[ubuntu/groovy-proposed] xen 4.11.4+24-gddaaccbbab-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Mon Aug 24 15:30:18 UTC 2020 

xen (4.11.4+24-gddaaccbbab-1ubuntu1) groovy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Enforce python2 usage
      - Build-depend on python2-dev.
      - Build using python2.
      - Build-depend on lmodern.
      - Set python2 for xen-init-name and xen-init-list scripts
    - Recommend qemu-system-x86-xen
    - Force fcf-protection off when using -mindirect-branch
    - Strip .note.gnu.property section for intermediate files
    - Add transitional packages for upgrades
    - Handle config file moving between packages
    - Update: Building hypervisor with cf-protection enabled

xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium

  * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
    security fixes for the following issues:
    - inverted code paths in x86 dirty VRAM tracking
      XSA-319 CVE-2020-15563
    - Special Register Buffer speculative side channel
      XSA-320 CVE-2020-0543
      N.B: To mitigate this issue, new cpu microcode is required. The changes
      in Xen provide a workaround for affected hardware that is not receiving
      a vendor microcode update. Please refer to the upstream XSA-320 Advisory
      text for more details.
    - insufficient cache write-back under VT-d
      XSA-321 CVE-2020-15565
    - Missing alignment check in VCPUOP_register_vcpu_info
      XSA-327 CVE-2020-15564
    - non-atomic modification of live EPT PTE
      XSA-328 CVE-2020-15567

xen (4.11.4-1) unstable; urgency=medium

  * Update to new upstream version 4.11.4, which also contains security fixes
    for the following issues:
    - arm: a CPU may speculate past the ERET instruction
      XSA-312 (no CVE yet)
    - multiple xenoprof issues
      XSA-313 CVE-2020-11740 CVE-2020-11741
    - Missing memory barriers in read-write unlock paths
      XSA-314 CVE-2020-11739
    - Bad error path in GNTTABOP_map_grant
      XSA-316 CVE-2020-11743
    - Bad continuation handling in GNTTABOP_copy
      XSA-318 CVE-2020-11742
  * xen-utils and xen-utils-common maint scripts: Replace the previous fix in
    the xen init script with a better fix in the xen-utils package instead, to
    prevent calling the init script stop action (resulting in a disappeared
    xenconsoled) when removing a xen-utils package that belongs to a previous
    (not currently runing) Xen version. Also prevent the xen-utils-common
    package from inadvertently calling stop and start actions because
    dh_installinit would add code for that. (Closes: #932759)
  * debian/NEWS: Mention fixing #932759 and how to deal with the bug

Date: Mon, 24 Aug 2020 17:25:22 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xen/4.11.4+24-gddaaccbbab-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 24 Aug 2020 17:25:22 +0200
Source: xen
Binary: xenstore-utils xen-utils-common xen-hypervisor-common xen-doc xen-utils-4.11 xen-hypervisor-4.11-amd64 xen-system-amd64 xen-hypervisor-4.11-arm64 xen-system-arm64 xen-hypervisor-4.11-armhf xen-system-armhf libxen-dev libxenmisc4.11 libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1 libxengnttab1 libxenstore3.0 libxentoolcore1 libxentoollog1 xen-hypervisor-4.9-amd64 xen-hypervisor-4.9-armhf xen-hypervisor-4.9-arm64
Architecture: source
Version: 4.11.4+24-gddaaccbbab-1ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 libxen-dev - Public headers and libs for Xen
 libxencall1 - Xen runtime library - libxencall
 libxendevicemodel1 - Xen runtime libraries - libxendevicemodel
 libxenevtchn1 - Xen runtime libraries - libxenevtchn
 libxenforeignmemory1 - Xen runtime libraries - libxenforeignmemory
 libxengnttab1 - Xen runtime libraries - libxengnttab
 libxenmisc4.11 - Xen runtime libraries - miscellaneous, versioned ABI
 libxenstore3.0 - Xen runtime libraries - libxenstore
 libxentoolcore1 - Xen runtime libraries - libxentoolcore
 libxentoollog1 - Xen runtime libraries - libxentoollog
 xen-doc    - XEN documentation
 xen-hypervisor-4.11-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.11-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.11-armhf - Xen Hypervisor on ARMHF
 xen-hypervisor-4.9-amd64 - Transitional package for upgrade
 xen-hypervisor-4.9-arm64 - Transitional package for upgrade
 xen-hypervisor-4.9-armhf - Transitional package for upgrade
 xen-hypervisor-common - Xen Hypervisor - common files
 xen-system-amd64 - Xen System on AMD64 (metapackage)
 xen-system-arm64 - Xen System on ARM64 (metapackage)
 xen-system-armhf - Xen System on ARMHF (metapackage)
 xen-utils-4.11 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Closes: 932759
Changes:
 xen (4.11.4+24-gddaaccbbab-1ubuntu1) groovy; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Enforce python2 usage
       - Build-depend on python2-dev.
       - Build using python2.
       - Build-depend on lmodern.
       - Set python2 for xen-init-name and xen-init-list scripts
     - Recommend qemu-system-x86-xen
     - Force fcf-protection off when using -mindirect-branch
     - Strip .note.gnu.property section for intermediate files
     - Add transitional packages for upgrades
     - Handle config file moving between packages
     - Update: Building hypervisor with cf-protection enabled
 .
 xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
     security fixes for the following issues:
     - inverted code paths in x86 dirty VRAM tracking
       XSA-319 CVE-2020-15563
     - Special Register Buffer speculative side channel
       XSA-320 CVE-2020-0543
       N.B: To mitigate this issue, new cpu microcode is required. The changes
       in Xen provide a workaround for affected hardware that is not receiving
       a vendor microcode update. Please refer to the upstream XSA-320 Advisory
       text for more details.
     - insufficient cache write-back under VT-d
       XSA-321 CVE-2020-15565
     - Missing alignment check in VCPUOP_register_vcpu_info
       XSA-327 CVE-2020-15564
     - non-atomic modification of live EPT PTE
       XSA-328 CVE-2020-15567
 .
 xen (4.11.4-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.11.4, which also contains security fixes
     for the following issues:
     - arm: a CPU may speculate past the ERET instruction
       XSA-312 (no CVE yet)
     - multiple xenoprof issues
       XSA-313 CVE-2020-11740 CVE-2020-11741
     - Missing memory barriers in read-write unlock paths
       XSA-314 CVE-2020-11739
     - Bad error path in GNTTABOP_map_grant
       XSA-316 CVE-2020-11743
     - Bad continuation handling in GNTTABOP_copy
       XSA-318 CVE-2020-11742
   * xen-utils and xen-utils-common maint scripts: Replace the previous fix in
     the xen init script with a better fix in the xen-utils package instead, to
     prevent calling the init script stop action (resulting in a disappeared
     xenconsoled) when removing a xen-utils package that belongs to a previous
     (not currently runing) Xen version. Also prevent the xen-utils-common
     package from inadvertently calling stop and start actions because
     dh_installinit would add code for that. (Closes: #932759)
   * debian/NEWS: Mention fixing #932759 and how to deal with the bug
Checksums-Sha1:
 9153e6308f76f560ab364ea3ea5b8715441803f8 4456 xen_4.11.4+24-gddaaccbbab-1ubuntu1.dsc
 ad24abf183893b429b27cbb28f49a906b4d571ff 4248964 xen_4.11.4+24-gddaaccbbab.orig.tar.xz
 2a871085c3772d9df54f6471b005652ce0f06478 148712 xen_4.11.4+24-gddaaccbbab-1ubuntu1.debian.tar.xz
 3c8207cb23473bf2b8d4a5a85db430066a19b2d2 9602 xen_4.11.4+24-gddaaccbbab-1ubuntu1_source.buildinfo
Checksums-Sha256:
 64f86f139e06e3a17ebf7b959e24c168b81ac06270228ecd94115279f6445653 4456 xen_4.11.4+24-gddaaccbbab-1ubuntu1.dsc
 9341af7e6509b16c6f5c1e400974a1fb6ec6d6d23b28c278e84ea17b4d3e3611 4248964 xen_4.11.4+24-gddaaccbbab.orig.tar.xz
 833f91844f3713856dcd5b7c78119fbad65c9818b92cecf3309f1c7d13f78131 148712 xen_4.11.4+24-gddaaccbbab-1ubuntu1.debian.tar.xz
 b40605380ec0deb67e76b8edf17fab0df6ec5991d4e3a03ff9a5d2994ba8b002 9602 xen_4.11.4+24-gddaaccbbab-1ubuntu1_source.buildinfo
Files:
 134422f8485a9dd2dd0fcb15fe2ed076 4456 admin optional xen_4.11.4+24-gddaaccbbab-1ubuntu1.dsc
 443157dfcb63eeef0486e68f6f81ea48 4248964 admin optional xen_4.11.4+24-gddaaccbbab.orig.tar.xz
 7a511a3705e1ae27487d37d2769c284a 148712 admin optional xen_4.11.4+24-gddaaccbbab-1ubuntu1.debian.tar.xz
 b1036ee1c76546516783f54f0d99f003 9602 admin optional xen_4.11.4+24-gddaaccbbab-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAl9D3O0ACgkQ808JdE6f
XdlO2w//Q8nanK83cDxAWPlx/x4dkeSWcrSw7WXTNGyXhPu2gyZB641LYpdpRp7v
Gkao1S/6PhETlHa2G8ka/hroz+uIHv4Ds88K5SJPUZORb4tIaE7EaOi4BXOf/DFG
ISGTtGo5PWnX2kZ28B5WgsGWRdZu8uoUpK4+XFZe/vu4/u7wJ/sf/O4kC6CJdpk9
7bOis/1YEWzDC8csRmQ9H0618dBZLG3qdVimSfp3teD0Lzw4rn8s/ikTHBqq///D
+FoaU8Zw3DyGp2gWNSftmMH4Jtm2gO9AyTEoOn4lBWwAy5lLJLdfZKgV8rXZhKUZ
pHdPp1yqSHhzNBjcivcaU1U8/1s6uBQ3ZW/DBc8rNv3hvN1q9hvQcFRUiFsc9bTs
OXq33trFdT5cM/PlEdbqC0W9aVEcsal/KAOB9HGMzNpLelb1kpBXPViXNh3Kec6+
2tXiEngxP9a0vTZXgUNfAdGosG8ioi6pK07Qd9XV4fwbEPj6n9+2yqnLUG6RITZm
1tW0ppfW3PFkGt9y91q6tZz10xH13O3CYAgX4E1d4PCANJUvHgGgj+K5bruylJni
R2IvS1Onmz/hWfCD5wlCqZ0O/tHNgGZtkemNWrJ8osQkHIUdkWMfdzdXDbbABTAs
yqgyLDv1ZR2JogNUlpohydyMxyetA4hApeaHL0KsXKFd7PIIKdI=
=ZTHB
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list