tools-libfsimage-prefix.diff

\o/

Gbp-Pq: Name 0009-tools-libfsimage-prefix.diff.patch

Do not build the instruction emulator

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0008-Do-not-build-the-instruction-emulator.patch

tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32

The current build fails with GCC6 on Debian sid i386 (unstable):

 /tmp/ccqjaueF.s: Assembler messages:
 /tmp/ccqjaueF.s:3713: Error: missing or invalid displacement expression `vmovd_to_reg_len@GOT'

This is due to the combination of GCC6, and Debian's decision to
enable some hardening flags by default (to try to make runtime
addresses less predictable):
  https://wiki.debian.org/Hardening/PIEByDefaultTransition

This is of no benefit for the x86 instruction emulator test, which is
a rebuild of the emulator code for testing purposes only.  So pass
options to disable this.

These options will be no-ops if they are the same as the compiler
default.

On amd64, the -fno-pic breaks the build in a different way.  So do
this only on i386.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
Gbp-Pq: Topic misc
Gbp-Pq: Name toolstestsx86_emulator-pass--no-pie--fno.patch

Remove static solaris support from pygrub

Patch-Name: tools-pygrub-remove-static-solaris-support

Gbp-Pq: Topic misc
Gbp-Pq: Name tools-pygrub-remove-static-solaris-support

Do not ship COPYING into /usr/include

This is not wanted in Debian.  COPYING ends up in
/usr/share/doc/xen-*copyright.

Patch-Name: tools-include-no-COPYING.diff

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0005-Do-not-ship-COPYING-into-usr-include.patch

config-prefix.diff

Patch-Name: config-prefix.diff

Gbp-Pq: Topic prefix-abiname
Gbp-Pq: Name config-prefix.diff

version

Gbp-Pq: Name 0003-version.patch

Delete configure output

These autogenerated files are not useful in Debian; dh_autoreconf will
regenerate them.

If this patch does not apply when rebasing, you can simply delete the
files again.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0002-Delete-configure-output.patch

Delete config.sub and config.guess

dh_autoreconf will provide these back.

If this patch does not apply when rebasing, you can simply delete the
files again.

Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
Gbp-Pq: Name 0001-Delete-config.sub-and-config.guess.patch

xen (4.14.5+24-g87d90d511c-1) bullseye-security; urgency=medium

  * Update to new upstream version 4.14.5+24-g87d90d511c, which also contains
    security fixes for the following issues:
    for the following issues:
    - x86 pv: Race condition in typeref acquisition
      XSA-401 CVE-2022-26362
    - x86 pv: Insufficient care with non-coherent mappings
      XSA-402 CVE-2022-26363 CVE-2022-26364
    - x86: MMIO Stale Data vulnerabilities
      XSA-404 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
    - Retbleed - arbitrary speculative code execution with return instructions
      XSA-407 CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
  * Note that the following XSA are not listed, because...
    - XSA-403 patches are not applied to stable branch lines.
    - XSA-405 and XSA-406 have patches for the Linux kernel.

[dgit import unpatched xen 4.14.5+24-g87d90d511c-1]

Import xen_4.14.5+24-g87d90d511c.orig.tar.xz

[dgit import orig xen_4.14.5+24-g87d90d511c.orig.tar.xz]

Import xen_4.14.5+24-g87d90d511c-1.debian.tar.xz

[dgit import tarball xen 4.14.5+24-g87d90d511c-1 xen_4.14.5+24-g87d90d511c-1.debian.tar.xz]