Team - OS Platform & Release

Private

Posts

  • RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!

    @flakpyro There's also a chance this is a XAPI issue. CC @andriy.sultanov

  • RE: Early testable PVH support
  • RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!

    @Forza said in XSA-468: multiple Windows PV driver vulnerabilities - update now!:

    Hi,

    It is not clear to me if the old XCP-ng PV drivers (8.2.2.200-RC1) are affected or not. How should we proceed if they are?

    Do others share this feeling and have this question after re-reading the whole announcement?

  • RE: XCP-ng 8.3 updates announcements and testing

    So, we owe a very big thank you to everyone here for your tests and feedback. The numerous updates that were in the xcp-ng-testing repository are now officially published to everyone:

    https://xcp-ng.org/blog/2025/05/26/may-2025-maintenance-update-for-xcp-ng-8-3/

    But stay with us, as very soon we'll have a few more updates to test, as well as refreshed installation ISOs!

  • RE: XCP-ng 8.3 updates announcements and testing

    @Andrew What does a regular linux distro output as a version for the driver? I've been told there's no version in the source code, so does it output anything?

  • RE: XCP-ng 8.3 updates announcements and testing

    @Andrew Thanks for noticing that. CC @ThierryEscande

  • RE: XCP-ng 8.3 updates announcements and testing

    @flakpyro No, I'm waiting for more feedback from the devs. All I have from them for now is it looks like either a firmware or a passthrough issue. I don't think we have changed anything to fix it.

  • RE: XCP-ng 8.3 updates announcements and testing

    New update update candidates for you to test!

    Unless major issues are found, this should be the last wave of update candidates before we publish everything as official updates for XCP-ng 8.3.

    • cifs-utils: update and rebuild based on the sources for the RHEL9 package. This fixes several low priority CVEs (in the context of XCP-ng) and will make future vulnerability patching easier.
    • curl: update to version 8.9.1, based on RHEL 10 package, and apply an additional fix for CVE-2024-8096 (low impact in XCP-ng context).
    • intel-e1000e: major driver update, backported from Linux kernel 5.10.179, to fix issues with recent hardware.
    • kernel: Fix support of dynamic tracepoints when debugging the dom0 Linux kernel with the perf tool
    • ncurses: Revert -devel package ABI to version 5 to avoid potential library conflicts in packages built against it
    • openssh: rebuild against updated ncurses package
    • python3-docutils: new dependency of cifs-utils
    • samba:
      • Fix CVE-2016-2124, a flaw on SMB1 auth. An attacker could retrieve the password by using NT1.
      • Fix CVE-2021-44142, an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code by using VFS_fruit module.
    • systemtap: rebuild against updated ncurses package
    • xapi: Remove pvsproxy.service from the list of units restarted on xcp-rrdd update. The service in question attempts to start a proprietary component from XenServer that isn't present in XCP-ng, which led to displaying a not so pretty error in the logs.
    • xcp-ng-release: Enable missing xcp-rrdd plugins by default. Yes, failure to do so was what caused the empty stats issue you have been seeing in previous update candidates.
    • xen: rebuild against updated ncurses package + some fixes.
    • xo-lite: Update to 0.10.1.

    Test on XCP-ng 8.3

    From an up-to-date host:

    yum clean metadata --enablerepo=xcp-ng-testing
    yum update --enablerepo=xcp-ng-testing
    reboot
    

    The usual update rules apply: pool coordinator first, etc.

    Versions

    • cifs-utils: 7.1-2.1
    • curl: 8.9.1-5.1.xcpng8.3
    • intel-e1000e: 5.10.179-1.xcpng8.3
    • kernel: 4.19.19-8.0.38.2.xcpng8.3
    • ncurses: 6.4-6.20240309.xcpng8.3
    • openssh: 7.4p1-23.3.3.xcpng8.3
    • python3-docutils: 0.14-1.el7
    • samba: 4.10.16-25.1.xcpng8.3
    • systemtap: 4.0-5.2.xcpng8.3
    • xapi: 25.6.0-1.5.xcpng8.3
    • xcp-ng-release: 8.3.0-32
    • xen: 4.17.5-10.1.xcpng8.3
    • xo-lite: 0.10.1-1.xcpng8.3

    What to test

    Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

    Special focus:

    • We updated the e1000e driver. If you have Intel PCI-Express network chipsets, please test this update and verify that network connectivity and features that you depend on work as expected.
    • SMB shares and SRs.
    • yum still appearing to work correctly after the update.
    • SSH connection to hosts.
    • Stats. But I'm sure that's the first thing several among you will test already.

    Test window before official release of the updates

    Around one week, unless major issues are found.

  • RE: XCP-ng 8.3 updates announcements and testing

    Yes update candidates that were not urgent security fixes are still in the xcp-ng-testing repository (and more is coming soon, today or on
    monday).

  • RE: XCP-ng 8.3 updates announcements and testing

    Just to be sure, is there an issue for us to investigate here, or expected failure due to version mismatch?

Member List