From: Hans van Kranenburg <hans@knorrie.org>
Date: Sun, 28 Jan 2018 19:46:30 +0000 (+0100)
Subject: Update to 4.10.1-pre, changelog housekeeping
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~111
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ab60639bacee3cadcb7ffb514ce4905bac09e654;p=xen.git

Update to 4.10.1-pre, changelog housekeeping

Jump forward to commit 728fadb586 in stable-4.10, which contains the
first few XSA-254 fixes.

Add all missing changelog information about what has happened in the
previous set of commits.
---

diff --git a/debian/changelog b/debian/changelog
index 329865bd03..7c762d8875 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,19 @@
-xen (4.10.0-1~exp1) UNRELEASED; urgency=medium
-
-  * Update to 4.10
-
- -- Hans van Kranenburg <hans@knorrie.org>  Fri, 05 Jan 2018 21:14:38 +0100
-
-xen (4.9.2~pre+1.32e364c4e7-1) UNRELEASED; urgency=medium
-
-  * Update to upstream release 4.9.1 plus latest security patches. This is
-    upstream commit 32e364c4e72157f144574796ac9ea021e3417d47
-  * Merge changes for 4.9 from the ubuntu packaging:
+xen (4.10.1~pre+1.728fadb586-1~exp1) UNRELEASED; urgency=medium
+
+  [ Hans van Kranenburg ]
+  * First update to upstream release 4.9.1 plus latest security patches. This
+    is upstream commit 32e364c4e7 which contains:
+    - Additional fix for: Unlimited recursion in linear pagetable de-typing
+      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
+    - Fix x86 PV guests may gain access to internally used pages
+      XSA-248 CVE-2017-17566
+    - Fix broken x86 shadow mode refcount overflow check
+      XSA-249 CVE-2017-17563
+    - Fix improper x86 shadow mode refcount error handling
+      XSA-250 CVE-2017-17564
+    - Fix improper bug check in x86 log-dirty handling
+      XSA-251 CVE-2017-17565
+  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
     - Rebase patches against upstream source (line numbers etc).
     - debian/rules.real:
       - Add a call to build common tool headers.
@@ -19,8 +24,22 @@ xen (4.9.2~pre+1.32e364c4e7-1) UNRELEASED; urgency=medium
       - Re-introduce (fake) xs_restrict call to keep libxenstore version at
         3.0 for now.
     - debian/libxenstore3.0.symbols: add xs_control_command
-
- -- Hans van Kranenburg <hans@knorrie.org>  Tue, 19 Dec 2017 18:44:47 +0100
+  * Update to 4.10.1-pre, commit 728fadb586, which also contains:
+    - Fix x86: memory leak with MSR emulation
+      XSA-253 CVE-2018-5244
+    - Multiple parts of fixes for...
+      Information leak via side effects of speculative execution
+      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
+      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
+      - Branch predictor hardening for affected Cortex-A CPUs (ARM)
+  * Add README.source to document how the packaging works.
+  * Conflict with Xen packages < 4.10, until #852545 about moving the grub
+    config file out of the hypervisor package gets fixed in stable.
+
+  [ Mark Pryor ]
+  * dh_shlibdeps: fix missing depend on libxentoolcore
+
+ -- Hans van Kranenburg <hans@knorrie.org>  Sun, 28 Jan 2018 20:10:23 +0100
 
 xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high