Merge version 4.8.5+shim4.10.2+xsa282-1+deb9u11+rpi1 and 4.8.5.final+shim4.10.4-1...

diff --cc debian/changelog
index 4eb9a4d022a7e32d085ad7db8a83575c03c57f38,bbcfb66eb3295fca32bab43fd52b8efe8bf21b82..3ef07e19c474ef21a769a56399f8708465f60f0d
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,49 +1,62 @@@
- xen (4.8.5+shim4.10.2+xsa282-1+deb9u11+rpi1) stretch-staging; urgency=medium
++xen (4.8.5.final+shim4.10.4-1+deb9u12+rpi1) stretch-staging; urgency=medium
 +
 +  [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
 +  * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
 +  
 +  [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
 +  * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
 +
 +  [changes introduced in 4.8.0-1+rpi1 by Peter Micheal Green]
 +  * Add build-depends on ghostscript.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 15 Jan 2019 09:56:20 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Mon, 13 Jan 2020 22:59:37 +0000
++
+ xen (4.8.5.final+shim4.10.4-1+deb9u12) stretch-security; urgency=medium
+ 
+   * *NOTE* this will probably be the *LAST UPDATE* for Xen in Debian 9.x
+     (stretch), since this is the last batch of security patches from
+     upstream, where Xen 4.8 is out of security support.
+ 
+   * Update to new upstream final tip of 4.8 stable branch, which I have
+     dubbed upstream/stable-4.8.5.final.  And shim 4.10.4.
+   * This includes fixes to:
+        XSA-311  CVE-2019-19577
+        XSA-310  CVE-2019-19580
+        XSA-309  CVE-2019-19578
+        XSA-308  CVE-2019-19583
+        XSA-307  CVE-2019-19581 CVE-2019-19582
+        XSA-306  CVE-2019-19579
+        XSA-305  CVE-2019-11135
+        XSA-304  CVE-2018-12207
+        XSA-303  CVE-2019-18422
+        XSA-302  CVE-2019-18424
+        XSA-301  CVE-2019-18423
+        XSA-299  CVE-2019-18421
+        XSA-298  CVE-2019-18425
+        XSA-297  CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
+        XSA-296  CVE-2019-18420
+        XSA-295  CVE-2019-17349 CVE-2019-17350
+        XSA-294  CVE-2019-17348
+        XSA-293  CVE-2019-17347
+        XSA-292  CVE-2019-17346
+        XSA-291  CVE-2019-17345
+        XSA-290  CVE-2019-17344
+        XSA-288  CVE-2019-17343
+        XSA-287  CVE-2019-17342
+        XSA-285        CVE-2019-17341
+        XSA-284        CVE-2019-17340
+   * For completeness, the following are not applicable:
+        XSA-300  CVE-2019-17351  Bug is in Linux
+        XSA-289                  Spectre V1 + L1TF combo; no new fixes
+        XSA-283                  Withdrawn XSA number
+        XSA-281                  Withdrawn XSA number
+   * The following is *not* fixed at this time:
+        XSA-286                  Still embargoed.
+ 
+   * README.comet: remove line about PVH support.
+     [Hans van Kranenburg]  Closes:#908453.
+ 
+  -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 10 Jan 2020 17:09:30 +0000
  
  xen (4.8.5+shim4.10.2+xsa282-1+deb9u11) stretch-security; urgency=medium
  

diff --cc debian/patches/series
index 29c7314781f6620039861e718204dce2b799827e,6191f80fdb26364788e056eaf2913d3d8e6c479b..37b2fd14d44918f305680ad6d04a6c4e8fd3b792
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -29,4 -29,5 +29,6 @@@ ubuntu-tools-libs-abiname.dif
  0029-Copy-README.pti-and-README.comet-from-the-XSA-254-ad.patch
  0030-tools-utility-to-dump-guest-grant-table-info.patch
  0031-gitignore-add-tools-misc-xen-diag-to-.gitignore.patch
+ 0032-README.comet-remove-alinea-about-PVH-support.patch
+ 0033-xenstore-Increase-stack-size-for-xs-reader-thread.patch
 +armv6.diff