xen 4.16.0-1~ubuntu2 source package in Ubuntu

Changelog

xen (4.16.0-1~ubuntu2) jammy; urgency=medium

  * Merge Debian experimental/salsa, among many other changes this fixes
    booting kernels with zstd compression (LP: #1956166).
    Remaining changes:
    - Recommend qemu-system-x86-xen
  * Dropped changes:
    - Additional patches to handle compiling with gcc10 [in upstream]
    - Select python2 for xen-init-* scripts [Debian is on python3 now]
    - Enforce python2 usage [Debian is on python3 now]
      - Build-depend on python2-dev.
      - Build using python2.
      - Build-depend on lmodern.
    - Handle config file moving between packages [no more needed]
  * Note changes already dropped in 4.11.4+24-gddaaccbbab-1ubuntu2
    - Set python2 for xen-init-name and xen-init-list scripts
      [in Debian]
    - Force fcf-protection off when using -mindirect-branch
      [fixed upstream]
    - Update: Building hypervisor with cf-protection enabled
      [fixed upstream]
    - Strip .note.gnu.property section for intermediate files
      [no more needed with the groovy toolchain]
    - Add transitional packages for upgrades
      [no more needed post focal]

xen (4.16.0-1~exp1) experimental; urgency=medium

  Significant changes:
  * Update to new upstream version 4.16.0. This also includes a security fix
    for the following issue, which was not applicable to Xen 4.14 yet:
    - certain VT-d IOMMUs may not work in shared page table mode
      XSA-390 CVE-2021-28710
  * No longer build any package for the i386 architecture. It was already not
    possible to use x86_32 hardware because the i386 packages already
    shipped a 64-bit hypervisor and PV shim. Running 32-bit utils with a
    64-bit hypervisor requires using a compatibility layer that is fragile and
    becomes harder to maintain and test upstream. This change ends the 'grace
    period' in which users should have moved to using a fully 64-bit dom0.
    - debian/{control,rules,salsa-ci.yml,xen-utils-V.install.vsn-in}: make the
      necessary changes
    - Remove the Recommends on libc6-xen, which already actually does not
      exist any more. (Closes: #992909)
    - Drop patch "tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on
      x86_32" because it is not relevant any more.

  Changes related to upgrading to Xen 4.16:
  * debian/control: adjust to 4.16  [Maximilian Engelhardt]
  * Drop patches that have been applied upstream
  * Refresh remaining patches if needed
  * debian: follow upstream removal of '.sh' suffix in xl bash_completion file
    [Maximilian Engelhardt]
  * debian/control, debian/libxenstore*: ship a libxenstore4 package instead
    of libxenstore3.0, since upstream bumped the soname
    [Maximilian Engelhardt]

  Packaging minor fixes and improvements  [Maximilian Engelhardt]:
  * debian/rules: set SOURCE_BASE_DIR to the top level build dir so that the
    "Display Debian package version in hypervisor log" patch can use it.
  * Add patch "xen/arch/x86: make objdump output user locale agnostic" to fix
    reproducable builds. This patch will also be sent upstream.
  * d/rules: remove reproducible=+fixfilepath from DEB_BUILD_MAINT_OPTIONS
  * d/salsa-ci.yml: Explicitly set RELEASE variable to unstable
  * d/salsa-ci.yml: disable cross building as it's currently not working
  * debian: call update-grub when installing/removing xen-hypervisor-common
    (Closes: #988901)
  * debian: fix dependency generation for python after dh-python was fixed
    first. (Closes: #976597) Note that this packaging change can be safely
    reverted when building a backports package for Debian Bullseye.
  * debian/rules: remove unused pybuild settings

  Packaging minor fixes and improvements:
  * Improve patches for building the PV shim separately. This enables to
    drop the extra Revert of an upstream commit that was done in
    4.14.0+80-gd101b417b7-1~exp1:
    - Drop patch: Revert "pvshim: make PV shim build selectable from
      configure"
    - Update patch "[...] Respect caller's CONFIG_PV_SHIM" to follow moving
      of a line to a different file
    - Drop patch: "tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on
      x86_64" because that's now already the default upstream
  * debian/control.md5sum: remove this obsolete file
  * Merge patches "vif-common: disable handle_iptable" and
    "t/h/L/vif-common.sh: fix handle_iptable return value" into a single
    patch, since the latter was a fix for the first.
  * debian/control: change the Uploaders email address for Ian Jackson,
    since he does not work at Citrix any more now

xen (4.14.3+32-g9de3671772-1) unstable; urgency=medium

  * Update to new upstream version 4.14.3+32-g9de3671772, which also contains
    security fixes for the following issues:
    - guests may exceed their designated memory limit
      XSA-385 CVE-2021-28706
    - PCI devices with RMRRs not deassigned correctly
      XSA-386 CVE-2021-28702
    - PoD operations on misaligned GFNs
      XSA-388 CVE-2021-28704 CVE-2021-28707 CVE-2021-28708
    - issues with partially successful P2M updates on x86
      XSA-389 CVE-2021-28705 CVE-2021-28709
  * Note that the following XSA are not listed, because...
    - XSA-387 only applies to Xen 4.13 and older
    - XSA-390 only applies to Xen 4.15
  * Pick the following upstream commits to fix a regression which prevents
    amd64 type hardware to fully power off. The issue was introduced in
    version 4.14.0+88-g1d1d1f5391-1 after including upstream commits to
    improve Raspberry Pi 4 support. (Closes: #994899):
    - 8b6d55c126 ("x86/ACPI: fix mapping of FACS")
    - f390941a92 ("x86/DMI: fix table mapping when one lives above 1Mb")
    - 0f089bbf43 ("x86/ACPI: fix S3 wakeup vector mapping")
    - 16ca5b3f87 ("x86/ACPI: don't invalidate S5 data when S3 wakeup vector
                   cannot be determined")

xen (4.14.3-1) unstable; urgency=high

  * Update to new upstream version 4.14.3, which also contains security fixes
    for the following issues:
    - IOMMU page mapping issues on x86
      XSA-378 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696
    - grant table v2 status pages may remain accessible after de-allocation
      XSA-379 CVE-2021-28697
    - long running loops in grant table handling
      XSA-380 CVE-2021-28698
    - inadequate grant-v2 status frames array bounds check
      XSA-382 CVE-2021-28699
    - xen/arm: No memory limit for dom0less domUs
      XSA-383 CVE-2021-28700
    - Another race in XENMAPSPACE_grant_table handling
      XSA-384 CVE-2021-28701

xen (4.14.2+25-gb6a8c4f72d-2) unstable; urgency=medium

  * Add README.Debian.security containing a note about the end of upstream
    security support for Xen 4.14. Install it into xen-hypervisor-common.

xen (4.14.2+25-gb6a8c4f72d-1) unstable; urgency=medium

  * Update to new upstream version 4.14.2+25-gb6a8c4f72d, which also contains
    security fixes for the following issues:
    - HVM soft-reset crashes toolstack
      XSA-368 CVE-2021-28687
    - xen/arm: Boot modules are not scrubbed
      XSA-372 CVE-2021-28693
    - inappropriate x86 IOMMU timeout detection / handling
      XSA-373 CVE-2021-28692
    - Speculative Code Store Bypass
      XSA-375 CVE-2021-0089 CVE-2021-26313
    - x86: TSX Async Abort protections not restored after S3
      XSA-377 CVE-2021-28690
  * Note that the following XSA are not listed, because...
    - XSA-370 does not contain code changes.
    - XSA-365, XSA-367, XSA-369, XSA-371 and XSA-374 have patches for the
      Linux kernel.
    - XSA-366 only applies to Xen 4.11.

xen (4.14.1+11-gb0b734a8b3-1) unstable; urgency=medium

  * Update to new upstream version 4.14.1+11-gb0b734a8b3, which also contains
    security fixes for the following issues:
    - IRQ vector leak on x86
      XSA-360 CVE-2021-3308  (Closes: #981052)
    - arm: The cache may not be cleaned for newly allocated scrubbed pages
      XSA-364 CVE-2021-26933
  * Drop separate patches for XSAs up to 359 that are now included in the
    upstream stable branch.

  Packaging bugfixes and improvements [Elliott Mitchell]:
  * debian/rules: Set CC/LD to enable cross-building
  * d/shuffle-binaries: Fix binary shuffling script for cross-building
  * Rework "debian/rules: Do not try to move EFI binaries on armhf"
  * debian/scripts: Optimize runtime scripts
  * debian/xen-utils-common.examples: Remove xm examples
  * d/shuffle-boot-files: make it POSIX compliant  [Hans van Kranenburg, based
    on a patch by Elliott Mitchell]
  * d/shuffle-binaries: Switch loop from for to while
  * d/shuffle-binaries: Switch to POSIX shell, instead of Bash
  * d/shuffle-boot-files: Switch to POSIX shell, instead of Bash
  * debian/xendomains.init: Pipe xen-init-list instead of tmp file

  Make the package build reproducibly [Maximilian Engelhardt]:
  * debian/salsa-ci.yml: enable salsa-ci
  * debian/salsa-ci.yml: enable diffoscope in reprotest
  * debian/rules: use SOURCE_DATE_EPOCH for xen build dates
  * debian/rules: don't include build path in binaries
  * debian/rules: reproducibly build oxenstored
  * Pick the following upstream commits:
    - 5816d327e4 ("xen: don't have timestamp inserted in config.gz")
    - ee41b5c450 ("x86/EFI: don't insert timestamp when SOURCE_DATE_EPOCH is
                   defined")
    - e18dadc5b7 ("docs: use predictable ordering in generated documentation")
  * Include upstream patch that is not committed yet, but needed:
    - docs: set date to SOURCE_DATE_EPOCH if available
  * debian/salsa-ci.yml: don't allow reprotest to fail

  Packaging bugfixes and improvements:
  * d/shuffle-boot-files: Document more inner workings

xen (4.14.0+88-g1d1d1f5391-2) unstable; urgency=high

  * For now, revert "debian/rules: Set CC/LD to enable cross-building", since
    it causes an FTBFS on i386.

xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high

  * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains
    security fixes for the following issues:
    - stack corruption from XSA-346 change
      XSA-355 CVE-2020-29040 (Closes: #976109)
  * Apply security fixes for the following issues:
    - oxenstored: permissions not checked on root node
      XSA-353 CVE-2020-29479
    - xenstore watch notifications lacking permission checks
      XSA-115 CVE-2020-29480
    - Xenstore: new domains inheriting existing node permissions
      XSA-322 CVE-2020-29481
    - Xenstore: wrong path length check
      XSA-323 CVE-2020-29482
    - Xenstore: guests can crash xenstored via watchs
      XSA-324 CVE-2020-29484
    - Xenstore: guests can disturb domain cleanup
      XSA-325 CVE-2020-29483
    - oxenstored memory leak in reset_watches
      XSA-330 CVE-2020-29485
    - oxenstored: node ownership can be changed by unprivileged clients
      XSA-352 CVE-2020-29486
    - undue recursion in x86 HVM context switch code
      XSA-348 CVE-2020-29566
    - infinite loop when cleaning up IRQ vectors
      XSA-356 CVE-2020-29567
    - FIFO event channels control block related ordering
      XSA-358 CVE-2020-29570
    - FIFO event channels control structure ordering
      XSA-359 CVE-2020-29571
  * Note that the following XSA are not listed, because...
    - XSA-349 and XSA-350 have patches for the Linux kernel
    - XSA-354 has patches for the XAPI toolstack

  Packaging bugfixes and improvements:
  * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611)
  * Add missing CVE numbers to the previous changelog entries

  Packaging bugfixes and improvements [Elliott Mitchell]:
  * d/shuffle-binaries: Make error detection/message overt
  * d/shuffle-binaries: Add quoting for potentially changeable variables
  * d/shuffle-boot-files: Add lots of double-quotes when handling variables
  * debian/rules: Set CC/LD to enable cross-building
  * debian/xen.init: Load xen_acpi_processor on boot
  * d/shuffle-binaries: Remove useless extra argument being passed in

  Packaging bugfixes and improvements [Maximilian Engelhardt]:
  * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required
    (Closes: #862408)
  * d/xen-hypervisor-V-F.postrm: actually install script
  * d/xen-hypervisor-V.*: clean up unused files
  * d/xen-hypervisor-V.bug-control.vsn-in: actually install script
  * debian/rules: enable verbose build

  Fixes to patches for upstream code:
  * t/h/L/vif-common.sh: force handle_iptable return value to be 0
    (Closes: #955994)

  * Pick the following upstream commits to improve Raspberry Pi 4 support,
    requested by Elliott Mitchell:
    - 25849c8b16 ("xen/rpi4: implement watchdog-based reset")
    - 17d192e023 ("tools/python: Pass linker to Python build process")
    - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent")
    - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and
                   acpi_os_unmap_memory()")
    - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared
                   during failure/unmap")
    - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before
                   initializing Dom0less")
    - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it")
    - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro")
    - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug
                   trap")

  * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik.

xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium

  * Re-upload to unstable for rebuild.

xen (4.14.0+80-gd101b417b7-1~exp2) experimental; urgency=medium

  * Re-upload since apparently DMs aren't allowed NEW?

xen (4.14.0+80-gd101b417b7-1~exp1) experimental; urgency=medium

  * Update to new upstream version 4.14.0+80-gd101b417b7, which also contains
    security fixes for the following issues:
    - Information leak via power sidechannel
      XSA-351 CVE-2020-28368
    - x86 PV guest INVLPG-like flushes may leave stale TLB entries
      XSA-286 CVE-2020-27674
    - unsafe AMD IOMMU page table updates
      XSA-347 CVE-2020-27670
    - undue deferral of IOMMU TLB flushes
      XSA-346 CVE-2020-27671
    - x86: Race condition in Xen mapping code
      XSA-345 CVE-2020-27672
    - lack of preemption in evtchn_reset() / evtchn_destroy()
      XSA-344 CVE-2020-25601
    - races with evtchn_reset()
      XSA-343 CVE-2020-25599
    - out of bounds event channels available to 32-bit x86 domains
      XSA-342 CVE-2020-25600
    - Missing memory barriers when accessing/allocating an event channel
      XSA-340 CVE-2020-25603
    - x86 pv guest kernel DoS via SYSENTER
      XSA-339 CVE-2020-25596
    - once valid event channels may not turn invalid
      XSA-338 CVE-2020-25597
    - PCI passthrough code reading back hardware registers
      XSA-337 CVE-2020-25595
    - race when migrating timers between x86 HVM vCPU-s
      XSA-336 CVE-2020-25604
    - Missing unlock in XENMEM_acquire_resource error path
      XSA-334 CVE-2020-25598
    - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE
      XSA-333 CVE-2020-25602
  * Updating to the most recent upstream stable-4.14 branch also fixes
    additional compiling issues with gcc 10 that we were running into. These
    were: upstream commit 5d45ecabe3c0 ("xen/arm64: force gcc 10+ to always
    inline generic atomics helpers") to fix a FTBFS at mem_access.c and
    upstream commit 0dfddb2116e3 ("tools/xenpmd: Fix gcc10 snprintf warning")
    to fix a FTBFS on armhf. (Closes: #970802)
  * Drop upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2
    maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix
    -Werror=stringop-truncation in libxl__prepare_sockaddr_un") from our patch
    pile because these gcc 10 related fixes are in the upstream stable branch
    now.
  * Partially revert "debian/rules: Combine shared Make args" since it caused
    a FTBFS on i386.
  * Revert upstream commit a516bddbd3 ("tools/firmware/Makefile:
    CONFIG_PV_SHIM: enable only on x86_64") and cherry-pick our previous
    commits 0b898ccc2 ("tools/firmware/Makfile: Respect caller's
    CONFIG_PV_SHIM") and a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM:
    enable only on x86_64") again to work around a FTBFS where the shim would
    not be built during the i386 package build.
  * Now all FTBFS issues should be resolved, so we can do (Closes: #968965)

  Packaging minor fixes and improvements:
  * d/xen-utils-common.xen.init: Actually *really* include the change to
    disable oom killer for xenstored. It inadvertently got lost in
    4.14.0-1~exp1. (Closes: #961511)

  Lintian related fixes:
  * debian/changelog: fix a typo in the previous changelog entry

xen (4.14.0-1~exp1) experimental; urgency=medium

  Significant changes:
  * Update to new upstream version 4.14.0.
    (Closes: #866380) about removal of broken xen-bugtool
  * debian/{rules,control}: switch to python 3
    (Closes: #938843) about python 2 removal in bullseye
  * debian/control: Fix python dependency to use python3-dev:any and
    libpython3-dev  [Elliott Mitchell]

  Changes related to upgrading to Xen 4.14:
  * debian/control: adjust to 4.14
  * debian/rules: remove install commands for pkgconfig files, since those
    files are not present any more
  * debian/: Follow fsimage -> xenfsimage renaming
  * debian/xen-utils-V.*: Use @version@ instead of hardcoded version
  * debian/control: add flex, bison
  * debian/control: add libxenhypfs[1]  [Ian Jackson]
  * debian/libxenstore3.0.symbols: drop xprintf
    (Closes: #968965)  [Ian Jackson; also reported by Gianfranco Costamagna]
  * d/scripts/xen-init-name, d/scripts/xen-init-list: rewrite these two
    scripts, hugely simplify them and make them use python 3
  * Pick upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2
    maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix
    -Werror=stringop-truncation in libxl__prepare_sockaddr_un") to fix gcc 10
    FTBFS
  * tools: don't build/ship xenmon, it can't work with python 3

  Packaging minor fixes and improvements:
  * debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell
    (Closes: #939560)  [Ian Jackson; report from Guillem Jover]
  * debian/rules: Improve comment about hardening options
    (Closes: #939560)  [Ian Jackson; report from Guillem Jover]
  * debian/rules: Drop redundant sequence numbers in dh_installinit
    (Closes: #939560)  [Ian Jackson; report from Guillem Jover]
  * d/xen-utils-common.xen.init: add important notes to keep in mind when
    changing this script, related to multi-version handling
  * debian/control: cleanup Uploaders and add myself
  * debian/control: s/libncurses5-dev/libncurses-dev/
  * xen-utils-V scripts: remove update-alternatives command
  * xen-utils-V.postinst.vsn-in: whitespace cosmetics
  * d/xen-utils-common.xen.init: disable oom killer for xenstored
    (Closes: #961511)
  * debian/rules: Combine shared Make args  [Elliott Mitchell]

  Fixes and improvements for cross-compiling  [Elliott Mitchell]:
  * debian/rules: Add --host to tools configure target
  * Pick upstream commit 69953e285638 ('tools: Partially revert
    "Cross-compilation fixes."')

  Lintian related fixes:
  * debian/changelog: trim trailing whitespace.  [Debian Janitor]
  * debian/pycompat: remove obsolete file.  [Debian Janitor]
  * debian/rules: Avoid using $(PWD) variable.  [Debian Janitor]
  * debian/control: hardcode xen-utils-4.14 python3 dependency because
    dh_python can't figure out how to add it
  * debian/control: xen-doc: add ${misc:Depends}
  * d/xen-hypervisor-V-F.lintian-overrides.vsn-in: fix override to use the
    newer debug-suffix-not-dbg tag and correct the file path used so it
    matches again
  * debian/control: remove XS-Python-Version which is deprecated
  * debian/control: drop autotools-dev build dependency because debhelper
    already takes care of this
  * d/xen-utils-V.lintian-overrides.vsn-in: fix rpath override because the
    xenfsimage python .so filename changed from xenfsimage.so into
    xenfsimage.cpython-38-x86_64-linux-gnu.so now, make it match again
  * d/xen-utils-V.lintian-overrides.vsn-in: s/fsimage/xenfsimage/ which is a
    left over change from the rename in some comment lines
  * d/xen-utils-common.xen.init: use /run instead of /var/run because we don't
    expect anyone on a pre-stretch system to build and use these packages
  * debian/control: update Standards-Version to 4.5.0

xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium

  * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
    security fixes for the following issues:
    - inverted code paths in x86 dirty VRAM tracking
      XSA-319 CVE-2020-15563
    - Special Register Buffer speculative side channel
      XSA-320 CVE-2020-0543
      N.B: To mitigate this issue, new cpu microcode is required. The changes
      in Xen provide a workaround for affected hardware that is not receiving
      a vendor microcode update. Please refer to the upstream XSA-320 Advisory
      text for more details.
    - insufficient cache write-back under VT-d
      XSA-321 CVE-2020-15565
    - Missing alignment check in VCPUOP_register_vcpu_info
      XSA-327 CVE-2020-15564
    - non-atomic modification of live EPT PTE
      XSA-328 CVE-2020-15567

 -- Christian Ehrhardt <email address hidden>  Tue, 18 Jan 2022 11:00:29 +0100