From: Raspbian forward pporter Date: Fri, 22 Jun 2018 03:45:57 +0000 (+0100) Subject: Merge version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7+rpi1 and 4.8.3+xsa267+shim4... X-Git-Tag: raspbian/4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8+rpi1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=20b4ba4e535d8304a5279e4c913a63ea3a1658a8;p=xen.git Merge version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7+rpi1 and 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 to produce 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8+rpi1 --- fc73c3f70879099e955457ac7d11b5d333b8debf diff --cc debian/changelog index 97a356fb6e,30d8125337..763a95c983 --- a/debian/changelog +++ b/debian/changelog @@@ -1,15 -1,20 +1,33 @@@ - xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7+rpi1) stretch-staging; urgency=medium ++xen (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8+rpi1) stretch-staging; urgency=medium + + [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green at Sun, 30 Aug 2015 15:43:16 +0000] + * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6 + + [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green] + * Use kernel 3.18 for now as I haven't dealt with 4.x yet. + + [changes introduced in 4.8.0-1+rpi1 by Peter Micheal Green] + * Add build-depends on ghostscript. + - -- Raspbian forward porter Sun, 27 May 2018 13:50:48 +0000 ++ -- Raspbian forward porter Fri, 22 Jun 2018 03:45:56 +0000 ++ + xen (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8) stretch-security; urgency=high + + * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. + XSA-267 CVE-2018-3665 + + I have actually taken upstream's staging-4.8 CI input branch, which is + identical to the CI-tested stable-4.8 except that it also has the + XSA-267 patches. There are additional patches in upstream's + stable-4.8 branch, beyond what was in the previous Debian stretch + security update, which are prerequisites for the XSA-267 patches. + + For the shim, I have updated to upstream's staging-4.10, which is + identical to the CI-tested stable-4.10q except, again, for + XSA-267-related patches. The 4.10.0-comet branch lacks speculation + control entirely and has been superseded upstream. + + -- Ian Jackson Mon, 18 Jun 2018 16:10:38 +0100 xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7) stretch-security; urgency=high diff --cc debian/patches/series index 851dbff03c,4181bd7551..29c7314781 --- a/debian/patches/series +++ b/debian/patches/series @@@ -25,33 -25,7 +25,8 @@@ tools-include-install.dif tools-xenmon-install.diff tools-xenstore-compatibility.diff ubuntu-tools-libs-abiname.diff - toolstestsx86_emulator-pass--no-pie--fno.patch - copy-readme.pti-and-readme.comet-from-th.patch - tools-utility-to-dump-guest-grant-table-.patch - gitignore-add-toolsmiscxen-diag-to-.giti.patch - x86emul-fix-emulator-test-harness-build-.patch - x86emul-fix-emulator-test-harness-build-.patch1 - x86-correct-ordering-of-operations-durin.patch - x86-suppress-bti-mitigations-around-s3-s.patch - x86spec_ctrl-updates-to-retpoline-safety.patch - x86hpet-fix-race-triggering-assertcpu--n.patch - x86hvm-never-retain-emulated-insn-cache-.patch - xpti-fix-bug-in-double-fault-handling.patch - x86cpuidle-dont-init-stats-lock-more-tha.patch - xen-introduce-vcpu_sleep_nosync_locked.patch - xenschedule-fix-races-in-vcpu-migration.patch - x86-fix-x86-further-cpuid-handling-adjus.patch - x86spec_ctrl-read-msr_arch_capabilities-.patch - x86spec_ctrl-express-xens-choice-of-msr_.patch - x86spec_ctrl-merge-bti_ist_info-and-use_.patch - x86spec_ctrl-fold-the-xen_ibrs_setclear-.patch - x86spec_ctrl-rename-bits-of-infrastructu.patch - x86spec_ctrl-elide-msr_spec_ctrl-handlin.patch - x86spec_ctrl-split-x86_feature_sc_msr-in.patch - x86spec_ctrl-explicitly-set-xens-default.patch - x86cpuid-improvements-to-guest-policies-.patch - x86spec_ctrl-introduce-a-new-spec-ctrl=-.patch - x86amd-mitigations-for-gpz-sp4---specula.patch - x86intel-mitigations-for-gpz-sp4---specu.patch - x86msr-virtualise-msr_spec_ctrl.ssbd-for.patch + 0028-tools-tests-x86_emulator-Pass-no-pie-fno-pic-to-gcc-.patch + 0029-Copy-README.pti-and-README.comet-from-the-XSA-254-ad.patch + 0030-tools-utility-to-dump-guest-grant-table-info.patch + 0031-gitignore-add-tools-misc-xen-diag-to-.gitignore.patch +armv6.diff