- xen (4.14.0+80-gd101b417b7-1+rpi1) bullseye-staging; urgency=medium
++xen (4.14.0+88-g1d1d1f5391-2+rpi1) bullseye-staging; urgency=medium
+
+ [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
+ * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
+
+ [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
+ * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
+
+ [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green]
+ * Do not fail on files that are not installed.
+
- -- Raspbian forward porter <root@raspbian.org> Mon, 30 Nov 2020 02:51:13 +0000
++ -- Raspbian forward porter <root@raspbian.org> Fri, 18 Dec 2020 18:13:06 +0000
++
+ xen (4.14.0+88-g1d1d1f5391-2) unstable; urgency=high
+
+ * For now, revert "debian/rules: Set CC/LD to enable cross-building", since
+ it causes an FTBFS on i386.
+
+ -- Hans van Kranenburg <hans@knorrie.org> Tue, 15 Dec 2020 14:57:41 +0100
+
+ xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high
+
+ * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains
+ security fixes for the following issues:
+ - stack corruption from XSA-346 change
+ XSA-355 CVE-2020-29040 (Closes: #976109)
+ * Apply security fixes for the following issues:
+ - oxenstored: permissions not checked on root node
+ XSA-353 CVE-2020-29479
+ - xenstore watch notifications lacking permission checks
+ XSA-115 CVE-2020-29480
+ - Xenstore: new domains inheriting existing node permissions
+ XSA-322 CVE-2020-29481
+ - Xenstore: wrong path length check
+ XSA-323 CVE-2020-29482
+ - Xenstore: guests can crash xenstored via watchs
+ XSA-324 CVE-2020-29484
+ - Xenstore: guests can disturb domain cleanup
+ XSA-325 CVE-2020-29483
+ - oxenstored memory leak in reset_watches
+ XSA-330 CVE-2020-29485
+ - oxenstored: node ownership can be changed by unprivileged clients
+ XSA-352 CVE-2020-29486
+ - undue recursion in x86 HVM context switch code
+ XSA-348 CVE-2020-29566
+ - infinite loop when cleaning up IRQ vectors
+ XSA-356 CVE-2020-29567
+ - FIFO event channels control block related ordering
+ XSA-358 CVE-2020-29570
+ - FIFO event channels control structure ordering
+ XSA-359 CVE-2020-29571
+ * Note that the following XSA are not listed, because...
+ - XSA-349 and XSA-350 have patches for the Linux kernel
+ - XSA-354 has patches for the XAPI toolstack
+
+ Packaging bugfixes and improvements:
+ * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611)
+ * Add missing CVE numbers to the previous changelog entries
+
+ Packaging bugfixes and improvements [Elliott Mitchell]:
+ * d/shuffle-binaries: Make error detection/message overt
+ * d/shuffle-binaries: Add quoting for potentially changeable variables
+ * d/shuffle-boot-files: Add lots of double-quotes when handling variables
+ * debian/rules: Set CC/LD to enable cross-building
+ * debian/xen.init: Load xen_acpi_processor on boot
+ * d/shuffle-binaries: Remove useless extra argument being passed in
+
+ Packaging bugfixes and improvements [Maximilian Engelhardt]:
+ * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required
+ (Closes: #862408)
+ * d/xen-hypervisor-V-F.postrm: actually install script
+ * d/xen-hypervisor-V.*: clean up unused files
+ * d/xen-hypervisor-V.bug-control.vsn-in: actually install script
+ * debian/rules: enable verbose build
+
+ Fixes to patches for upstream code:
+ * t/h/L/vif-common.sh: force handle_iptable return value to be 0
+ (Closes: #955994)
+
+ * Pick the following upstream commits to improve Raspberry Pi 4 support,
+ requested by Elliott Mitchell:
+ - 25849c8b16 ("xen/rpi4: implement watchdog-based reset")
+ - 17d192e023 ("tools/python: Pass linker to Python build process")
+ - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent")
+ - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and
+ acpi_os_unmap_memory()")
+ - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared
+ during failure/unmap")
+ - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before
+ initializing Dom0less")
+ - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it")
+ - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro")
+ - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug
+ trap")
+
+ * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik.
+
+ -- Hans van Kranenburg <hans@knorrie.org> Tue, 15 Dec 2020 13:00:00 +0100
xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium
0023-tools-xl-bash-completion-also-complete-xen.patch
0024-tools-don-t-build-ship-xenmon.patch
0025-tools-Partially-revert-Cross-compilation-fixes.patch
+ 0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch
+ 0027-xen-rpi4-implement-watchdog-based-reset.patch
+ 0028-tools-python-Pass-linker-to-Python-build-process.patch
+ 0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch
+ 0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch
+ 0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch
+ 0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch
+ 0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch
+ 0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch
+ 0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch
+ 0036-fix-spelling-errors.patch
+ 0037-tools-ocaml-xenstored-do-permission-checks-on-xensto.patch
+ 0038-tools-xenstore-allow-removing-child-of-a-node-exceed.patch
+ 0039-tools-xenstore-ignore-transaction-id-for-un-watch.patch
+ 0040-tools-xenstore-fix-node-accounting-after-failed-node.patch
+ 0041-tools-xenstore-simplify-and-rename-check_event_node.patch
+ 0042-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTR.patch
+ 0043-tools-xenstore-rework-node-removal.patch
+ 0044-tools-xenstore-fire-watches-only-when-removing-a-spe.patch
+ 0045-tools-xenstore-introduce-node_perms-structure.patch
+ 0046-tools-xenstore-allow-special-watches-for-privileged-.patch
+ 0047-tools-xenstore-avoid-watch-events-for-nodes-without-.patch
+ 0048-tools-ocaml-xenstored-ignore-transaction-id-for-un-w.patch
+ 0049-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMA.patch
+ 0050-tools-ocaml-xenstored-unify-watch-firing.patch
+ 0051-tools-ocaml-xenstored-introduce-permissions-for-spec.patch
+ 0052-tools-ocaml-xenstored-avoid-watch-events-for-nodes-w.patch
+ 0053-tools-ocaml-xenstored-add-xenstored.conf-flag-to-tur.patch
+ 0054-tools-xenstore-revoke-access-rights-for-removed-doma.patch
+ 0055-tools-ocaml-xenstored-clean-up-permissions-for-dead-.patch
+ 0056-tools-ocaml-xenstored-Fix-path-length-validation.patch
+ 0057-tools-xenstore-drop-watch-event-messages-exceeding-m.patch
+ 0058-tools-xenstore-Preserve-bad-client-until-they-are-de.patch
+ 0059-tools-ocaml-xenstored-delete-watch-from-trie-too-whe.patch
+ 0060-tools-ocaml-xenstored-only-Dom0-can-change-node-owne.patch
+ 0061-x86-replace-reset_stack_and_jump_nolp.patch
+ 0062-x86-fold-guest_idle_loop-into-idle_loop.patch
+ 0063-x86-avoid-calling-svm-vmx-_do_resume.patch
+ 0064-x86-irq-fix-infinite-loop-in-irq_move_cleanup_interr.patch
+ 0065-evtchn-FIFO-re-order-and-synchronize-with-map_contro.patch
+ 0066-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from.patch
+armv6.diff
projects / xen.git / commitdiff