Accepted xen 4.14.0+88-g1d1d1f5391-1 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Dec 2020 13:00:00 +0100
Source: xen
Architecture: source
Version: 4.14.0+88-g1d1d1f5391-1
Distribution: unstable
Urgency: high
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Hans van Kranenburg <hans@knorrie.org>
Closes: 862408 942611 955994 976109
Changes:
 xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high
 .
   * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains
     security fixes for the following issues:
     - stack corruption from XSA-346 change
       XSA-355 CVE-2020-29040 (Closes: #976109)
   * Apply security fixes for the following issues:
     - oxenstored: permissions not checked on root node
       XSA-353 CVE-2020-29479
     - xenstore watch notifications lacking permission checks
       XSA-115 CVE-2020-29480
     - Xenstore: new domains inheriting existing node permissions
       XSA-322 CVE-2020-29481
     - Xenstore: wrong path length check
       XSA-323 CVE-2020-29482
     - Xenstore: guests can crash xenstored via watchs
       XSA-324 CVE-2020-29484
     - Xenstore: guests can disturb domain cleanup
       XSA-325 CVE-2020-29483
     - oxenstored memory leak in reset_watches
       XSA-330 CVE-2020-29485
     - oxenstored: node ownership can be changed by unprivileged clients
       XSA-352 CVE-2020-29486
     - undue recursion in x86 HVM context switch code
       XSA-348 CVE-2020-29566
     - infinite loop when cleaning up IRQ vectors
       XSA-356 CVE-2020-29567
     - FIFO event channels control block related ordering
       XSA-358 CVE-2020-29570
     - FIFO event channels control structure ordering
       XSA-359 CVE-2020-29571
   * Note that the following XSA are not listed, because...
     - XSA-349 and XSA-350 have patches for the Linux kernel
     - XSA-354 has patches for the XAPI toolstack
 .
   Packaging bugfixes and improvements:
   * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611)
   * Add missing CVE numbers to the previous changelog entries
 .
   Packaging bugfixes and improvements [Elliott Mitchell]:
   * d/shuffle-binaries: Make error detection/message overt
   * d/shuffle-binaries: Add quoting for potentially changeable variables
   * d/shuffle-boot-files: Add lots of double-quotes when handling variables
   * debian/rules: Set CC/LD to enable cross-building
   * debian/xen.init: Load xen_acpi_processor on boot
   * d/shuffle-binaries: Remove useless extra argument being passed in
 .
   Packaging bugfixes and improvements [Maximilian Engelhardt]:
   * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required
     (Closes: #862408)
   * d/xen-hypervisor-V-F.postrm: actually install script
   * d/xen-hypervisor-V.*: clean up unused files
   * d/xen-hypervisor-V.bug-control.vsn-in: actually install script
   * debian/rules: enable verbose build
 .
   Fixes to patches for upstream code:
   * t/h/L/vif-common.sh: force handle_iptable return value to be 0
     (Closes: #955994)
 .
   * Pick the following upstream commits to improve Raspberry Pi 4 support,
     requested by Elliott Mitchell:
     - 25849c8b16 ("xen/rpi4: implement watchdog-based reset")
     - 17d192e023 ("tools/python: Pass linker to Python build process")
     - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent")
     - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and
                    acpi_os_unmap_memory()")
     - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared
                    during failure/unmap")
     - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before
                    initializing Dom0less")
     - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it")
     - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro")
     - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug
                    trap")
 .
   * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik.
Checksums-Sha1:
 4528e850019803b8e228994332adaa7f716f9ee1 4243 xen_4.14.0+88-g1d1d1f5391-1.dsc
 ba92bc7cc6cdce971b7faf5a5b4feeeea5fc23ad 4356048 xen_4.14.0+88-g1d1d1f5391.orig.tar.xz
 fcdbe0dbb8486f1297e4ac292b94f78701d213df 168580 xen_4.14.0+88-g1d1d1f5391-1.debian.tar.xz
Checksums-Sha256:
 347d04d9afa4f4ea287e9cd9e3affde6191ef93b14b4e238464f5ada963de9d2 4243 xen_4.14.0+88-g1d1d1f5391-1.dsc
 a872f5295d9b1de1d7867b1016a38eaf2ebbcfe0180e48d0a0a96bbdaf0accc5 4356048 xen_4.14.0+88-g1d1d1f5391.orig.tar.xz
 43bc665ccf6159293917e7ece2d977f0e72cbc440a132aa79b800ad5e4a9c071 168580 xen_4.14.0+88-g1d1d1f5391-1.debian.tar.xz
Files:
 9720b101e4611fe7dd7cd6769c536bb4 4243 admin optional xen_4.14.0+88-g1d1d1f5391-1.dsc
 0aba66cc2aface72955ddf7a6b6b9169 4356048 admin optional xen_4.14.0+88-g1d1d1f5391.orig.tar.xz
 ea5b20353f5a99b35b648cc11b8b13d0 168580 admin optional xen_4.14.0+88-g1d1d1f5391-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAl/Yp9sACgkQssHfcmNh
X2wuFQ/+I/H14a1gaM2HK+3FBRlCWKjpinqR2GbjC3tZohxlZ3cFOmaUOMvbyR/A
hd6ECZK9mDhsKzMHJji52Dayc9+YHqqzMGZTG1G5jwPlmKc+Z5l6g5Qphj4gYCYm
hSCcFotKPP0nZiH7b9L3UFufVBzmw0mzKsoLrUiNlOeDib66+nD3zbhkOeKV26W2
sVbtZ78ONGihYueO4oJopumb132Jokmp3y3gGqBcyepmxYOPBKfTXIX/q4dALiiK
by4nBO/2lQirVAi6A7/rTTFugyPZ9IOHwYV3/ApfAWBWVQ7UFw3P2aG+r5bguWgl
T9MlFBaCsb3pe2lg4KbB18dCxFRDBURssZ5hlvD6pGk+AmQRjcyQBNqQxaxDv/QN
96Fuo36VKS3UH30qcNqb+QotZYHeNE7hWI2tOtJOsarruxeX/B2ykuNV3pv0bwlC
+jMKeRTW3FxL7X1b2IKvkB7FJu4hSjPyULgyPR2jFWh13+XnGOM8uQFqlg9d8Ovl
GocftbAsemYXfoQ+u/Ubvt5b5BFrz2EdDiyXqptD+5OeKU2UWTjWULksmml6svbV
7xb93KfryI6VCheAjBzHV9xQTSIyqTG/Lq42luNpot+2uanQheQyEiU2X+KL4VPp
/E+TJvxXkEW2s7pjO4SopGqSCVuGj8DZoCkV0xoLY0VmimdZ75Q=
=FlmQ
-----END PGP SIGNATURE-----