.
If your hosts were up to date up until now, you may either install the updates now or skip them and wait for the next security updates to update all at once.
This update brings bugfixes, compatibility improvements, as well as some small enhancements to a variety of components: the linux kernel, XAPI, guest templates and more.
- Bugfix: if you add SR-IOV to a VM with GPU-Passthrough enabled, the VM doesn't boot.
- Bugfix: the bond_updelay setting was ignored for LACP bonds.
- Bugfix: timing issue potentially causing packet drops at LACP renegotiation.
- Bugfix: spurious error messages were output to dead.letter
- Bugfix: fix boot failures related to IOMMU on some hardware. Bug reported by XCP-ng users (forum thread), debugged on the forum and fixed by a Xen developer.
- Bugfix: slow boot when VGA is enabled.
- Updates Intel microcode to the IPU 2022.2 release.
Note: updating your hardware's firmware always remains the preferred way to update microcode, and will take precedence over the microcode we provide in XCP-ng.
- Improvement: new
other-config:ethtool-advertiseoption added to the network commands. This allows setting the speed and duplex of a NIC as advertised by the auto-negotiation process.
- Various issues fixed.
XCP-ng Guest Tools
- Update to latest upstream code.
- Fix detection of network interfaces whose name starts with
- Add support for RHEL 9 and derivatives (Almalinux 9, Rocky Linux 9, Centos Stream 9...). Templates for these were not added yet, but templates for version 8 will work.
- For RPM-based distributions, switch the service to systemd by default (legacy RPMs are still provided for older systems without systemd).
- ⚠️ The only tools that were updated are those provided by XCP-ng through the guest tools ISO image. Tools provided in the repositories of various Linux distributions are not maintained directly by us and are thus not updated as part of this update.
- OpenSSL was rebuilt without compression support. Although compression was not offered by default and the clients that connect to port 443 of XCP-ng hosts don't enable compression by default, it's better security-wise not to support it at all (due to CRIME).
- Patch backported from RHEL 8's OpenSSL package, which fixes a potential denial of service: "CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates"
- Bugfix: when updating from Xen Orchestra, avoid installing updates from repositories that users may have enabled on XCP-ng in addition to our official update repositories (note: users should never enable additional repositories permanently).
- Bugfix: in the updater plugin again, error handling was broken: whenever an error would occur (such as a network issue preventing it from installing the updates), another error would be raised from the error handler, and thus mask the actual reason for the initial error.
- Received a fix backported from one of Citrix Hypervisor's hotfixes, which addresses a possible segmentation fault if you create a lot of snapshots at the same time.
sm ("Storage Manager")
- We fixed an issue with local ISO SRs and mountpoints: creating a local ISO SR on a directory that is a mountpoint for another filesystem would unmount it. The patch was not accepted upstream because it touches legacy code that Citrix won't support, according to the developer who answered, but we considered it safe and useful enough to apply it to XCP-ng anyway.
- The (experimental)
MooseFSstorage driver will now default to creating a subdirectory in the mounted directory, to avoid collision between several SRs using the same share.
- The update also includes the followings fix from one of Citrix Hypervisor's hotfixes:
CA-352880: when deleting an HBA SR remove the kernel devices
- Two other fixes which are hard to explain in user terms and typically don't affect the majority of users.