Accepted xen 4.14.0+80-gd101b417b7-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 24 Nov 2020 10:28:22 +0000
Source: xen
Architecture: source
Version: 4.14.0+80-gd101b417b7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Ian Jackson <ijackson@chiark.greenend.org.uk>
Closes: 866380 938843 939560 961511 968965 970802
Changes:
xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium
.
* Re-upload to unstable for rebuild.
.
xen (4.14.0+80-gd101b417b7-1~exp2) experimental; urgency=medium
.
* Re-upload since apparently DMs aren't allowed NEW?
.
xen (4.14.0+80-gd101b417b7-1~exp1) experimental; urgency=medium
.
* Update to new upstream version 4.14.0+80-gd101b417b7, which also contains
security fixes for the following issues:
- Information leak via power sidechannel
XSA-351 (no CVE yet)
- x86 PV guest INVLPG-like flushes may leave stale TLB entries
XSA-286 (no CVE yet)
- unsafe AMD IOMMU page table updates
XSA-347 (no CVE yet)
- undue deferral of IOMMU TLB flushes
XSA-346 (no CVE yet)
- x86: Race condition in Xen mapping code
XSA-345 (no CVE yet)
- lack of preemption in evtchn_reset() / evtchn_destroy()
XSA-344 CVE-2020-25601
- races with evtchn_reset()
XSA-343 CVE-2020-25599
- out of bounds event channels available to 32-bit x86 domains
XSA-342 CVE-2020-25600
- Missing memory barriers when accessing/allocating an event channel
XSA-340 CVE-2020-25603
- x86 pv guest kernel DoS via SYSENTER
XSA-339 CVE-2020-25596
- once valid event channels may not turn invalid
XSA-338 CVE-2020-25597
- PCI passthrough code reading back hardware registers
XSA-337 CVE-2020-25595
- race when migrating timers between x86 HVM vCPU-s
XSA-336 CVE-2020-25604
- Missing unlock in XENMEM_acquire_resource error path
XSA-334 CVE-2020-25598
- x86 pv: Crash when handling guest access to MSR_MISC_ENABLE
XSA-333 CVE-2020-25602
* Updating to the most recent upstream stable-4.14 branch also fixes
additional compiling issues with gcc 10 that we were running into. These
were: upstream commit 5d45ecabe3c0 ("xen/arm64: force gcc 10+ to always
inline generic atomics helpers") to fix a FTBFS at mem_access.c and
upstream commit 0dfddb2116e3 ("tools/xenpmd: Fix gcc10 snprintf warning")
to fix a FTBFS on armhf. (Closes: #970802)
* Drop upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2
maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix
-Werror=stringop-truncation in libxl__prepare_sockaddr_un") from our patch
pile because these gcc 10 related fixes are in the upstream stable branch
now.
* Partially revert "debian/rules: Combine shared Make args" since it caused
a FTBFS on i386.
* Revert upstream commit a516bddbd3 ("tools/firmware/Makefile:
CONFIG_PV_SHIM: enable only on x86_64") and cherry-pick our previous
commits 0b898ccc2 ("tools/firmware/Makfile: Respect caller's
CONFIG_PV_SHIM") and a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM:
enable only on x86_64") again to work around a FTBFS where the shim would
not be built during the i386 package build.
* Now all FTBFS issues should be resolved, so we can do (Closes: #968965)
.
Packaging minor fixes and improvements:
* d/xen-utils-common.xen.init: Actually *really* include the change to
disable oom killer for xenstored. It inadvertently got lost in
4.14.0-1~exp1. (Closes: #961511)
.
Lintian related fixes:
* debian/changelog: fix a typo in the previous changelog entry
.
xen (4.14.0-1~exp1) experimental; urgency=medium
.
Significant changes:
* Update to new upstream version 4.14.0.
(Closes: #866380) about removal of broken xen-bugtool
* debian/{rules,control}: switch to python 3
(Closes: #938843) about python 2 removal in bullseye
* debian/control: Fix python dependency to use python3-dev:any and
libpython3-dev [Elliott Mitchell]
.
Changes related to upgrading to Xen 4.14:
* debian/control: adjust to 4.14
* debian/rules: remove install commands for pkgconfig files, since those
files are not present any more
* debian/: Follow fsimage -> xenfsimage renaming
* debian/xen-utils-V.*: Use @version@ instead of hardcoded version
* debian/control: add flex, bison
* debian/control: add libxenhypfs[1] [Ian Jackson]
* debian/libxenstore3.0.symbols: drop xprintf
(Closes: #968965) [Ian Jackson; also reported by Gianfranco Costamagna]
* d/scripts/xen-init-name, d/scripts/xen-init-list: rewrite these two
scripts, hugely simplify them and make them use python 3
* Pick upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2
maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix
-Werror=stringop-truncation in libxl__prepare_sockaddr_un") to fix gcc 10
FTBFS
* tools: don't build/ship xenmon, it can't work with python 3
.
Packaging minor fixes and improvements:
* debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell
(Closes: #939560) [Ian Jackson; report from Guillem Jover]
* debian/rules: Improve comment about hardening options
(Closes: #939560) [Ian Jackson; report from Guillem Jover]
* debian/rules: Drop redundant sequence numbers in dh_installinit
(Closes: #939560) [Ian Jackson; report from Guillem Jover]
* d/xen-utils-common.xen.init: add important notes to keep in mind when
changing this script, related to multi-version handling
* debian/control: cleanup Uploaders and add myself
* debian/control: s/libncurses5-dev/libncurses-dev/
* xen-utils-V scripts: remove update-alternatives command
* xen-utils-V.postinst.vsn-in: whitespace cosmetics
* d/xen-utils-common.xen.init: disable oom killer for xenstored
(Closes: #961511)
* debian/rules: Combine shared Make args [Elliott Mitchell]
.
Fixes and improvements for cross-compiling [Elliott Mitchell]:
* debian/rules: Add --host to tools configure target
* Pick upstream commit 69953e285638 ('tools: Partially revert
"Cross-compilation fixes."')
.
Lintian related fixes:
* debian/changelog: trim trailing whitespace. [Debian Janitor]
* debian/pycompat: remove obsolete file. [Debian Janitor]
* debian/rules: Avoid using $(PWD) variable. [Debian Janitor]
* debian/control: hardcode xen-utils-4.14 python3 dependency because
dh_python can't figure out how to add it
* debian/control: xen-doc: add ${misc:Depends}
* d/xen-hypervisor-V-F.lintian-overrides.vsn-in: fix override to use the
newer debug-suffix-not-dbg tag and correct the file path used so it
matches again
* debian/control: remove XS-Python-Version which is deprecated
* debian/control: drop autotools-dev build dependency because debhelper
already takes care of this
* d/xen-utils-V.lintian-overrides.vsn-in: fix rpath override because the
xenfsimage python .so filename changed from xenfsimage.so into
xenfsimage.cpython-38-x86_64-linux-gnu.so now, make it match again
* d/xen-utils-V.lintian-overrides.vsn-in: s/fsimage/xenfsimage/ which is a
left over change from the rename in some comment lines
* d/xen-utils-common.xen.init: use /run instead of /var/run because we don't
expect anyone on a pre-stretch system to build and use these packages
* debian/control: update Standards-Version to 4.5.0
Checksums-Sha1:
95021ac2b7ef913a3915a11ce714bcc00e2b4cbd 3898 xen_4.14.0+80-gd101b417b7-1.dsc
f0c1a3a553d211b43c8f3245fd4a13370f86edff 124708 xen_4.14.0+80-gd101b417b7-1.debian.tar.xz
Checksums-Sha256:
81a2e71d504b75ff93623e2d6e5d6ccddb8da094f7993a9f1b51d7a10d49fb9f 3898 xen_4.14.0+80-gd101b417b7-1.dsc
52e47e4aef25221446684622088d281f2dc1dbfa078a8c92818bf684b05e905a 124708 xen_4.14.0+80-gd101b417b7-1.debian.tar.xz
Files:
0c8f4ec3a14aa31b75fa5e387245af51 3898 admin optional xen_4.14.0+80-gd101b417b7-1.dsc
6e4e5d16dd2d2fef61369f30a0871e3c 124708 admin optional xen_4.14.0+80-gd101b417b7-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAl+84KMACgkQ4+M5I0i1
DTlCzAf/RZKOvNx+gpriNWDbpRFV9z/JW24O3BIAOhaus1afkdN8nugfeY5G+9jG
5uHa5UVzBswWVY6fVoRpiiBg28bmhUgIhiCRciK7tB8DRxARwjPoyGyVl9oxLA9O
fCIzC0umkqhXKul0cnnVdrulPG7X/Rz9DeZzCgyqpeBcTtHKgeDDdnMn1A23uFF0
/7HYIPqrzdolNgqEbGaLxvK+tCOUZeXK4PUZkSZcI4q0FY95apCJNV4MTAAft+rb
AdctDPNFeK9dvm6oi3JFy/qd+tNJcMs3mRPgyDM3vM2SSINvbUd9IGox6uudliHD
XghSgq8mrYyfrhEMEgv/FkjPkKLi1g==
=0+qS
-----END PGP SIGNATURE-----