Changelog
xen (4.16.1-1) unstable; urgency=medium
* Update to new upstream version 4.16.1, which also contains security fixes
for the following issues:
- Racy interactions between dirty vram tracking and paging log dirty
hypercalls
XSA-397 CVE-2022-26356
- Multiple speculative security issues
XSA-398 (no CVE yet)
- race in VT-d domain ID cleanup
XSA-399 CVE-2022-26357
- IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361
* Note that the following XSA are not listed, because...
- XSA-396 has patches for the Linux kernel.
* Don't ship NEWS in libxen* packages. Instead, only ship relevant NEWS
items for actual hypervisor and/or utils packages they belong to.
(Closes: #962267)
* d/control: make xen-hypervisor-common arch specific, just like
xen-utils-common.
* d/control: stop recommending qemu-system-x86 on arm, because qemu is not
being built with xen support on arm...
* Add a patch for tools/libs/light/Makefile which prevents build.o and
build.opic to be rebuilt unneededly during the package install phase,
causing a FTBFS because it triggers the use of ccache, which is not
allowed in the install phase of building the Debian packages.
Improvements related to Qemu integration: [Michael Tokarev]
* d/xen-utils-common.xen.init: properly disable qemu monitor/serial/parallel
devices for qemu started at boot.
* debian: switch from recommending qemu-system-x86 to qemu-system-xen and
mention this change in the NEWS file.
* Add patch "give meaningful error message if qemu device model is
unavailable" to give a useful error message only in case the domU needs
the qemu device model which is not installed, instead of giving a warning
about missing qemu even if it is not used by this domain.
Documentation, grammar and spelling fixes and improvements:
* d/control: drop obsolete paragraph about separate xen linux kernel package
* d/control: Harmonize the capitalization of the 'Xen' word [Diederik de Haas]
* d/control: Improve spelling and grammar [Diederik de Haas]`
-- Hans van Kranenburg <email address hidden> Mon, 09 May 2022 22:29:23 +0200