From 932b53264b5272b0d8457c5516611ad2ff8e870f Mon Sep 17 00:00:00 2001 From: Hans van Kranenburg Date: Thu, 21 Apr 2022 23:15:55 +0200 Subject: [PATCH] debian: split NEWS file into package specific ones Users who only have some libxen* package installed do not have to be presented with scary news items that are relevant only if you have hypervisor and/or tools installed. Besides that, the messages are mostly really package specific. And, there's no strict enforcement (because the user is able to have multiple xen versions installed) to have exact the same version for all xen packages. If you install a newer xen-hypervisor-common, you won't get the init script fixes for example that apt-listchanges would be blaring about. (Closes: #962267) Signed-off-by: Hans van Kranenburg --- debian/xen-hypervisor-common.NEWS | 20 ++++++++++++++++++++ debian/{NEWS => xen-utils-common.NEWS} | 21 --------------------- 2 files changed, 20 insertions(+), 21 deletions(-) create mode 100644 debian/xen-hypervisor-common.NEWS rename debian/{NEWS => xen-utils-common.NEWS} (50%) diff --git a/debian/xen-hypervisor-common.NEWS b/debian/xen-hypervisor-common.NEWS new file mode 100644 index 0000000000..e32955a161 --- /dev/null +++ b/debian/xen-hypervisor-common.NEWS @@ -0,0 +1,20 @@ +xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high + + This update contains the mitigations for the Microarchitectural Data + Sampling speculative side channel attacks. Only Intel based processors are + affected. + + Note that these fixes will only have effect when also loading updated cpu + microcode with MD_CLEAR functionality. When using the intel-microcode + package to include microcode in the dom0 initrd, it has to be loaded by + Xen. Please refer to the hypervisor command line documentation about the + 'ucode=scan' option. + + For the fixes to be fully effective, it is currently also needed to disable + hyper-threading, which can be done in BIOS settings, or by using smt=no on + the hypervisor command line. + + Additional information is available in the upstream Xen security advisory: + https://xenbits.xen.org/xsa/advisory-297.html + + -- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200 diff --git a/debian/NEWS b/debian/xen-utils-common.NEWS similarity index 50% rename from debian/NEWS rename to debian/xen-utils-common.NEWS index f0c865d4e4..3e640d195a 100644 --- a/debian/NEWS +++ b/debian/xen-utils-common.NEWS @@ -19,24 +19,3 @@ xen (4.11.4-1) unstable; urgency=medium a newer Xen version (e.g. 4.13) in the future. -- Hans van Kranenburg Tue, 26 May 2020 13:33:17 +0200 - -xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high - - This update contains the mitigations for the Microarchitectural Data - Sampling speculative side channel attacks. Only Intel based processors are - affected. - - Note that these fixes will only have effect when also loading updated cpu - microcode with MD_CLEAR functionality. When using the intel-microcode - package to include microcode in the dom0 initrd, it has to be loaded by - Xen. Please refer to the hypervisor command line documentation about the - 'ucode=scan' option. - - For the fixes to be fully effective, it is currently also needed to disable - hyper-threading, which can be done in BIOS settings, or by using smt=no on - the hypervisor command line. - - Additional information is available in the upstream Xen security advisory: - https://xenbits.xen.org/xsa/advisory-297.html - - -- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200 -- 2.30.2