User: [hidden email] Usertags: unblock
Please unblock package xen
This update includes three security fixes and a large number of other
When preparing this update I had to choose between either (i) taking
the upstream 4.8.1 stable point release and reverting any changes I
felt inappropriate, or (ii) cherry picking the commits I felt
Looking at the git log  I concluded that the majority of the
non-security fixes were clearly bugfixes. Many of those bugfixes are
for crashes or races.
I decided that the lower risk approach would be to start with all the
commits from upstream, and revert any that ought to be excluded. This
reduces the risk of dropping an important bugfix.
Reviewing the commit log in detail there were two commits for which
the justification for backporting seemed quite unclear to me:
"xen/arm: *: Relax hw domain mapping attributes" - two commits, one
for ACPI and one for DT; and "x86/ept: allow write-combining on
!mfn_valid() MMIO mappings again". I queried these with other
upstream developers and came to the conclusion that they ought to be
There are a number of other commits which are clear bugfixes, with a
low risk of regression, but also a low impact. I think it is probably
better to include these and ship Xen 4.8.1 in stretch, than to revert
 git-log-4.8.1-1.txt, attached.
I'm afraid the debdiff will be hard to read - not because the changes
interact so much, but because there are quite a lot of them.
In the debdiff you will see a change to Config.mk. That change has no
effect on the Debian package build and could be stripped out. I chose
not to do this because I felt that messing with things was more likely
to break things than to fix them (see above).
Thanks for your attention and I hope this approach meets with your