-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Feb 23, 2018 at 03:27:38PM -0700, Reg Tiangha wrote:
> I've noticed that Xen has updated the XSA-254 advisory with Spectre v2
> mitigations for Xen 4.6-4.10. I know we'd have to figure out how to
> backport Retpoline compatible compilers to these various build
> environments in order to get the full protection (Debian has backported
> that support to the gcc versions in jessie and stretch so that implies
> that at least the backported gcc patches are now available), but is
> there any chance that these Xen patches will be incorporated into the
> Qubes versions soon?
Simon, can you take a look at it? We'll probably need to put patched gcc
to linux-dom0-updates repository (if newer Fedora has patched gcc and
it's possible to build that src.rpm on older Fedora), or add separate
repository with patched gcc - then probably indeed based on patches from
> And a side question about qubes-builder: Does it build in a chroot?
> like to attempt to backport a build environment that has a
> retpoline-enabled version of gcc, and I'm wondering if I could just
> bypass qubes-builder entirely and run make rpms-dom0 in a build
> environment where I've manually upgraded the gcc version to be
> Retpoline-compatible in an FC23 or FC25 template like I do when I
> compile my own kernels.
In theory - yes. In practice, no one have tried that for a long time.
> Also: Are there any dangers in compiling the Xen rpms in an FC25
> template and then installing them in R3.2 dom0's FC23 environment?
For xen-hypervisor package it should be ok. And this is the only one
you should care about here.
For other packages, especially xen-libs and xen-runtime, resulting
binaries most likely will not work in older environment (linked
libraries versions etc).
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.