Do not build the instruction emulator

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0008-Do-not-build-the-instruction-emulator.patch

tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32

The current build fails with GCC6 on Debian sid i386 (unstable):

 /tmp/ccqjaueF.s: Assembler messages:
 /tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'

This is due to the combination of GCC6, and Debian's decision to
enable some hardening flags by default (to try to make runtime
addresses less predictable):
  https://wiki.debian.org/Hardening/PIEByDefaultTransition

This is of no benefit for the x86 instruction emulator test, which is
a rebuild of the emulator code for testing purposes only.  So pass
options to disable this.

These options will be no-ops if they are the same as the compiler
default.

On amd64, the -fno-pic breaks the build in a different way.  So do
this only on i386.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
Gbp-Pq: Topic misc
Gbp-Pq: Name toolstestsx86_emulator-pass--no-pie--fno.patch

Remove static solaris support from pygrub

Patch-Name: tools-pygrub-remove-static-solaris-support

Gbp-Pq: Topic misc
Gbp-Pq: Name tools-pygrub-remove-static-solaris-support

Do not ship COPYING into /usr/include

This is not wanted in Debian.  COPYING ends up in
/usr/share/doc/xen-*copyright.

Patch-Name: tools-include-no-COPYING.diff

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0005-Do-not-ship-COPYING-into-usr-include.patch

config-prefix.diff

Patch-Name: config-prefix.diff

Gbp-Pq: Topic prefix-abiname
Gbp-Pq: Name config-prefix.diff

version

Gbp-Pq: Name 0003-version.patch

Delete configure output

These autogenerated files are not useful in Debian; dh_autoreconf will
regenerate them.

If this patch does not apply when rebasing, you can simply delete the
files again.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0002-Delete-configure-output.patch

Delete config.sub and config.guess

dh_autoreconf will provide these back.

If this patch does not apply when rebasing, you can simply delete the
files again.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0001-Delete-config.sub-and-config.guess.patch

xen (4.14.4+74-gd7b22226b5-1) bullseye-security; urgency=medium

  * Update to new upstream version 4.14.4+74-gd7b22226b5, which also contains
    security fixes for the following issues:
    - arm: guest_physmap_remove_page not removing the p2m mappings
      XSA-393 CVE-2022-23033
    - A PV guest could DoS Xen while unmapping a grant
      XSA-394 CVE-2022-23034
    - Insufficient cleanup of passed-through device IRQs
      XSA-395 CVE-2022-23035
    - Racy interactions between dirty vram tracking and paging log dirty
      hypercalls
      XSA-397 CVE-2022-26356
    - Multiple speculative security issues
      XSA-398 (no CVE yet)
    - race in VT-d domain ID cleanup
      XSA-399 CVE-2022-26357
    - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
      XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361
  * Note that the following XSA are not listed, because...
    - XSA-391, XSA-392 and XSA-396 have patches for the Linux kernel.

[dgit import unpatched xen 4.14.4+74-gd7b22226b5-1]

Import xen_4.14.4+74-gd7b22226b5.orig.tar.xz

[dgit import orig xen_4.14.4+74-gd7b22226b5.orig.tar.xz]

Import xen_4.14.4+74-gd7b22226b5-1.debian.tar.xz

[dgit import tarball xen 4.14.4+74-gd7b22226b5-1 xen_4.14.4+74-gd7b22226b5-1.debian.tar.xz]