dgit.raspbian.org Git - xen.git/commit

xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium

  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error

  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.

  [ John Keates ]
  * Enable OVMF (Closes: #858962)

[dgit import unpatched xen 4.11.1~pre+1.733450b39b-1~exp1]

author	Hans van Kranenburg <hans@knorrie.org>
	Sun, 8 Jul 2018 12:30:32 +0000 (13:30 +0100)
committer	Hans van Kranenburg <hans@knorrie.org>
	Sun, 8 Jul 2018 12:30:32 +0000 (13:30 +0100)
commit	a77e58f93b232a79c9314c3c34b676f9a65fb0f5
tree	6412bbd0b7e2994cf0a43a350bf7b98c28fe41d0	tree \| snapshot
parent	8c283944d676b5d37f4e8e8e80ea52337f1aeb61	commit \| diff
parent	d53ae335e0af492ab92d61f5f9efadda646f2cb7	commit \| diff

debian/README.md	\|	\|	blob
debian/README.source.md	\|	\|	blob
debian/arch/amd64/defines	\|	\|	blob
debian/arch/arm64/defines	\|	\|	blob
debian/arch/armhf/defines	\|	\|	blob
debian/arch/defines	\|	\|	blob
debian/arch/i386/defines	\|	\|	blob
debian/bin/check-patches.sh	\|	\|	blob
debian/bin/gencontrol.py	\|	\|	blob
debian/bin/genorig.py	\|	\|	blob
debian/changelog	\|	\|	blob
debian/compat	\|	\|	blob
debian/control	\|	\|	blob
debian/control.md5sum	\|	\|	blob
debian/copyright	\|	\|	blob
debian/lib/python/debian_linux/__init__.py	\|	\|	blob
debian/lib/python/debian_linux/abi.py	\|	\|	blob
debian/lib/python/debian_linux/config.py	\|	\|	blob
debian/lib/python/debian_linux/debian.py	\|	\|	blob
debian/lib/python/debian_linux/firmware.py	\|	\|	blob
debian/lib/python/debian_linux/gencontrol.py	\|	\|	blob
debian/lib/python/debian_linux/kconfig.py	\|	\|	blob
debian/lib/python/debian_linux/patches.py	\|	\|	blob
debian/lib/python/debian_linux/utils.py	\|	\|	blob
debian/lib/python/debian_xen/__init__.py	\|	\|	blob
debian/lib/python/debian_xen/debian.py	\|	\|	blob
debian/libxen-dev.install	\|	\|	blob
debian/libxenstore3.0.install	\|	\|	blob
debian/libxenstore3.0.symbols	\|	\|	blob
debian/patches/misc/tools-include-install.diff	\|	\|	blob
debian/patches/misc/tools-pygrub-remove-static-solaris-support	\|	\|	blob
debian/patches/misc/tools-xenmon-install.diff	\|	\|	blob
debian/patches/misc/tools-xentop-replace-use-of-deprecated-vwprintw.patch	\|	\|	blob
debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch	\|	\|	blob
debian/patches/misc/version.diff	\|	\|	blob
debian/patches/prefix-abiname/config-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-blktap2-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-console-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-libfsimage-abiname.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-libfsimage-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-libxc-abiname.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-libxl-abiname.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-libxl-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-misc-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-pygrub-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-python-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-rpath.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xcutils-rpath.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenmon-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenpaging-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenpmd-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenstat-abiname.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenstat-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xenstore-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/tools-xentoolcore-abiname.patch	\|	\|	blob
debian/patches/prefix-abiname/tools-xentrace-prefix.diff	\|	\|	blob
debian/patches/prefix-abiname/ubuntu-tools-libs-abiname.diff	\|	\|	blob
debian/patches/series	\|	\|	blob
debian/patches/xenstore/tools-fake-xs-restrict.patch	\|	\|	blob
debian/patches/xenstore/tools-xenstore-compatibility.diff	\|	\|	blob
debian/pycompat	\|	\|	blob
debian/rules	\|	\|	blob
debian/rules.defs	\|	\|	blob
debian/rules.gen	\|	\|	blob
debian/rules.real	\|	\|	blob
debian/scripts/Makefile	\|	\|	blob
debian/scripts/qemu-ifup	\|	\|	blob
debian/scripts/xen	\|	\|	blob
debian/scripts/xen-dir	\|	\|	blob
debian/scripts/xen-init-list	\|	\|	blob
debian/scripts/xen-init-name	\|	\|	blob
debian/scripts/xen-toolstack	\|	\|	blob
debian/scripts/xen-toolstack-wrapper	\|	\|	blob
debian/scripts/xen-utils-wrapper	\|	\|	blob
debian/scripts/xen-version	\|	\|	blob
debian/source/format	\|	\|	blob
debian/templates/control.hypervisor.in	\|	\|	blob
debian/templates/control.main.in	\|	\|	blob
debian/templates/control.source.in	\|	\|	blob
debian/templates/control.system.latest.in	\|	\|	blob
debian/templates/control.utils.in	\|	\|	blob
debian/templates/libxen.bug/control	\|	\|	blob
debian/templates/xen-hypervisor.bug/control	\|	\|	blob
debian/templates/xen-hypervisor.postinst.in	\|	\|	blob
debian/templates/xen-hypervisor.postrm.in	\|	\|	blob
debian/templates/xen-utils.bug/control	\|	\|	blob
debian/templates/xen-utils.lintian-overrides.in	\|	\|	blob
debian/templates/xen-utils.postinst.in	\|	\|	blob
debian/templates/xen-utils.prerm.in	\|	\|	blob
debian/tree/xen-hypervisor-common/etc/default/grub.d/xen.cfg	\|	\|	blob
debian/tree/xen-utils-common/etc/xen/xend-config.sxp	\|	\|	blob
debian/tree/xen-utils-common/etc/xen/xend-pci-permissive.sxp	\|	\|	blob
debian/tree/xen-utils-common/etc/xen/xend-pci-quirks.sxp	\|	\|	blob
debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen	\|	\|	blob
debian/xen-hypervisor-4.11-amd64.postinst	\|	\|	blob
debian/xen-hypervisor-4.11-amd64.postrm	\|	\|	blob
debian/xen-hypervisor-4.11-arm64.postinst	\|	\|	blob
debian/xen-hypervisor-4.11-arm64.postrm	\|	\|	blob
debian/xen-hypervisor-4.11-armhf.postinst	\|	\|	blob
debian/xen-hypervisor-4.11-armhf.postrm	\|	\|	blob
debian/xen-hypervisor-common.install	\|	\|	blob
debian/xen-utils-4.11.lintian-overrides	\|	\|	blob
debian/xen-utils-4.11.postinst	\|	\|	blob
debian/xen-utils-4.11.prerm	\|	\|	blob
debian/xen-utils-common.README.Debian	\|	\|	blob
debian/xen-utils-common.dirs	\|	\|	blob
debian/xen-utils-common.examples	\|	\|	blob
debian/xen-utils-common.install	\|	\|	blob
debian/xen-utils-common.postinst	\|	\|	blob
debian/xen-utils-common.postrm	\|	\|	blob
debian/xen-utils-common.preinst	\|	\|	blob
debian/xen-utils-common.ucf	\|	\|	blob
debian/xen-utils-common.xen.init	\|	\|	blob
debian/xen-utils-common.xend.default	\|	\|	blob
debian/xen-utils-common.xendomains.default	\|	\|	blob
debian/xen-utils-common.xendomains.init	\|	\|	blob
debian/xen-utils.NEWS	\|	\|	blob
debian/xen-utils.README.Debian	\|	\|	blob
debian/xenstore-utils.install	\|	\|	blob