update patch for XPTI mitigation for XSA-254
add Branch Target Injection (BTI) mitigation for XSA-254
DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540]
(#1549568)
grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541]
(#1549570)
x86 PVH guest without LAPIC may DoS the host [XSA-256, CVE-2018-7542]
(#1549572)
further build fixes