From: Raspbian automatic forward porter Date: Thu, 16 Jul 2020 17:57:37 +0000 (+0100) Subject: Merge version 4.11.3+24-g14b62ab3e5-1~deb10u1+rpi1 and 4.11.4+24-gddaaccbbab-1~deb10u... X-Git-Tag: archive/raspbian/4.11.4+24-gddaaccbbab-1_deb10u1+rpi1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4a206f4ba30706645d9009e56ef021f2b7a2b8a0;p=xen.git Merge version 4.11.3+24-g14b62ab3e5-1~deb10u1+rpi1 and 4.11.4+24-gddaaccbbab-1~deb10u1 to produce 4.11.4+24-gddaaccbbab-1~deb10u1+rpi1 --- 7fb93002844fd7f80bdde8d5f6bbc4ff28b3882a diff --cc debian/changelog index 409f9d1988,97112d40aa..6c90c53b18 --- a/debian/changelog +++ b/debian/changelog @@@ -1,21 -1,54 +1,67 @@@ - xen (4.11.3+24-g14b62ab3e5-1~deb10u1+rpi1) buster-staging; urgency=medium ++xen (4.11.4+24-gddaaccbbab-1~deb10u1+rpi1) buster-staging; urgency=medium + + [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green at Sun, 30 Aug 2015 15:43:16 +0000] + * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6 + + [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green] + * Use kernel 3.18 for now as I haven't dealt with 4.x yet. + + [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green] + * Do not fail on files that are not installed. + - -- Raspbian forward porter Mon, 13 Jan 2020 23:38:27 +0000 ++ -- Raspbian forward porter Thu, 16 Jul 2020 17:57:37 +0000 + - xen (4.11.3+24-g14b62ab3e5-1~deb10u1) buster-security; urgency=high + xen (4.11.4+24-gddaaccbbab-1~deb10u1) buster-security; urgency=high - * Rebuild for buster-security + * Rebuild as Buster security update. - -- Hans van Kranenburg Wed, 08 Jan 2020 13:21:23 +0100 + -- Hans van Kranenburg Fri, 10 Jul 2020 18:54:34 +0200 + + xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium + + * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains + security fixes for the following issues: + - inverted code paths in x86 dirty VRAM tracking + XSA-319 CVE-2020-15563 + - Special Register Buffer speculative side channel + XSA-320 CVE-2020-0543 + N.B: To mitigate this issue, new cpu microcode is required. The changes + in Xen provide a workaround for affected hardware that is not receiving + a vendor microcode update. Please refer to the upstream XSA-320 Advisory + text for more details. + - insufficient cache write-back under VT-d + XSA-321 CVE-2020-15565 + - Missing alignment check in VCPUOP_register_vcpu_info + XSA-327 CVE-2020-15564 + - non-atomic modification of live EPT PTE + XSA-328 CVE-2020-15567 + + -- Hans van Kranenburg Tue, 07 Jul 2020 16:07:39 +0200 + + xen (4.11.4-1) unstable; urgency=medium + + * Update to new upstream version 4.11.4, which also contains security fixes + for the following issues: + - arm: a CPU may speculate past the ERET instruction + XSA-312 (no CVE yet) + - multiple xenoprof issues + XSA-313 CVE-2020-11740 CVE-2020-11741 + - Missing memory barriers in read-write unlock paths + XSA-314 CVE-2020-11739 + - Bad error path in GNTTABOP_map_grant + XSA-316 CVE-2020-11743 + - Bad continuation handling in GNTTABOP_copy + XSA-318 CVE-2020-11742 + * xen-utils and xen-utils-common maint scripts: Replace the previous fix in + the xen init script with a better fix in the xen-utils package instead, to + prevent calling the init script stop action (resulting in a disappeared + xenconsoled) when removing a xen-utils package that belongs to a previous + (not currently runing) Xen version. Also prevent the xen-utils-common + package from inadvertently calling stop and start actions because + dh_installinit would add code for that. (Closes: #932759) + * debian/NEWS: Mention fixing #932759 and how to deal with the bug + + -- Hans van Kranenburg Tue, 26 May 2020 13:33:17 +0200 xen (4.11.3+24-g14b62ab3e5-1) unstable; urgency=high diff --cc debian/patches/series index 19242058ba,95cfd8de1f..07113c359e --- a/debian/patches/series +++ b/debian/patches/series @@@ -31,21 -30,20 +30,21 @@@ prefix-abiname/config-prefix.dif misc/tools-xenmon-install.diff misc/tools-pygrub-remove-static-solaris-support misc/toolstestsx86_emulator-pass--no-pie--fno.patch - 0034-Do-not-build-the-instruction-emulator.patch + 0033-Do-not-build-the-instruction-emulator.patch prefix-abiname/tools-libfsimage-abiname.diff prefix-abiname/tools-libfsimage-prefix.diff - 0037-autoconf-Provide-libexec_libdir_suffix.patch - 0038-.gitignore-Add-configure-output-which-we-always-dele.patch - 0039-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch - 0040-shim-Provide-separate-install-shim-target.patch - 0041-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch - 0042-docs-man-xen-vbd-interface.7-Provide-properly-format.patch - 0043-Revert-tools-xenstore-compatibility.diff.patch - 0044-Fix-empty-fields-in-first-hypervisor-log-line.patch - 0045-vif-common-disable-handle_iptable.patch - 0046-sysconfig.xencommons.in-Strip-and-debianize.patch - 0047-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch - 0048-pygrub-Set-sys.path.patch - 0049-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch - 0050-tools-xl-bash-completion-also-complete-xen.patch + 0036-autoconf-Provide-libexec_libdir_suffix.patch + 0037-.gitignore-Add-configure-output-which-we-always-dele.patch + 0038-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch + 0039-shim-Provide-separate-install-shim-target.patch + 0040-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch + 0041-docs-man-xen-vbd-interface.7-Provide-properly-format.patch + 0042-Revert-tools-xenstore-compatibility.diff.patch + 0043-Fix-empty-fields-in-first-hypervisor-log-line.patch + 0044-vif-common-disable-handle_iptable.patch + 0045-sysconfig.xencommons.in-Strip-and-debianize.patch + 0046-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch + 0047-pygrub-Set-sys.path.patch + 0048-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch + 0049-tools-xl-bash-completion-also-complete-xen.patch +armv6.diff