-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Nov 2020 10:28:22 +0000 Source: xen Architecture: source Version: 4.14.0+80-gd101b417b7-1 Distribution: unstable Urgency: medium Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org> Changed-By: Ian Jackson <ijackson@chiark.greenend.org.uk> Closes: 866380 938843 939560 961511 968965 970802 Changes: xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium . * Re-upload to unstable for rebuild. . xen (4.14.0+80-gd101b417b7-1~exp2) experimental; urgency=medium . * Re-upload since apparently DMs aren't allowed NEW? . xen (4.14.0+80-gd101b417b7-1~exp1) experimental; urgency=medium . * Update to new upstream version 4.14.0+80-gd101b417b7, which also contains security fixes for the following issues: - Information leak via power sidechannel XSA-351 (no CVE yet) - x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 (no CVE yet) - unsafe AMD IOMMU page table updates XSA-347 (no CVE yet) - undue deferral of IOMMU TLB flushes XSA-346 (no CVE yet) - x86: Race condition in Xen mapping code XSA-345 (no CVE yet) - lack of preemption in evtchn_reset() / evtchn_destroy() XSA-344 CVE-2020-25601 - races with evtchn_reset() XSA-343 CVE-2020-25599 - out of bounds event channels available to 32-bit x86 domains XSA-342 CVE-2020-25600 - Missing memory barriers when accessing/allocating an event channel XSA-340 CVE-2020-25603 - x86 pv guest kernel DoS via SYSENTER XSA-339 CVE-2020-25596 - once valid event channels may not turn invalid XSA-338 CVE-2020-25597 - PCI passthrough code reading back hardware registers XSA-337 CVE-2020-25595 - race when migrating timers between x86 HVM vCPU-s XSA-336 CVE-2020-25604 - Missing unlock in XENMEM_acquire_resource error path XSA-334 CVE-2020-25598 - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE XSA-333 CVE-2020-25602 * Updating to the most recent upstream stable-4.14 branch also fixes additional compiling issues with gcc 10 that we were running into. These were: upstream commit 5d45ecabe3c0 ("xen/arm64: force gcc 10+ to always inline generic atomics helpers") to fix a FTBFS at mem_access.c and upstream commit 0dfddb2116e3 ("tools/xenpmd: Fix gcc10 snprintf warning") to fix a FTBFS on armhf. (Closes: #970802) * Drop upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2 maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un") from our patch pile because these gcc 10 related fixes are in the upstream stable branch now. * Partially revert "debian/rules: Combine shared Make args" since it caused a FTBFS on i386. * Revert upstream commit a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64") and cherry-pick our previous commits 0b898ccc2 ("tools/firmware/Makfile: Respect caller's CONFIG_PV_SHIM") and a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64") again to work around a FTBFS where the shim would not be built during the i386 package build. * Now all FTBFS issues should be resolved, so we can do (Closes: #968965) . Packaging minor fixes and improvements: * d/xen-utils-common.xen.init: Actually *really* include the change to disable oom killer for xenstored. It inadvertently got lost in 4.14.0-1~exp1. (Closes: #961511) . Lintian related fixes: * debian/changelog: fix a typo in the previous changelog entry . xen (4.14.0-1~exp1) experimental; urgency=medium . Significant changes: * Update to new upstream version 4.14.0. (Closes: #866380) about removal of broken xen-bugtool * debian/{rules,control}: switch to python 3 (Closes: #938843) about python 2 removal in bullseye * debian/control: Fix python dependency to use python3-dev:any and libpython3-dev [Elliott Mitchell] . Changes related to upgrading to Xen 4.14: * debian/control: adjust to 4.14 * debian/rules: remove install commands for pkgconfig files, since those files are not present any more * debian/: Follow fsimage -> xenfsimage renaming * debian/xen-utils-V.*: Use @version@ instead of hardcoded version * debian/control: add flex, bison * debian/control: add libxenhypfs[1] [Ian Jackson] * debian/libxenstore3.0.symbols: drop xprintf (Closes: #968965) [Ian Jackson; also reported by Gianfranco Costamagna] * d/scripts/xen-init-name, d/scripts/xen-init-list: rewrite these two scripts, hugely simplify them and make them use python 3 * Pick upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2 maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un") to fix gcc 10 FTBFS * tools: don't build/ship xenmon, it can't work with python 3 . Packaging minor fixes and improvements: * debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell (Closes: #939560) [Ian Jackson; report from Guillem Jover] * debian/rules: Improve comment about hardening options (Closes: #939560) [Ian Jackson; report from Guillem Jover] * debian/rules: Drop redundant sequence numbers in dh_installinit (Closes: #939560) [Ian Jackson; report from Guillem Jover] * d/xen-utils-common.xen.init: add important notes to keep in mind when changing this script, related to multi-version handling * debian/control: cleanup Uploaders and add myself * debian/control: s/libncurses5-dev/libncurses-dev/ * xen-utils-V scripts: remove update-alternatives command * xen-utils-V.postinst.vsn-in: whitespace cosmetics * d/xen-utils-common.xen.init: disable oom killer for xenstored (Closes: #961511) * debian/rules: Combine shared Make args [Elliott Mitchell] . Fixes and improvements for cross-compiling [Elliott Mitchell]: * debian/rules: Add --host to tools configure target * Pick upstream commit 69953e285638 ('tools: Partially revert "Cross-compilation fixes."') . Lintian related fixes: * debian/changelog: trim trailing whitespace. [Debian Janitor] * debian/pycompat: remove obsolete file. [Debian Janitor] * debian/rules: Avoid using $(PWD) variable. [Debian Janitor] * debian/control: hardcode xen-utils-4.14 python3 dependency because dh_python can't figure out how to add it * debian/control: xen-doc: add ${misc:Depends} * d/xen-hypervisor-V-F.lintian-overrides.vsn-in: fix override to use the newer debug-suffix-not-dbg tag and correct the file path used so it matches again * debian/control: remove XS-Python-Version which is deprecated * debian/control: drop autotools-dev build dependency because debhelper already takes care of this * d/xen-utils-V.lintian-overrides.vsn-in: fix rpath override because the xenfsimage python .so filename changed from xenfsimage.so into xenfsimage.cpython-38-x86_64-linux-gnu.so now, make it match again * d/xen-utils-V.lintian-overrides.vsn-in: s/fsimage/xenfsimage/ which is a left over change from the rename in some comment lines * d/xen-utils-common.xen.init: use /run instead of /var/run because we don't expect anyone on a pre-stretch system to build and use these packages * debian/control: update Standards-Version to 4.5.0 Checksums-Sha1: 95021ac2b7ef913a3915a11ce714bcc00e2b4cbd 3898 xen_4.14.0+80-gd101b417b7-1.dsc f0c1a3a553d211b43c8f3245fd4a13370f86edff 124708 xen_4.14.0+80-gd101b417b7-1.debian.tar.xz Checksums-Sha256: 81a2e71d504b75ff93623e2d6e5d6ccddb8da094f7993a9f1b51d7a10d49fb9f 3898 xen_4.14.0+80-gd101b417b7-1.dsc 52e47e4aef25221446684622088d281f2dc1dbfa078a8c92818bf684b05e905a 124708 xen_4.14.0+80-gd101b417b7-1.debian.tar.xz Files: 0c8f4ec3a14aa31b75fa5e387245af51 3898 admin optional xen_4.14.0+80-gd101b417b7-1.dsc 6e4e5d16dd2d2fef61369f30a0871e3c 124708 admin optional xen_4.14.0+80-gd101b417b7-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAl+84KMACgkQ4+M5I0i1 DTlCzAf/RZKOvNx+gpriNWDbpRFV9z/JW24O3BIAOhaus1afkdN8nugfeY5G+9jG 5uHa5UVzBswWVY6fVoRpiiBg28bmhUgIhiCRciK7tB8DRxARwjPoyGyVl9oxLA9O fCIzC0umkqhXKul0cnnVdrulPG7X/Rz9DeZzCgyqpeBcTtHKgeDDdnMn1A23uFF0 /7HYIPqrzdolNgqEbGaLxvK+tCOUZeXK4PUZkSZcI4q0FY95apCJNV4MTAAft+rb AdctDPNFeK9dvm6oi3JFy/qd+tNJcMs3mRPgyDM3vM2SSINvbUd9IGox6uudliHD XghSgq8mrYyfrhEMEgv/FkjPkKLi1g== =0+qS -----END PGP SIGNATURE-----
