diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/changelog xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/changelog --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/changelog 2018-10-15 17:07:11.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/changelog 2018-10-25 20:13:19.000000000 +0000 @@ -1,3 +1,118 @@ +xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5+rpi1) buster-staging; urgency=medium + + [changes brought forward from 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4 by Ian Jackson at Wed, 07 Feb 2018 17:50:45 +0000] + * Update to new upstream version 4.8.3+comet2+shim4.10.0+comet3. + Specifically, this is two upstreams: + - Upstream Xen 4.8.3 "git merge"d with upstream + Xen Security Team (XSA-254) 4.8.3pre-shim-comet-2, in `.' + - Upstream Xen 4.10.0-shim-comet-3 in `shim'. + The upstream tarballs are from `git archive' with the + gitattributes for mangling .gitarchive-info disabled. + Therefore, we include these security fixes: + XSA-254 CVE-2017-5754 but SP3 "Meltdown" only + XSA-253 CVE-2018-5244 + XSA-251 CVE-2017-17565 + XSA-250 CVE-2017-17564 + XSA-249 CVE-2017-17563 + XSA-248 CVE-2017-17566 + * Ship README.pti and README.comet from the upstream XSA-254 + advisory in /usr/share/doc/xen-utils/common/. + + [changes brought forward from 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1 by Ian Jackson at Fri, 09 Feb 2018 14:42:57 +0000] + * Fix builds on other than amd64. + + [changes brought forward from 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 by Ian Jackson at Fri, 02 Mar 2018 16:07:18 +0000] + * Security fixes from upstream XSAs: + XSA-252 CVE-2018-7540 + XSA-255 CVE-2018-7541 + XSA-256 CVE-2018-7542 + The upstream BTI changes from XSA-254 (Spectre v2 mitigation) + are *not* included. They are currently failing in upstream CI. + * init scripts: Do not kill per-domain qemu processes. Closes:#879751. + * Install Meltdown READMEs on all architectures. Closes:#890488. + * Ship xen-diag (by cherry-picking the appropriate commits from + upstream). This can help with diagnosis of #880554. + + [changes brought forward from 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 by Ian Jackson at Thu, 10 May 2018 16:50:52 +0100] + * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3. + (This is the upstream staging-4.8 branch, which is ahead of the + upstream CI-tested stable-4.8 branch by precisely the three + most recent XSA fixes. We are switching away from the special + upstream 4.8 comet branch.) + + * Resulting security fixes: + XSA-258 CVE-2018-10472 + XSA-259 CVE-2018-10471 + XSA-260 CVE-2018-8897 + XSA-261 CVE-2018-10982 + XSA-262 CVE-2018-10981 + + * Apply two further build fixes from upstream staging-4.8. + + [changes brought forward from 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 by Ian Jackson at Tue, 22 May 2018 18:41:33 +0100] + * Include upstream XSA-263 (speculative store bypass) fixes for x86. + I hear that ARM fixes will be forthcoming RSN. Ie, + XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.) + + * Include a number of upstream bugfixes, including fixes to previous + security fixes, some of which are security-relevant: + x86: correct ordering of operations during S3 resume + x86: suppress BTI mitigations around S3 suspend/resume + x86/spec_ctrl: Updates to retpoline-safety decision making + x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids) + x86/HVM: never retain emulated insn cache when exiting back to guest + xpti: fix bug in double fault handling + x86/cpuidle: don't init stats lock more than once + xen: Introduce vcpu_sleep_nosync_locked() + xen/schedule: Fix races in vcpu migration + x86: Fix "x86: further CPUID handling adjustments" + + The result is very similar to upstream staging-4.8. However, as + upstream staging-4.8 has not yet passed upstream CI, I have chosen to + cherry pick fixes so that I can drop a couple that don't look + immediately important. We will expect to resynchronise with + upstream's 4.8 stable branch soon. + + * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was + needed to build the upstream 4.8 comet branch on ARM but is not needed + for the the upstream staging/stable branch). Closes:#898898. + + * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to + mention branch switch from upstream 4.8 comet to upstream main 4.8, + and add some missing CVEs. + + [changes brought forward from 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 by Ian Jackson at Mon, 18 Jun 2018 16:10:38 +0100] + * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. + XSA-267 CVE-2018-3665 + + I have actually taken upstream's staging-4.8 CI input branch, which is + identical to the CI-tested stable-4.8 except that it also has the + XSA-267 patches. There are additional patches in upstream's + stable-4.8 branch, beyond what was in the previous Debian stretch + security update, which are prerequisites for the XSA-267 patches. + + For the shim, I have updated to upstream's staging-4.10, which is + identical to the CI-tested stable-4.10q except, again, for + XSA-267-related patches. The 4.10.0-comet branch lacks speculation + control entirely and has been superseded upstream. + + [changes brought forward from 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 by Ian Jackson at Fri, 22 Jun 2018 16:38:39 +0100] + * Security upload [thanks to Wolodja Wentland]: + XSA-264 (no CVE yet) + XSA-265 (no CVE yet) + XSA-266 (no CVE yet) + + [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green at Sun, 30 Aug 2015 15:43:16 +0000] + * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6 + + [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green] + * Use kernel 3.18 for now as I haven't dealt with 4.x yet. + + [changes introduced in 4.8.0-1+rpi1 by Peter Micheal Green] + * Add build-depends on ghostscript. + + -- Raspbian forward porter Thu, 25 Oct 2018 20:13:19 +0000 + xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium * debian/rules: Cope if xen-utils-common not being built diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/control.md5sum xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/control.md5sum --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/control.md5sum 2018-10-15 17:07:11.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/control.md5sum 2018-10-25 20:13:19.000000000 +0000 @@ -1,13 +1,29 @@ +<<<<<<< HEAD +fd4431defc3dba21534e5c87b6a54a0e debian/changelog +||||||| merged common ancestors +414390ca652da67ac85ebd905500eb66 debian/changelog +======= 90846bd8cd1227c290d02071e1f3b141 debian/changelog +>>>>>>> debpsuedomerge dc7b5d9f0538e3180af4e9aff9b0bd57 debian/bin/gencontrol.py 9e089bdfb9c848da38da7f50e37a5502 debian/templates/control.main.in a15fa64ce6deead28d33c1581b14dba7 debian/templates/xen-hypervisor.postinst.in 28356e01cce3f5f226bacec4c49a7f1e debian/templates/control.system.latest.in 03f63e67cf2d915bfbb535f8c9d9e2e4 debian/templates/xen-utils.postinst.in 63ad8a975156f7bf2327f0e1dc7fc9e2 debian/templates/control.source.in +<<<<<<< HEAD +a4fad0ec66d977759a362165bf8aa31d debian/templates/control.hypervisor.in +22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in +df5a318ff90cd0ca3ac7f1a8976bae39 debian/templates/control.utils.in +||||||| merged common ancestors +22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in +a4fad0ec66d977759a362165bf8aa31d debian/templates/control.hypervisor.in +df5a318ff90cd0ca3ac7f1a8976bae39 debian/templates/control.utils.in +======= 22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in 02ec00ee85d07ab4eb277a91df014e0c debian/templates/control.hypervisor.in 4974334083116945da78ec656b4371f5 debian/templates/control.utils.in +>>>>>>> debpsuedomerge dcabf82578122540e0534f72750698d5 debian/templates/xen-utils.lintian-overrides.in b6acd21c3924e6ec6f9c547afbbc7d9e debian/templates/xen-utils.prerm.in 9851cdcecfae45a8c4f95ef676e26973 debian/arch/defines diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/.gitignore xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/.gitignore --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/.gitignore 2018-10-15 17:07:11.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/.gitignore 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -.debhelper -*.debhelper.* -*.postinst.debhelper -*.postrm.debhelper -*.substvars -*.stamp -tmp -*-[0-9]*.bug-control -*-[0-9]*.postinst -*-[0-9]*.postrm -*.tmp -files -xen-doc -xen-hypervisor-common -xen-system-amd64 -xen-system-armhf -xen-system-arm64 -xen-hypervisor-[0-9]*[0-9] -xen-hypervisor-[0-9]*[0-9].install -xen-hypervisor-[0-9]*[0-9].lintian-overrides -xen-utils-[0-9]*[0-9] -xen-utils-[0-9]*[0-9].install -xen-utils-[0-9]*[0-9].NEWS -xen-utils-[0-9]*[0-9].README.Debian -xen-utils-[0-9]*[0-9].lintian-overrides -xen-utils-[0-9]*[0-9].prerm -libxenmisc[0-9]*[0-9].lintian-overrides -libxenmisc[0-9]*[0-9] -libxenmisc[0-9]*[0-9].install -libxenmisc[0-9]*[0-9].lintian-overrides -libxen-dev -libxen*[0-9] -xen-utils-common -xenstore-utils -autoreconf.before -autoreconf.after -debhelper-build-stamp diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/armv6.diff xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/armv6.diff --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/armv6.diff 1970-01-01 00:00:00.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/armv6.diff 2018-10-25 20:13:14.000000000 +0000 @@ -0,0 +1,20 @@ +Description: replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6 +Author: Peter Michael Green + +Index: xen-4.6.0/tools/libxc/include/xenctrl.h +=================================================================== +--- xen-4.6.0.orig/tools/libxc/include/xenctrl.h ++++ xen-4.6.0/tools/libxc/include/xenctrl.h +@@ -78,9 +78,9 @@ + #define xen_rmb() xen_barrier() + #define xen_wmb() xen_barrier() + #elif defined(__arm__) +-#define xen_mb() asm volatile ("dmb" : : : "memory") +-#define xen_rmb() asm volatile ("dmb" : : : "memory") +-#define xen_wmb() asm volatile ("dmb" : : : "memory") ++#define xen_mb() asm volatile ("mcr p15, #0, r0, c7, c10, #5" : : : "memory") ++#define xen_rmb() asm volatile ("mcr p15, #0, r0, c7, c10, #5" : : : "memory") ++#define xen_wmb() asm volatile ("mcr p15, #0, r0, c7, c10, #5" : : : "memory") + #elif defined(__aarch64__) + #define xen_mb() asm volatile ("dmb sy" : : : "memory") + #define xen_rmb() asm volatile ("dmb sy" : : : "memory") diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/series xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/series --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/series 2018-10-15 17:07:11.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/patches/series 2018-10-25 20:13:19.000000000 +0000 @@ -41,3 +41,4 @@ 0041-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch 0042-docs-man-xen-vbd-interface.7-Provide-properly-format.patch 0043-Revert-tools-xenstore-compatibility.diff.patch +armv6.diff diff -Nru xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/rules.defs xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/rules.defs --- xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/rules.defs 1970-01-01 00:00:00.000000000 +0000 +++ xen-4.11.1~pre.20180911.5acdd26fdc+dfsg/debian/rules.defs 2018-10-25 20:13:14.000000000 +0000 @@ -0,0 +1,4 @@ +KERNELVERSION := 3.18.0-trunk +BUILD_DIR = debian/build +STAMPS_DIR = debian/stamps +TEMPLATES_DIR = debian/templates