From: Raspbian automatic forward porter Date: Fri, 18 Dec 2020 18:13:06 +0000 (+0000) Subject: Merge version 4.14.0+80-gd101b417b7-1+rpi1 and 4.14.0+88-g1d1d1f5391-2 to produce... X-Git-Tag: archive/raspbian/4.14.0+88-g1d1d1f5391-2+rpi1^0 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22style.css//%22node%24level1.html/%22/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22style.css/%22node%24level1.html/%22?a=commitdiff_plain;h=fd3bda25c235c8ec06cf381c0adfd2a8d37f2a71;p=xen.git Merge version 4.14.0+80-gd101b417b7-1+rpi1 and 4.14.0+88-g1d1d1f5391-2 to produce 4.14.0+88-g1d1d1f5391-2+rpi1 --- fd3bda25c235c8ec06cf381c0adfd2a8d37f2a71 diff --cc debian/changelog index 22c44555c9,f712602eec..4d28162be0 --- a/debian/changelog +++ b/debian/changelog @@@ -1,15 -1,88 +1,101 @@@ - xen (4.14.0+80-gd101b417b7-1+rpi1) bullseye-staging; urgency=medium ++xen (4.14.0+88-g1d1d1f5391-2+rpi1) bullseye-staging; urgency=medium + + [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green at Sun, 30 Aug 2015 15:43:16 +0000] + * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6 + + [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green] + * Use kernel 3.18 for now as I haven't dealt with 4.x yet. + + [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green] + * Do not fail on files that are not installed. + - -- Raspbian forward porter Mon, 30 Nov 2020 02:51:13 +0000 ++ -- Raspbian forward porter Fri, 18 Dec 2020 18:13:06 +0000 ++ + xen (4.14.0+88-g1d1d1f5391-2) unstable; urgency=high + + * For now, revert "debian/rules: Set CC/LD to enable cross-building", since + it causes an FTBFS on i386. + + -- Hans van Kranenburg Tue, 15 Dec 2020 14:57:41 +0100 + + xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high + + * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains + security fixes for the following issues: + - stack corruption from XSA-346 change + XSA-355 CVE-2020-29040 (Closes: #976109) + * Apply security fixes for the following issues: + - oxenstored: permissions not checked on root node + XSA-353 CVE-2020-29479 + - xenstore watch notifications lacking permission checks + XSA-115 CVE-2020-29480 + - Xenstore: new domains inheriting existing node permissions + XSA-322 CVE-2020-29481 + - Xenstore: wrong path length check + XSA-323 CVE-2020-29482 + - Xenstore: guests can crash xenstored via watchs + XSA-324 CVE-2020-29484 + - Xenstore: guests can disturb domain cleanup + XSA-325 CVE-2020-29483 + - oxenstored memory leak in reset_watches + XSA-330 CVE-2020-29485 + - oxenstored: node ownership can be changed by unprivileged clients + XSA-352 CVE-2020-29486 + - undue recursion in x86 HVM context switch code + XSA-348 CVE-2020-29566 + - infinite loop when cleaning up IRQ vectors + XSA-356 CVE-2020-29567 + - FIFO event channels control block related ordering + XSA-358 CVE-2020-29570 + - FIFO event channels control structure ordering + XSA-359 CVE-2020-29571 + * Note that the following XSA are not listed, because... + - XSA-349 and XSA-350 have patches for the Linux kernel + - XSA-354 has patches for the XAPI toolstack + + Packaging bugfixes and improvements: + * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611) + * Add missing CVE numbers to the previous changelog entries + + Packaging bugfixes and improvements [Elliott Mitchell]: + * d/shuffle-binaries: Make error detection/message overt + * d/shuffle-binaries: Add quoting for potentially changeable variables + * d/shuffle-boot-files: Add lots of double-quotes when handling variables + * debian/rules: Set CC/LD to enable cross-building + * debian/xen.init: Load xen_acpi_processor on boot + * d/shuffle-binaries: Remove useless extra argument being passed in + + Packaging bugfixes and improvements [Maximilian Engelhardt]: + * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required + (Closes: #862408) + * d/xen-hypervisor-V-F.postrm: actually install script + * d/xen-hypervisor-V.*: clean up unused files + * d/xen-hypervisor-V.bug-control.vsn-in: actually install script + * debian/rules: enable verbose build + + Fixes to patches for upstream code: + * t/h/L/vif-common.sh: force handle_iptable return value to be 0 + (Closes: #955994) + + * Pick the following upstream commits to improve Raspberry Pi 4 support, + requested by Elliott Mitchell: + - 25849c8b16 ("xen/rpi4: implement watchdog-based reset") + - 17d192e023 ("tools/python: Pass linker to Python build process") + - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent") + - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and + acpi_os_unmap_memory()") + - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared + during failure/unmap") + - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before + initializing Dom0less") + - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it") + - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro") + - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug + trap") + + * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik. + + -- Hans van Kranenburg Tue, 15 Dec 2020 13:00:00 +0100 xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium diff --cc debian/patches/series index d12532455a,dfd56beda3..9bc28a9227 --- a/debian/patches/series +++ b/debian/patches/series @@@ -23,4 -23,44 +23,45 @@@ misc/toolstestsx86_emulator-pass--no-pi 0023-tools-xl-bash-completion-also-complete-xen.patch 0024-tools-don-t-build-ship-xenmon.patch 0025-tools-Partially-revert-Cross-compilation-fixes.patch + 0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch + 0027-xen-rpi4-implement-watchdog-based-reset.patch + 0028-tools-python-Pass-linker-to-Python-build-process.patch + 0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch + 0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch + 0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch + 0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch + 0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch + 0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch + 0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch + 0036-fix-spelling-errors.patch + 0037-tools-ocaml-xenstored-do-permission-checks-on-xensto.patch + 0038-tools-xenstore-allow-removing-child-of-a-node-exceed.patch + 0039-tools-xenstore-ignore-transaction-id-for-un-watch.patch + 0040-tools-xenstore-fix-node-accounting-after-failed-node.patch + 0041-tools-xenstore-simplify-and-rename-check_event_node.patch + 0042-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTR.patch + 0043-tools-xenstore-rework-node-removal.patch + 0044-tools-xenstore-fire-watches-only-when-removing-a-spe.patch + 0045-tools-xenstore-introduce-node_perms-structure.patch + 0046-tools-xenstore-allow-special-watches-for-privileged-.patch + 0047-tools-xenstore-avoid-watch-events-for-nodes-without-.patch + 0048-tools-ocaml-xenstored-ignore-transaction-id-for-un-w.patch + 0049-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMA.patch + 0050-tools-ocaml-xenstored-unify-watch-firing.patch + 0051-tools-ocaml-xenstored-introduce-permissions-for-spec.patch + 0052-tools-ocaml-xenstored-avoid-watch-events-for-nodes-w.patch + 0053-tools-ocaml-xenstored-add-xenstored.conf-flag-to-tur.patch + 0054-tools-xenstore-revoke-access-rights-for-removed-doma.patch + 0055-tools-ocaml-xenstored-clean-up-permissions-for-dead-.patch + 0056-tools-ocaml-xenstored-Fix-path-length-validation.patch + 0057-tools-xenstore-drop-watch-event-messages-exceeding-m.patch + 0058-tools-xenstore-Preserve-bad-client-until-they-are-de.patch + 0059-tools-ocaml-xenstored-delete-watch-from-trie-too-whe.patch + 0060-tools-ocaml-xenstored-only-Dom0-can-change-node-owne.patch + 0061-x86-replace-reset_stack_and_jump_nolp.patch + 0062-x86-fold-guest_idle_loop-into-idle_loop.patch + 0063-x86-avoid-calling-svm-vmx-_do_resume.patch + 0064-x86-irq-fix-infinite-loop-in-irq_move_cleanup_interr.patch + 0065-evtchn-FIFO-re-order-and-synchronize-with-map_contro.patch + 0066-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from.patch +armv6.diff