From 3396dda9ef4aafcb29fd85c1c97585ded6a7d8d2 Mon Sep 17 00:00:00 2001 From: Hans van Kranenburg Date: Fri, 23 Feb 2018 17:18:58 +0100 Subject: [PATCH] debian/changelog: housekeeping I was rushing a bit two days ago, and started a new version that's not going to end up in Debian unstable and it's also not tagged, so let's continue development. * Cleanup all entries to not include versions that were never actually released. * Add more summary information about the Spectre/Meltdown related upstream changes. * Use an extra leading ~ during development, so that intermediate test builds never result in files with the same names as the actual build that will be released later. --- debian/changelog | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/debian/changelog b/debian/changelog index 432f32fd5b..54ee0765ba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,18 +1,7 @@ -xen (4.10.1~pre+2.3921128fcb-1) unstable; urgency=medium - - * Update to latest 4.10-stable Xen, since there's no 4.10.1 release yet. - The added upstream changes are almost all related to Spectre/Meltdown - work-in-progress. - * Target unstable now, since the qemu packages don't need a change but just - a rebuild to pick up the new libxen dependency. - - -- Hans van Kranenburg Wed, 21 Feb 2018 18:49:26 +0100 - -xen (4.10.1~pre+1.728fadb586-1~exp1) experimental; urgency=medium +xen (4.10.1~pre+2.3921128fcb-1~) UNRELEASED; urgency=medium [ Hans van Kranenburg ] - * First update to upstream release 4.9.1 plus latest security patches. This - is upstream commit 32e364c4e7 which contains: + * Update to 4.10.1-pre, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages @@ -23,6 +12,15 @@ xen (4.10.1~pre+1.728fadb586-1~exp1) experimental; urgency=medium XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 + - Fix x86: memory leak with MSR emulation + XSA-253 CVE-2018-5244 + - Multiple parts of fixes for... + Information leak via side effects of speculative execution + XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 + - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite + - Branch predictor hardening for affected Cortex-A CPUs (ARM) + - Support compiling with indirect branch thunks (e.g. retpoline) + - Report details of speculative mitigations in boot logging * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: @@ -34,22 +32,15 @@ xen (4.10.1~pre+1.728fadb586-1~exp1) experimental; urgency=medium - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command - * Update to 4.10.1-pre, commit 728fadb586, which also contains: - - Fix x86: memory leak with MSR emulation - XSA-253 CVE-2018-5244 - - Multiple parts of fixes for... - Information leak via side effects of speculative execution - XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - - Branch predictor hardening for affected Cortex-A CPUs (ARM) - * Add README.source to document how the packaging works. + * Rebase patches against 4.10 upstream source. + * Add README.source.md to document how the packaging works. * Conflict with Xen packages < 4.10, until #852545 about moving the grub config file out of the hypervisor package gets fixed in stable. [ Mark Pryor ] - * dh_shlibdeps: fix missing depend on libxentoolcore + * Fix shared library build dependencies for the new xentoolcore library. - -- Hans van Kranenburg Sun, 28 Jan 2018 21:34:10 +0100 + -- Hans van Kranenburg Sun, 25 Feb 2018 01:21:20 +0100 xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high -- 2.30.2