From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 18 Dec 2020 04:56:59 +0000 (+0000)
Subject: Merge version 4.11.4+57-g41a822c392-1+rpi1 and 4.11.4+57-g41a822c392-2 to produce... 
X-Git-Tag: archive/raspbian/4.11.4+57-g41a822c392-2+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b52e83990ffe38bf841c0b666ebbf34c0041fd5d;p=xen.git

Merge version 4.11.4+57-g41a822c392-1+rpi1 and 4.11.4+57-g41a822c392-2 to produce 4.11.4+57-g41a822c392-2+rpi1
---

b52e83990ffe38bf841c0b666ebbf34c0041fd5d
diff --cc debian/changelog
index a025b2dd95,321fe63783..4d433bbe3e
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,34 +1,47 @@@
- xen (4.11.4+57-g41a822c392-1+rpi1) buster-staging; urgency=medium
++xen (4.11.4+57-g41a822c392-2+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
 +  * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
 +  
 +  [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
 +  * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
 +
 +  [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green]
 +  * Do not fail on files that are not installed.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Wed, 09 Dec 2020 23:42:56 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 18 Dec 2020 04:56:58 +0000
++
+ xen (4.11.4+57-g41a822c392-2) buster-security; urgency=high
+ 
+   * Apply security fixes for the following issues:
+     - oxenstored: permissions not checked on root node
+       XSA-353 (CVE-2020-29479)
+     - xenstore watch notifications lacking permission checks
+       XSA-115 (CVE-2020-29480)
+     - Xenstore: new domains inheriting existing node permissions
+       XSA-322 (CVE-2020-29481)
+     - Xenstore: wrong path length check
+       XSA-323 (CVE-2020-29482)
+     - Xenstore: guests can crash xenstored via watchs
+       XSA-324 (CVE-2020-29484)
+     - Xenstore: guests can disturb domain cleanup
+       XSA-325 (CVE-2020-29483)
+     - oxenstored memory leak in reset_watches
+       XSA-330 (CVE-2020-29485)
+     - oxenstored: node ownership can be changed by unprivileged clients
+       XSA-352 (CVE-2020-29486)
+     - undue recursion in x86 HVM context switch code
+       XSA-348 (CVE-2020-29566)
+     - FIFO event channels control block related ordering
+       XSA-358 (CVE-2020-29570)
+     - FIFO event channels control structure ordering
+       XSA-359 (CVE-2020-29571)
+   * Note that the following XSA are not listed, because...
+     - XSA-349 and XSA-350 have patches for the Linux kernel
+     - XSA-354 has patches for the XAPI toolstack
+     - XSA-356 only applies to Xen 4.14
+ 
+  -- Hans van Kranenburg <hans@knorrie.org>  Fri, 11 Dec 2020 22:10:09 +0100
  
  xen (4.11.4+57-g41a822c392-1) buster-security; urgency=high
  
diff --cc debian/patches/series
index 07113c359e,69b12b13af..5266e76eb5
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -47,4 -47,30 +47,31 @@@ prefix-abiname/tools-libfsimage-prefix.
  0047-pygrub-Set-sys.path.patch
  0048-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch
  0049-tools-xl-bash-completion-also-complete-xen.patch
+ 0050-tools-ocaml-xenstored-do-permission-checks-on-xensto.patch
+ 0051-tools-xenstore-allow-removing-child-of-a-node-exceed.patch
+ 0052-tools-xenstore-ignore-transaction-id-for-un-watch.patch
+ 0053-tools-xenstore-fix-node-accounting-after-failed-node.patch
+ 0054-tools-xenstore-simplify-and-rename-check_event_node.patch
+ 0055-tools-xenstore-check-privilege-for-XS_IS_DOMAIN_INTR.patch
+ 0056-tools-xenstore-rework-node-removal.patch
+ 0057-tools-xenstore-fire-watches-only-when-removing-a-spe.patch
+ 0058-tools-xenstore-introduce-node_perms-structure.patch
+ 0059-tools-xenstore-allow-special-watches-for-privileged-.patch
+ 0060-tools-xenstore-avoid-watch-events-for-nodes-without-.patch
+ 0061-tools-ocaml-xenstored-ignore-transaction-id-for-un-w.patch
+ 0062-tools-ocaml-xenstored-check-privilege-for-XS_IS_DOMA.patch
+ 0063-tools-ocaml-xenstored-unify-watch-firing.patch
+ 0064-tools-ocaml-xenstored-introduce-permissions-for-spec.patch
+ 0065-tools-ocaml-xenstored-avoid-watch-events-for-nodes-w.patch
+ 0066-tools-ocaml-xenstored-add-xenstored.conf-flag-to-tur.patch
+ 0067-tools-xenstore-revoke-access-rights-for-removed-doma.patch
+ 0068-tools-ocaml-xenstored-clean-up-permissions-for-dead-.patch
+ 0069-tools-ocaml-xenstored-Fix-path-length-validation.patch
+ 0070-tools-xenstore-drop-watch-event-messages-exceeding-m.patch
+ 0071-tools-xenstore-Preserve-bad-client-until-they-are-de.patch
+ 0072-tools-ocaml-xenstored-delete-watch-from-trie-too-whe.patch
+ 0073-tools-ocaml-xenstored-only-Dom0-can-change-node-owne.patch
+ 0074-x86-avoid-calling-svm-vmx-_do_resume.patch
+ 0075-evtchn-FIFO-re-order-and-synchronize-with-map_contro.patch
+ 0076-evtchn-FIFO-add-2nd-smp_rmb-to-evtchn_fifo_word_from.patch
 +armv6.diff