This bug was fixed in the package xen - 4.16.0-1~ubuntu2 --------------- xen (4.16.0-1~ubuntu2) jammy; urgency=medium * Merge Debian experimental/salsa, among many other changes this fixes booting kernels with zstd compression (LP: #1956166). Remaining changes: - Recommend qemu-system-x86-xen * Dropped changes: - Additional patches to handle compiling with gcc10 [in upstream] - Select python2 for xen-init-* scripts [Debian is on python3 now] - Enforce python2 usage [Debian is on python3 now] - Build-depend on python2-dev. - Build using python2. - Build-depend on lmodern. - Handle config file moving between packages [no more needed] * Note changes already dropped in 4.11.4+24-gddaaccbbab-1ubuntu2 - Set python2 for xen-init-name and xen-init-list scripts [in Debian] - Force fcf-protection off when using -mindirect-branch [fixed upstream] - Update: Building hypervisor with cf-protection enabled [fixed upstream] - Strip .note.gnu.property section for intermediate files [no more needed with the groovy toolchain] - Add transitional packages for upgrades [no more needed post focal] xen (4.16.0-1~exp1) experimental; urgency=medium Significant changes: * Update to new upstream version 4.16.0. This also includes a security fix for the following issue, which was not applicable to Xen 4.14 yet: - certain VT-d IOMMUs may not work in shared page table mode XSA-390 CVE-2021-28710 * No longer build any package for the i386 architecture. It was already not possible to use x86_32 hardware because the i386 packages already shipped a 64-bit hypervisor and PV shim. Running 32-bit utils with a 64-bit hypervisor requires using a compatibility layer that is fragile and becomes harder to maintain and test upstream. This change ends the 'grace period' in which users should have moved to using a fully 64-bit dom0. - debian/{control,rules,salsa-ci.yml,xen-utils-V.install.vsn-in}: make the necessary changes - Remove the Recommends on libc6-xen, which already actually does not exist any more. (Closes: #992909) - Drop patch "tools/tests/x86_emulator: Pass -no-pie -fno-pic to gcc on x86_32" because it is not relevant any more. Changes related to upgrading to Xen 4.16: * debian/control: adjust to 4.16 [Maximilian Engelhardt] * Drop patches that have been applied upstream * Refresh remaining patches if needed * debian: follow upstream removal of '.sh' suffix in xl bash_completion file [Maximilian Engelhardt] * debian/control, debian/libxenstore*: ship a libxenstore4 package instead of libxenstore3.0, since upstream bumped the soname [Maximilian Engelhardt] Packaging minor fixes and improvements [Maximilian Engelhardt]: * debian/rules: set SOURCE_BASE_DIR to the top level build dir so that the "Display Debian package version in hypervisor log" patch can use it. * Add patch "xen/arch/x86: make objdump output user locale agnostic" to fix reproducable builds. This patch will also be sent upstream. * d/rules: remove reproducible=+fixfilepath from DEB_BUILD_MAINT_OPTIONS * d/salsa-ci.yml: Explicitly set RELEASE variable to unstable * d/salsa-ci.yml: disable cross building as it's currently not working * debian: call update-grub when installing/removing xen-hypervisor-common (Closes: #988901) * debian: fix dependency generation for python after dh-python was fixed first. (Closes: #976597) Note that this packaging change can be safely reverted when building a backports package for Debian Bullseye. * debian/rules: remove unused pybuild settings Packaging minor fixes and improvements: * Improve patches for building the PV shim separately. This enables to drop the extra Revert of an upstream commit that was done in 4.14.0+80-gd101b417b7-1~exp1: - Drop patch: Revert "pvshim: make PV shim build selectable from configure" - Update patch "[...] Respect caller's CONFIG_PV_SHIM" to follow moving of a line to a different file - Drop patch: "tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64" because that's now already the default upstream * debian/control.md5sum: remove this obsolete file * Merge patches "vif-common: disable handle_iptable" and "t/h/L/vif-common.sh: fix handle_iptable return value" into a single patch, since the latter was a fix for the first. * debian/control: change the Uploaders email address for Ian Jackson, since he does not work at Citrix any more now xen (4.14.3+32-g9de3671772-1) unstable; urgency=medium * Update to new upstream version 4.14.3+32-g9de3671772, which also contains security fixes for the following issues: - guests may exceed their designated memory limit XSA-385 CVE-2021-28706 - PCI devices with RMRRs not deassigned correctly XSA-386 CVE-2021-28702 - PoD operations on misaligned GFNs XSA-388 CVE-2021-28704 CVE-2021-28707 CVE-2021-28708 - issues with partially successful P2M updates on x86 XSA-389 CVE-2021-28705 CVE-2021-28709 * Note that the following XSA are not listed, because... - XSA-387 only applies to Xen 4.13 and older - XSA-390 only applies to Xen 4.15 * Pick the following upstream commits to fix a regression which prevents amd64 type hardware to fully power off. The issue was introduced in version 4.14.0+88-g1d1d1f5391-1 after including upstream commits to improve Raspberry Pi 4 support. (Closes: #994899): - 8b6d55c126 ("x86/ACPI: fix mapping of FACS") - f390941a92 ("x86/DMI: fix table mapping when one lives above 1Mb") - 0f089bbf43 ("x86/ACPI: fix S3 wakeup vector mapping") - 16ca5b3f87 ("x86/ACPI: don't invalidate S5 data when S3 wakeup vector cannot be determined") xen (4.14.3-1) unstable; urgency=high * Update to new upstream version 4.14.3, which also contains security fixes for the following issues: - IOMMU page mapping issues on x86 XSA-378 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 - grant table v2 status pages may remain accessible after de-allocation XSA-379 CVE-2021-28697 - long running loops in grant table handling XSA-380 CVE-2021-28698 - inadequate grant-v2 status frames array bounds check XSA-382 CVE-2021-28699 - xen/arm: No memory limit for dom0less domUs XSA-383 CVE-2021-28700 - Another race in XENMAPSPACE_grant_table handling XSA-384 CVE-2021-28701 xen (4.14.2+25-gb6a8c4f72d-2) unstable; urgency=medium * Add README.Debian.security containing a note about the end of upstream security support for Xen 4.14. Install it into xen-hypervisor-common. xen (4.14.2+25-gb6a8c4f72d-1) unstable; urgency=medium * Update to new upstream version 4.14.2+25-gb6a8c4f72d, which also contains security fixes for the following issues: - HVM soft-reset crashes toolstack XSA-368 CVE-2021-28687 - xen/arm: Boot modules are not scrubbed XSA-372 CVE-2021-28693 - inappropriate x86 IOMMU timeout detection / handling XSA-373 CVE-2021-28692 - Speculative Code Store Bypass XSA-375 CVE-2021-0089 CVE-2021-26313 - x86: TSX Async Abort protections not restored after S3 XSA-377 CVE-2021-28690 * Note that the following XSA are not listed, because... - XSA-370 does not contain code changes. - XSA-365, XSA-367, XSA-369, XSA-371 and XSA-374 have patches for the Linux kernel. - XSA-366 only applies to Xen 4.11. xen (4.14.1+11-gb0b734a8b3-1) unstable; urgency=medium * Update to new upstream version 4.14.1+11-gb0b734a8b3, which also contains security fixes for the following issues: - IRQ vector leak on x86 XSA-360 CVE-2021-3308 (Closes: #981052) - arm: The cache may not be cleaned for newly allocated scrubbed pages XSA-364 CVE-2021-26933 * Drop separate patches for XSAs up to 359 that are now included in the upstream stable branch. Packaging bugfixes and improvements [Elliott Mitchell]: * debian/rules: Set CC/LD to enable cross-building * d/shuffle-binaries: Fix binary shuffling script for cross-building * Rework "debian/rules: Do not try to move EFI binaries on armhf" * debian/scripts: Optimize runtime scripts * debian/xen-utils-common.examples: Remove xm examples * d/shuffle-boot-files: make it POSIX compliant [Hans van Kranenburg, based on a patch by Elliott Mitchell] * d/shuffle-binaries: Switch loop from for to while * d/shuffle-binaries: Switch to POSIX shell, instead of Bash * d/shuffle-boot-files: Switch to POSIX shell, instead of Bash * debian/xendomains.init: Pipe xen-init-list instead of tmp file Make the package build reproducibly [Maximilian Engelhardt]: * debian/salsa-ci.yml: enable salsa-ci * debian/salsa-ci.yml: enable diffoscope in reprotest * debian/rules: use SOURCE_DATE_EPOCH for xen build dates * debian/rules: don't include build path in binaries * debian/rules: reproducibly build oxenstored * Pick the following upstream commits: - 5816d327e4 ("xen: don't have timestamp inserted in config.gz") - ee41b5c450 ("x86/EFI: don't insert timestamp when SOURCE_DATE_EPOCH is defined") - e18dadc5b7 ("docs: use predictable ordering in generated documentation") * Include upstream patch that is not committed yet, but needed: - docs: set date to SOURCE_DATE_EPOCH if available * debian/salsa-ci.yml: don't allow reprotest to fail Packaging bugfixes and improvements: * d/shuffle-boot-files: Document more inner workings xen (4.14.0+88-g1d1d1f5391-2) unstable; urgency=high * For now, revert "debian/rules: Set CC/LD to enable cross-building", since it causes an FTBFS on i386. xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high * Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains security fixes for the following issues: - stack corruption from XSA-346 change XSA-355 CVE-2020-29040 (Closes: #976109) * Apply security fixes for the following issues: - oxenstored: permissions not checked on root node XSA-353 CVE-2020-29479 - xenstore watch notifications lacking permission checks XSA-115 CVE-2020-29480 - Xenstore: new domains inheriting existing node permissions XSA-322 CVE-2020-29481 - Xenstore: wrong path length check XSA-323 CVE-2020-29482 - Xenstore: guests can crash xenstored via watchs XSA-324 CVE-2020-29484 - Xenstore: guests can disturb domain cleanup XSA-325 CVE-2020-29483 - oxenstored memory leak in reset_watches XSA-330 CVE-2020-29485 - oxenstored: node ownership can be changed by unprivileged clients XSA-352 CVE-2020-29486 - undue recursion in x86 HVM context switch code XSA-348 CVE-2020-29566 - infinite loop when cleaning up IRQ vectors XSA-356 CVE-2020-29567 - FIFO event channels control block related ordering XSA-358 CVE-2020-29570 - FIFO event channels control structure ordering XSA-359 CVE-2020-29571 * Note that the following XSA are not listed, because... - XSA-349 and XSA-350 have patches for the Linux kernel - XSA-354 has patches for the XAPI toolstack Packaging bugfixes and improvements: * d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611) * Add missing CVE numbers to the previous changelog entries Packaging bugfixes and improvements [Elliott Mitchell]: * d/shuffle-binaries: Make error detection/message overt * d/shuffle-binaries: Add quoting for potentially changeable variables * d/shuffle-boot-files: Add lots of double-quotes when handling variables * debian/rules: Set CC/LD to enable cross-building * debian/xen.init: Load xen_acpi_processor on boot * d/shuffle-binaries: Remove useless extra argument being passed in Packaging bugfixes and improvements [Maximilian Engelhardt]: * d/xen-hypervisor-V-F.postinst.vsn-in: use reboot-required (Closes: #862408) * d/xen-hypervisor-V-F.postrm: actually install script * d/xen-hypervisor-V.*: clean up unused files * d/xen-hypervisor-V.bug-control.vsn-in: actually install script * debian/rules: enable verbose build Fixes to patches for upstream code: * t/h/L/vif-common.sh: force handle_iptable return value to be 0 (Closes: #955994) * Pick the following upstream commits to improve Raspberry Pi 4 support, requested by Elliott Mitchell: - 25849c8b16 ("xen/rpi4: implement watchdog-based reset") - 17d192e023 ("tools/python: Pass linker to Python build process") - 861f0c1109 ("xen/arm: acpi: Don't fail if SPCR table is absent") - 1c4aa69ca1 ("xen/acpi: Rework acpi_os_map_memory() and acpi_os_unmap_memory()") - 4d625ff3c3 ("xen/arm: acpi: The fixmap area should always be cleared during failure/unmap") - dac867bf9a ("xen/arm: Check if the platform is not using ACPI before initializing Dom0less") - 9c2bc0f24b ("xen/arm: Introduce fw_unreserved_regions() and use it") - 7056f2f89f ("xen/arm: acpi: add BAD_MADT_GICC_ENTRY() macro") - 957708c2d1 ("xen/arm: traps: Don't panic when receiving an unknown debug trap") * Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik. xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium * Re-upload to unstable for rebuild. xen (4.14.0+80-gd101b417b7-1~exp2) experimental; urgency=medium * Re-upload since apparently DMs aren't allowed NEW? xen (4.14.0+80-gd101b417b7-1~exp1) experimental; urgency=medium * Update to new upstream version 4.14.0+80-gd101b417b7, which also contains security fixes for the following issues: - Information leak via power sidechannel XSA-351 CVE-2020-28368 - x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 CVE-2020-27674 - unsafe AMD IOMMU page table updates XSA-347 CVE-2020-27670 - undue deferral of IOMMU TLB flushes XSA-346 CVE-2020-27671 - x86: Race condition in Xen mapping code XSA-345 CVE-2020-27672 - lack of preemption in evtchn_reset() / evtchn_destroy() XSA-344 CVE-2020-25601 - races with evtchn_reset() XSA-343 CVE-2020-25599 - out of bounds event channels available to 32-bit x86 domains XSA-342 CVE-2020-25600 - Missing memory barriers when accessing/allocating an event channel XSA-340 CVE-2020-25603 - x86 pv guest kernel DoS via SYSENTER XSA-339 CVE-2020-25596 - once valid event channels may not turn invalid XSA-338 CVE-2020-25597 - PCI passthrough code reading back hardware registers XSA-337 CVE-2020-25595 - race when migrating timers between x86 HVM vCPU-s XSA-336 CVE-2020-25604 - Missing unlock in XENMEM_acquire_resource error path XSA-334 CVE-2020-25598 - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE XSA-333 CVE-2020-25602 * Updating to the most recent upstream stable-4.14 branch also fixes additional compiling issues with gcc 10 that we were running into. These were: upstream commit 5d45ecabe3c0 ("xen/arm64: force gcc 10+ to always inline generic atomics helpers") to fix a FTBFS at mem_access.c and upstream commit 0dfddb2116e3 ("tools/xenpmd: Fix gcc10 snprintf warning") to fix a FTBFS on armhf. (Closes: #970802) * Drop upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2 maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un") from our patch pile because these gcc 10 related fixes are in the upstream stable branch now. * Partially revert "debian/rules: Combine shared Make args" since it caused a FTBFS on i386. * Revert upstream commit a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64") and cherry-pick our previous commits 0b898ccc2 ("tools/firmware/Makfile: Respect caller's CONFIG_PV_SHIM") and a516bddbd3 ("tools/firmware/Makefile: CONFIG_PV_SHIM: enable only on x86_64") again to work around a FTBFS where the shim would not be built during the i386 package build. * Now all FTBFS issues should be resolved, so we can do (Closes: #968965) Packaging minor fixes and improvements: * d/xen-utils-common.xen.init: Actually *really* include the change to disable oom killer for xenstored. It inadvertently got lost in 4.14.0-1~exp1. (Closes: #961511) Lintian related fixes: * debian/changelog: fix a typo in the previous changelog entry xen (4.14.0-1~exp1) experimental; urgency=medium Significant changes: * Update to new upstream version 4.14.0. (Closes: #866380) about removal of broken xen-bugtool * debian/{rules,control}: switch to python 3 (Closes: #938843) about python 2 removal in bullseye * debian/control: Fix python dependency to use python3-dev:any and libpython3-dev [Elliott Mitchell] Changes related to upgrading to Xen 4.14: * debian/control: adjust to 4.14 * debian/rules: remove install commands for pkgconfig files, since those files are not present any more * debian/: Follow fsimage -> xenfsimage renaming * debian/xen-utils-V.*: Use @version@ instead of hardcoded version * debian/control: add flex, bison * debian/control: add libxenhypfs[1] [Ian Jackson] * debian/libxenstore3.0.symbols: drop xprintf (Closes: #968965) [Ian Jackson; also reported by Gianfranco Costamagna] * d/scripts/xen-init-name, d/scripts/xen-init-list: rewrite these two scripts, hugely simplify them and make them use python 3 * Pick upstream commits d25cc3ec93eb ("libxl: workaround gcc 10.2 maybe-uninitialized warning") and fff1b7f50e75 ("libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un") to fix gcc 10 FTBFS * tools: don't build/ship xenmon, it can't work with python 3 Packaging minor fixes and improvements: * debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell (Closes: #939560) [Ian Jackson; report from Guillem Jover] * debian/rules: Improve comment about hardening options (Closes: #939560) [Ian Jackson; report from Guillem Jover] * debian/rules: Drop redundant sequence numbers in dh_installinit (Closes: #939560) [Ian Jackson; report from Guillem Jover] * d/xen-utils-common.xen.init: add important notes to keep in mind when changing this script, related to multi-version handling * debian/control: cleanup Uploaders and add myself * debian/control: s/libncurses5-dev/libncurses-dev/ * xen-utils-V scripts: remove update-alternatives command * xen-utils-V.postinst.vsn-in: whitespace cosmetics * d/xen-utils-common.xen.init: disable oom killer for xenstored (Closes: #961511) * debian/rules: Combine shared Make args [Elliott Mitchell] Fixes and improvements for cross-compiling [Elliott Mitchell]: * debian/rules: Add --host to tools configure target * Pick upstream commit 69953e285638 ('tools: Partially revert "Cross-compilation fixes."') Lintian related fixes: * debian/changelog: trim trailing whitespace. [Debian Janitor] * debian/pycompat: remove obsolete file. [Debian Janitor] * debian/rules: Avoid using $(PWD) variable. [Debian Janitor] * debian/control: hardcode xen-utils-4.14 python3 dependency because dh_python can't figure out how to add it * debian/control: xen-doc: add ${misc:Depends} * d/xen-hypervisor-V-F.lintian-overrides.vsn-in: fix override to use the newer debug-suffix-not-dbg tag and correct the file path used so it matches again * debian/control: remove XS-Python-Version which is deprecated * debian/control: drop autotools-dev build dependency because debhelper already takes care of this * d/xen-utils-V.lintian-overrides.vsn-in: fix rpath override because the xenfsimage python .so filename changed from xenfsimage.so into xenfsimage.cpython-38-x86_64-linux-gnu.so now, make it match again * d/xen-utils-V.lintian-overrides.vsn-in: s/fsimage/xenfsimage/ which is a left over change from the rename in some comment lines * d/xen-utils-common.xen.init: use /run instead of /var/run because we don't expect anyone on a pre-stretch system to build and use these packages * debian/control: update Standards-Version to 4.5.0 xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains security fixes for the following issues: - inverted code paths in x86 dirty VRAM tracking XSA-319 CVE-2020-15563 - Special Register Buffer speculative side channel XSA-320 CVE-2020-0543 N.B: To mitigate this issue, new cpu microcode is required. The changes in Xen provide a workaround for affected hardware that is not receiving a vendor microcode update. Please refer to the upstream XSA-320 Advisory text for more details. - insufficient cache write-back under VT-d XSA-321 CVE-2020-15565 - Missing alignment check in VCPUOP_register_vcpu_info XSA-327 CVE-2020-15564 - non-atomic modification of live EPT PTE XSA-328 CVE-2020-15567 -- Christian Ehrhardt