[Pkg-xen-devel] xen_4.16.0+51-g0941d6cb-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Feb 19 21:20:52 GMT 2022
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Feb 2022 20:29:32 +0100
Source: xen
Architecture: source
Version: 4.16.0+51-g0941d6cb-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>
Changed-By: Hans van Kranenburg <hans at knorrie.org>
Closes: 976597 988901 992909 1002658
Changes:
xen (4.16.0+51-g0941d6cb-1) unstable; urgency=medium
.
* Update to new upstream version 4.16.0+51-g0941d6cb, which also contains
security fixes for the following issues:
- arm: guest_physmap_remove_page not removing the p2m mappings
XSA-393 CVE-2022-23033
- A PV guest could DoS Xen while unmapping a grant
XSA-394 CVE-2022-23034
- Insufficient cleanup of passed-through device IRQs
XSA-395 CVE-2022-23035
* Note that the following XSA are not listed, because...
- XSA-391 and XSA-392 have patches for the Linux kernel.
* Upload to unstable now, which obsoletes the Xen 4.14 FTBFS issue.
(Closes: #1002658)
.
xen (4.16.0-1~exp1) experimental; urgency=medium
.
Significant changes:
* Update to new upstream version 4.16.0. This also includes a security fix
for the following issue, which was not applicable to Xen 4.14 yet:
- certain VT-d IOMMUs may not work in shared page table mode
XSA-390 CVE-2021-28710
* No longer build any package for the i386 architecture. It was already not
possible to use x86_32 hardware because the i386 packages already
shipped a 64-bit hypervisor and PV shim. Running 32-bit utils with a
64-bit hypervisor requires using a compatibility layer that is fragile and
becomes harder to maintain and test upstream. This change ends the 'grace
period' in which users should have moved to using a fully 64-bit dom0.
- debian/{control,rules,salsa-ci.yml,xen-utils-V.install.vsn-in}: make the
necessary changes
- Remove the Recommends on libc6-xen, which already actually does not
exist any more. (Closes: #992909)
- Drop patch "tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on
x86_32" because it is not relevant any more.
.
Changes related to upgrading to Xen 4.16:
* debian/control: adjust to 4.16 [Maximilian Engelhardt]
* Drop patches that have been applied upstream
* Refresh remaining patches if needed
* debian: follow upstream removal of '.sh' suffix in xl bash_completion file
[Maximilian Engelhardt]
* debian/control, debian/libxenstore*: ship a libxenstore4 package instead
of libxenstore3.0, since upstream bumped the soname
[Maximilian Engelhardt]
.
Packaging minor fixes and improvements [Maximilian Engelhardt]:
* debian/rules: set SOURCE_BASE_DIR to the top level build dir so that the
"Display Debian package version in hypervisor log" patch can use it.
* Add patch "xen/arch/x86: make objdump output user locale agnostic" to fix
reproducable builds. This patch will also be sent upstream.
* d/rules: remove reproducible=+fixfilepath from DEB_BUILD_MAINT_OPTIONS
* d/salsa-ci.yml: Explicitly set RELEASE variable to unstable
* d/salsa-ci.yml: disable cross building as it's currently not working
* debian: call update-grub when installing/removing xen-hypervisor-common
(Closes: #988901)
* debian: fix dependency generation for python after dh-python was fixed
first. (Closes: #976597)
* debian/rules: remove unused pybuild settings
.
Packaging minor fixes and improvements:
* Improve patches for building the PV shim separately. This enables to
drop the extra Revert of an upstream commit that was done in
4.14.0+80-gd101b417b7-1~exp1:
- Drop patch: Revert "pvshim: make PV shim build selectable from
configure"
- Update patch "[...] Respect caller's CONFIG_PV_SHIM" to follow moving
of a line to a different file
- Drop patch: "tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on
x86_64" because that's now already the default upstream
* debian/control.md5sum: remove this obsolete file
* Merge patches "vif-common: disable handle_iptable" and
"t/h/L/vif-common.sh: fix handle_iptable return value" into a single
patch, since the latter was a fix for the first.
* debian/control: change the Uploaders email address for Ian Jackson,
since he does not work at Citrix any more now
Checksums-Sha1:
f2d0ec91131ecff7291ac88a64597f5e7abf6972 4117 xen_4.16.0+51-g0941d6cb-1.dsc
5938109ceb039a0aaf253cce72da9f8ea0745dfd 4542340 xen_4.16.0+51-g0941d6cb.orig.tar.xz
ba751d44993de4aa49f5a59f2553b8fb506df8ad 128356 xen_4.16.0+51-g0941d6cb-1.debian.tar.xz
Checksums-Sha256:
34778578fcbfcbae2c47a6caf6385355af9251ebe978d852f6d88cfd7af4ed7f 4117 xen_4.16.0+51-g0941d6cb-1.dsc
55bb3071592684dacecf7ab89574bc68afa50faeb14382179dfbe567a3831cbe 4542340 xen_4.16.0+51-g0941d6cb.orig.tar.xz
4515137736057c0522aa20ce0822bc36c678213e0d31cad8344dd7919afdf077 128356 xen_4.16.0+51-g0941d6cb-1.debian.tar.xz
Files:
6a9d0424f430e916af82ff14b1f2bbd7 4117 admin optional xen_4.16.0+51-g0941d6cb-1.dsc
c401b5c8834939e63c63c118e69a3885 4542340 admin optional xen_4.16.0+51-g0941d6cb.orig.tar.xz
249a0f42c03ad5aeefb39699166a10ac 128356 admin optional xen_4.16.0+51-g0941d6cb-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmIRVBAACgkQssHfcmNh
X2xDfA/8Cld8sXQQfU4Dnv/10iOnsJ/gU0CZhQpD3+IIbqfaayul3ibiEm0hk+nX
dffepKSSEycme4tCCR1DPz7KVSc2LyrnHn2BJP5Fz2vVwiGbbAG9Q0VAXN64+8oN
tupORI4QWee4aC5wqien6hivWuhTNjHo2xQr14U4vMtAUNdNZxRIQ2z/B6tGwj94
m/0x5xPde1BdGeltnEzBENbZhBvJNMD1aRx787rZRXv4jKI2S25Mv5npO8JADPxf
nCGTljbZCcA8i6sk3C7oRB2ip4iVimYB0dR+0qqJi+9G+ZnfJbHYxISPvD5o4b4R
0LZQtp3XnfLjJMifW5eTJeMFR/hyogJZZa63ppgmFSDrprDSZhOvIkPVOF75HVUE
Dcb+kL31i7czJu5+DwXivckbWky2a3XzhhB+uNsRIqYNo36tT9jKJeN5pJPfBE7d
0UcnD7cWOyzZB/XExX0gaV7GGPY/B3uyTO9IN3YzjMRjGjuJZ+Vh4hClFBMxlz+m
06IsBahy0RQU9dPVpulf4HJrxlYYTSllrrO+1JCpyHUj4Z19DNE7bMg/0TPTFiW0
NA5TB4xwnxUrWaOr1YHaEcQIN2qZFJSG7ej8HrvMWfwkYCY4NROsIgpmT0rhGv8Z
/9zBPSby8GRxRu5K1VQc2KLeSwKT6qv/djP63Kq6qVwgTi6DvUg=
=ch60
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-xen-devel
mailing list