xen 4.14.0+88-g1d1d1f5391-1 source package in Debian

Changelog

xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high

  * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains
    security fixes for the following issues:
    - stack corruption from XSA-346 change
      XSA-355 CVE-2020-29040 (Closes: #976109)
  * Apply security fixes for the following issues:
    - oxenstored: permissions not checked on root node
      XSA-353 CVE-2020-29479
    - xenstore watch notifications lacking permission checks
      XSA-115 CVE-2020-29480
    - Xenstore: new domains inheriting existing node permissions
      XSA-322 CVE-2020-29481
    - Xenstore: wrong path length check
      XSA-323 CVE-2020-29482
    - Xenstore: guests can crash xenstored via watchs
      XSA-324 CVE-2020-29484
    - Xenstore: guests can disturb domain cleanup
      XSA-325 CVE-2020-29483
    - oxenstored memory leak in reset_watches
      XSA-330 CVE-2020-29485
    - oxenstored: node ownership can be changed by unprivileged clients
      XSA-352 CVE-2020-29486
    - undue recursion in x86 HVM context switch code
      XSA-348 CVE-2020-29566
    - infinite loop when cleaning up IRQ vectors
      XSA-356 CVE-2020-29567
    - FIFO event channels control block related ordering
      XSA-358 CVE-2020-29570
    - FIFO event channels control structure ordering
      XSA-359 CVE-2020-29571
  * Note that the following XSA are not listed, because...
    - XSA-349 and XSA-350 have patches for the Linux kernel
    - XSA-354 has patches for the XAPI toolstack

  Packaging bugfixes and improvements:
  * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611)
  * Add missing CVE numbers to the previous changelog entries

  Packaging bugfixes and improvements [Elliott Mitchell]:
  * d/shuffle-binaries: Make error detection/message overt
  * d/shuffle-binaries: Add quoting for potentially changeable variables
  * d/shuffle-boot-files: Add lots of double-quotes when handling variables
  * debian/rules: Set CC/LD to enable cross-building
  * debian/xen.init: Load xen_acpi_processor on boot
  * d/shuffle-binaries: Remove useless extra argument being passed in

  Packaging bugfixes and improvements [Maximilian Engelhardt]:
  * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required
    (Closes: #862408)
  * d/xen-hypervisor-V-F.postrm: actually install script
  * d/xen-hypervisor-V.*: clean up unused files
  * d/xen-hypervisor-V.bug-control.vsn-in: actually install script
  * debian/rules: enable verbose build

  Fixes to patches for upstream code:
  * t/h/L/vif-common.sh: force handle_iptable return value to be 0
    (Closes: #955994)

  * Pick the following upstream commits to improve Raspberry Pi 4 support,
    requested by Elliott Mitchell:
    - 25849c8b16 ("xen/rpi4: implement watchdog-based reset")
    - 17d192e023 ("tools/python: Pass linker to Python build process")
    - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent")
    - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and
                   acpi_os_unmap_memory()")
    - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared
                   during failure/unmap")
    - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before
                   initializing Dom0less")
    - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it")
    - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro")
    - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug
                   trap")

  * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik.

 -- Hans van Kranenburg <email address hidden>  Tue, 15 Dec 2020 13:00:00 +0100

Upload details

Uploaded by:
Debian Xen Team
Uploaded to:
Sid
Original maintainer:
Debian Xen Team
Architectures:
amd64 arm64 armhf i386 all
Section:
kernel
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
xen_4.14.0+88-g1d1d1f5391-1.dsc 4.1 KiB 347d04d9afa4f4ea287e9cd9e3affde6191ef93b14b4e238464f5ada963de9d2
xen_4.14.0+88-g1d1d1f5391.orig.tar.xz 4.2 MiB a872f5295d9b1de1d7867b1016a38eaf2ebbcfe0180e48d0a0a96bbdaf0accc5
xen_4.14.0+88-g1d1d1f5391-1.debian.tar.xz 164.6 KiB 43bc665ccf6159293917e7ece2d977f0e72cbc440a132aa79b800ad5e4a9c071

No changes file available.

Binary packages built by this source