Merge version 4.8.1-1+rpi1+deb9u1 and 4.8.1-1+deb9u3 to produce 4.8.1-1+rpi1+deb9u3

diff --cc debian/changelog
index cef38a046533ff887543e228133962545b777f76,e5badb3f8a4870ecb7f0cc9d686e75a9b58a86a7..48f4ad1eed4495c2ca368bf90ff00b9129205e4c
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,25 +1,38 @@@
- xen (4.8.1-1+rpi1+deb9u1) stretch-staging; urgency=medium
++xen (4.8.1-1+rpi1+deb9u3) stretch-staging; urgency=medium
 +
 +  [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
 +  * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
 +  
 +  [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
 +  * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
 +
 +  [changes introduced in 4.8.0-1+rpi1 by Peter Micheal Green]
 +  * Add build-depends on ghostscript.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 04 May 2017 21:08:45 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 14 Sep 2017 17:51:21 +0000
++
+ xen (4.8.1-1+deb9u3) stretch-security; urgency=high
+ 
+   * Security fixes for
+       XSA-226 CVE-2017-12135
+       XSA-227 CVE-2017-12137
+       XSA-228 CVE-2017-12136
+       XSA-230 CVE-2017-12855
+       XSA-235 (no CVE yet)
+   * Adjust changelog entry for 4.8.1-1+deb9u2 to record
+     that XSA-225 fix was indeed included.
+   * Security fix for XSA-229 not included as that bug is in Linux, not Xen.
+   * Security fixes for XSA-231..234 inc. not inclued as still embargoed.
+ 
+  -- Ian Jackson <ian.jackson@eu.citrix.com>  Thu, 07 Sep 2017 19:17:58 +0100
+ 
+ xen (4.8.1-1+deb9u2) stretch-security; urgency=high
+ 
+   * Security fixes for
+       XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
+       XSA-221 XSA-222 XSA-223 XSA-224 XSA-225
+ 
+  -- Ian Jackson <ian.jackson@eu.citrix.com>  Tue, 20 Jun 2017 14:06:34 +0100
  
  xen (4.8.1-1+deb9u1) unstable; urgency=medium
  

diff --cc debian/patches/series
index e7b2191190002b24f30e9b1751b544b53d56109e,494c81367365ca2f2c81aef9d6ea05a32bd62836..f1bdd5ce3dc8b85062040bd0886843cb4f240fb9
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -28,4 -28,24 +28,25 @@@ ubuntu-tools-libs-abiname.dif
  toolstestsx86_emulator-pass--no-pie--fno
  multicall-deal-with-early-exit-condition
  x86-discard-type-information-when-steali
+ x86mm-disallow-page-stealing-from-hvm-do
+ gnttab-fix-unmap-pin-accounting-race
+ gnttab-avoid-potential-double-put-of-map
+ gnttab-correct-maptrack-table-accesses
+ x86shadow-hold-references-for-the-durati
+ x86-avoid-leaking-pkru-and-bnd-between-v
+ evtchn-avoid-null-derefs
+ xenmemory-fix-return-value-handing-of-gu
+ guest_physmap_remove_page-needs-its-retu
+ arm-vgic-dont-update-the-lr-when-the-irq
+ gnttab-fix-handling-of-dev_bus_addr-duri
+ gnttab-never-create-host-mapping-unless-
+ gnttab-correct-logic-to-get-page-referen
+ gnttab-__gnttab_unmap_common_complete-is
+ xenarm-vgic-sanitize-target-mask-used-to
+ gnttab-dont-use-possibly-unbounded-tail-
+ gnttab-fix-transitive-grant-handling
+ x86grant-disallow-misaligned-ptes
+ gnttab-split-maptrack-lock-to-make-it-fu
+ gnttab-correct-pin-status-fixup-for-copy
+ armmm-release-grant-lock-on-xenmem_add_t
 +armv6.diff