- xen (4.11.4+57-g41a822c392-1+rpi1) buster-staging; urgency=medium
++xen (4.11.4+57-g41a822c392-2+rpi1) buster-staging; urgency=medium
+
+ [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
+ * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
+
+ [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
+ * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
+
+ [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green]
+ * Do not fail on files that are not installed.
+
- -- Raspbian forward porter <root@raspbian.org> Wed, 09 Dec 2020 23:42:56 +0000
++ -- Raspbian forward porter <root@raspbian.org> Fri, 18 Dec 2020 04:56:58 +0000
++
+ xen (4.11.4+57-g41a822c392-2) buster-security; urgency=high
+
+ * Apply security fixes for the following issues:
+ - oxenstored: permissions not checked on root node
+ XSA-353 (CVE-2020-29479)
+ - xenstore watch notifications lacking permission checks
+ XSA-115 (CVE-2020-29480)
+ - Xenstore: new domains inheriting existing node permissions
+ XSA-322 (CVE-2020-29481)
+ - Xenstore: wrong path length check
+ XSA-323 (CVE-2020-29482)
+ - Xenstore: guests can crash xenstored via watchs
+ XSA-324 (CVE-2020-29484)
+ - Xenstore: guests can disturb domain cleanup
+ XSA-325 (CVE-2020-29483)
+ - oxenstored memory leak in reset_watches
+ XSA-330 (CVE-2020-29485)
+ - oxenstored: node ownership can be changed by unprivileged clients
+ XSA-352 (CVE-2020-29486)
+ - undue recursion in x86 HVM context switch code
+ XSA-348 (CVE-2020-29566)
+ - FIFO event channels control block related ordering
+ XSA-358 (CVE-2020-29570)
+ - FIFO event channels control structure ordering
+ XSA-359 (CVE-2020-29571)
+ * Note that the following XSA are not listed, because...
+ - XSA-349 and XSA-350 have patches for the Linux kernel
+ - XSA-354 has patches for the XAPI toolstack
+ - XSA-356 only applies to Xen 4.14
+
+ -- Hans van Kranenburg <hans@knorrie.org> Fri, 11 Dec 2020 22:10:09 +0100
xen (4.11.4+57-g41a822c392-1) buster-security; urgency=high
0047-pygrub-Set-sys.path.patch
0048-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch
0049-tools-xl-bash-completion-also-complete-xen.patch
+ 0050-tools-ocaml-xenstored-do-permission-checks-on-xensto.patch
+ 0051-tools-xenstore-allow-removing-child-of-a-node-exceed.patch
+ 0052-tools-xenstore-ignore-transaction-id-for-un-watch.patch
+ 0053-tools-xenstore-fix-node-accounting-after-failed-node.patch
+ 0054-tools-xenstore-simplify-and-rename-check_event_node.patch
+ 0055-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTR.patch
+ 0056-tools-xenstore-rework-node-removal.patch
+ 0057-tools-xenstore-fire-watches-only-when-removing-a-spe.patch
+ 0058-tools-xenstore-introduce-node_perms-structure.patch
+ 0059-tools-xenstore-allow-special-watches-for-privileged-.patch
+ 0060-tools-xenstore-avoid-watch-events-for-nodes-without-.patch
+ 0061-tools-ocaml-xenstored-ignore-transaction-id-for-un-w.patch
+ 0062-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMA.patch
+ 0063-tools-ocaml-xenstored-unify-watch-firing.patch
+ 0064-tools-ocaml-xenstored-introduce-permissions-for-spec.patch
+ 0065-tools-ocaml-xenstored-avoid-watch-events-for-nodes-w.patch
+ 0066-tools-ocaml-xenstored-add-xenstored.conf-flag-to-tur.patch
+ 0067-tools-xenstore-revoke-access-rights-for-removed-doma.patch
+ 0068-tools-ocaml-xenstored-clean-up-permissions-for-dead-.patch
+ 0069-tools-ocaml-xenstored-Fix-path-length-validation.patch
+ 0070-tools-xenstore-drop-watch-event-messages-exceeding-m.patch
+ 0071-tools-xenstore-Preserve-bad-client-until-they-are-de.patch
+ 0072-tools-ocaml-xenstored-delete-watch-from-trie-too-whe.patch
+ 0073-tools-ocaml-xenstored-only-Dom0-can-change-node-owne.patch
+ 0074-x86-avoid-calling-svm-vmx-_do_resume.patch
+ 0075-evtchn-FIFO-re-order-and-synchronize-with-map_contro.patch
+ 0076-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from.patch
+armv6.diff
projects / xen.git / commitdiff