Sync with portage [Fri Feb 21 11:37:27 MSK 2014].

app-admin/eselect-php/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/eselect-php
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/eselect-php/ChangeLog,v 1.64 2014/02/17 21:07:42 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/eselect-php/ChangeLog,v 1.66 2014/02/20 14:05:11 ago Exp $
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> eselect-php-0.7.1-r3.ebuild:
+  Stable for ppc, wrt bug #501312
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> eselect-php-0.7.1-r3.ebuild:
+  Stable for ppc64, wrt bug #501312
 
   17 Feb 2014; Agostino Sarubbo <ago@gentoo.org> eselect-php-0.7.1-r3.ebuild:
   Stable for arm, wrt bug #501312

app-admin/eselect-php/Manifest

@@ -12,24 +12,24 @@ DIST eselect-php-0.7.1.bz2 2251 SHA256 10aa400e2d08bc71989366993f12ddb546a0ea29f
 EBUILD eselect-php-0.6.2.ebuild 667 SHA256 72faed5e958e25f61ef1c082caf856a66588148641c1b268159e24f6ce425775 SHA512 0f69db4bfdd348c8fd98c6ca64549e0c0d07e673ba260daf9941fa058f2aa9d5038f87cefd9e1a282cf5f74ab2dfa15a9ff3d5ebf97c72c23790675e357f1bb0 WHIRLPOOL 0be89d938bd52b19b4ee1022c437f46d21e3fc8d429814fe2019ff160131ea239f3aec29a4b98ce5a5af2c3f8f0144f3604b7f3ecd16e681daf0226406c764bc
 EBUILD eselect-php-0.7.1-r1.ebuild 1391 SHA256 536bbf3c7b9cba046a831e04c8c283d15a6c47477018ed6f78cb1146990be2c7 SHA512 666c40700118862764dab19806b6b1814dd4ca5a0d36da900470b282e38afe33579fe34cac6447d2d4b8f405de7ee69da059dd20e6f591603d4a611fea35737c WHIRLPOOL 5901ab349cea93f697cc4bd9365ae9592f081fc5c192dffd8f31bfb2fd1dcb0fa252134512b6183555d3b278c6ea557a73baa372d39f2d2fdcf7e84c61fed862
 EBUILD eselect-php-0.7.1-r2.ebuild 1394 SHA256 7c4e4e6065cc8d8b3303f17712a403b92a5818b2ecae91109a5eaa0665b930d7 SHA512 1507a752d475149199ed10e0b0b0544f3d2e4d3ef0e033095bdf85a2aa4b3a864c320e5db29cd576f5a3f2d9ca40784cf2c4923fed9a1cd37bc7a1f83b7adf82 WHIRLPOOL e76dd9f1382322bfc35072e8dc82382d38b92658e0018bb2db0f63730782f7f05a98e506fb80bc08e63f430db0a1a863436d8f610a026c0c95e2fb095a9810ec
-EBUILD eselect-php-0.7.1-r3.ebuild 1312 SHA256 14696e758ba36b4b116ad887fbd671a808537f3688193b4c964fba4546fc4c5a SHA512 f082a9138b624d8f7da36af711b84ec9c6dc660c7bda99f4ea4d32ce0707e06636fbf28afcba7cfec5dcff06ba579769c0b561f693341e80703ac3b246f27e34 WHIRLPOOL 0ce993f45e02c8475f62987f4e89ecd360992948c370326e10f01ebdfc549f2c552c3216a4667584ea3ca452894b4d122d100eb447e2e6da2ebfef08be0a70b1
+EBUILD eselect-php-0.7.1-r3.ebuild 1310 SHA256 5bdd8f6e1a32b1e30fefa7cd445606ad2a678b7dbf5b2a82fcb0f011a49ffbcb SHA512 6483a7be627662d52d372808c4c5e322d93fb62d40d08c6b914adfe44d466d93ec19e317ad9334bab489ddec9bc1ae4981255176471ad5c9c115571d3d99e223 WHIRLPOOL 510f69b1176adc60ebdd5cee4e4d31cece1317c5d4d6774a3c6df7a9a7808d98c87cdd2c03e79a83516e0ee714595e862e0c10f363eb4cebd38faf4b41931091
 EBUILD eselect-php-0.7.1.ebuild 1183 SHA256 29e25cce35f65ff2d46e31824a14c9c3557e0930d19750bfa5b7df412bab334f SHA512 a4ac1a6a718612404a14d98b4f3b8d31e8177e2906e5f2936f548559a4962254c0ef71e2407d307d47383fb94e33c2ab0b99d3f686d6f989f75101c9b21d049a WHIRLPOOL 801e25f0987e12f793553676cdc9a81026a670aad8c7e17a17006c91152b306ecf7e0e84eea47c3e7c3cac596f0637e46758459688c2deea872a159420d01fbe
-MISC ChangeLog 7486 SHA256 7d67be81afb38857c957e97bee4457dc3a8ec3c870577e85a15c4e1a5f7d0c4c SHA512 01349da2d1f02421b9af81b2c239c714ee2660a2af7b6d96aa94d210eabc687933df1ad1f59e0a47925bac27654b199c95300edadb0b94d656933566540fc3e7 WHIRLPOOL b887b41d7a9e51c1581298a79c4395f157144b5939b2af95c50d415786e6f2f8a1232edf37f22488e4b8d0364ba8d1d87f159bfd6fdfe7e4243627fea37d7872
+MISC ChangeLog 7714 SHA256 c5f2f2bc827fa1084a45aebf560be492d47685f427d629a7b3347d1c9a62d470 SHA512 a94fc15a6865fd1a370679632f6e31d1ab6c2d3dd3c540c94298565feec524e22e17c30b6a2a07854a22f43449c55380f1ebeb3869ab1286d74a0f7f4fc798cb WHIRLPOOL bc568c129911d7dc985764dde0397b8946a9606449471a59bedf8d52346debb77c86289764062c87064ae01f7aa0aafcf847052c8b9c4269964b75aa915f80f1
 MISC metadata.xml 306 SHA256 007582443454394a0817ca5100a5bf091e027ddcc8d2639b8666fd264166e201 SHA512 661dd3eaea921697e52084355592a93158c63ca15bbb43c35ea62df8f864c5edee04d521f63d4b9a831ee82ff616203096bc9e50834a0f2550895c3cfcc770a3 WHIRLPOOL 5111e517b0c290c2294858d5391ff775825a045242b582f732b80b7434f9ee56630a84e6e97e978810dca268b5a4a62ccef582003276db4f21181a269fc8f777
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTAnofAAoJELp701BxlEWf1egP/RijEKOQIDajQ3/dufZbofJG
-dJ+IUOIb0yQqakVUTiazb8+xau3ZpIlcXle+CKy71ORyAe0kpENYhdGELSVLkbUP
-4zaZ+nlcKBkknjz/kNci1ciidjtWbrHJ4C4rWfN3sPvHgk+5iH5qVHA/S2J7u/72
-+hk9rJnb+pk1EHjo1sMTlXowvX+JOMhbGyJjhbcTZqJ5WuTT0ALTYi2qDuezc7dy
-hX8x1UbJhf6V97a6/qswLdjuWfTQvftVyFd9egPbR3qHxalYSvm+F4hPvlOvqozN
-OCCUQlEs2wmtxExshgXkU6WrhNEM7IiDNMySuU7A66IZFPHVhaefN7FnWENN/bdF
-IbxSttl8nqB6zM9Sx9n87iR/Pr8EelJ1SYKT/WoL+j3kIf8uBvkzAZn9gq56xeyD
-FJJC6AZ/QyypZ6nfB3KpgPy31TkTaRGlAbc4YLPd7qgg9rPWJI3ulhl6WWrBMMis
-tBJ5s/8YQqAXKLWgEH+U/yXON68PwScrpZYi6dwgVb26C4RD3y6EWQzUnnm83D1P
-j6BawfNVZV4W4DI9txxWhJ1f2Nrhb8QGr6SZNecDjJItw2I8RZXYQ4t4f4Ve+TdR
-ZuvZWTpex+V+PgjZazU/I5fUiF+OzZbsjQUH/o2Q3AJYoh0lrEg3eO9/ckyU8J5q
-SXuhwQIGnNWSLnZ0u5al
-=Z90m
+iQIcBAEBCAAGBQJTBguYAAoJELp701BxlEWf9msQALsonwBqjNxAd3n7MCpFfccd
+R2hENhKPBB+mEMBn13bNac1K3kujfblPEENZUVLMwzJJaUDyuf1UN5iVOSQtKuZ4
+0I1PgRRmMDj81za8NVgE6yN+lLkY0wzorLOP+kXxaYJf3jvd02AcCxf8HudD2lw2
+ES5nL7Ng5HjZya2QrmsQtH7bCo1yDnJSyxdoe5k2ufXouCiFuGYDKYQL+vXIiNzK
+BkhfpWpOrBGEhlS1OCPn/rFYMiduYmsjUyVMXDi3vJrRv2rzDThmuOV+A6DocVAx
+5CsQiWpA2TDbA8Lg2NYilHVa7w14H3HvI3FK1DPReyOTGh9QgGN5bWNAOPOUqGgE
+h7W2j/NMbOFZYk92W5HwJhXyJUdcV+U186aO3wKTa91/Xespso+bgWXIKNFq3ys5
+Fzw2DqqwHMHjJatXAMbiymOuJDMcn5hMQ/Le9pgtTA/0+oXYMMDO/E/BdHDwd5UY
+8Fj8MiZ9A23pXv+ZaVJIfRGHdqg4mYjb2/9h83Y8c/YEj7uE3jX9kkeqDxf5qMbz
+NrqILvto+TOE6aKpB7VrqP9eiR7aDoVV6U6Orwm8O/Fm9HjxZ2sEt/otYzXrzff1
+sfsjczAmqWeVBnprJYyIPFEQOc5HOSiYVxa1RC0KsS79IO4RTBRZfWpcPG1YMbEI
+1h1ireFjRG5Cmv92REoq
+=O9bS
 -----END PGP SIGNATURE-----

app-admin/eselect-php/eselect-php-0.7.1-r3.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/eselect-php/eselect-php-0.7.1-r3.ebuild,v 1.7 2014/02/17 21:07:42 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/eselect-php/eselect-php-0.7.1-r3.ebuild,v 1.9 2014/02/20 14:05:11 ago Exp $
 
 EAPI=5
 
@@ -12,7 +12,7 @@ SRC_URI="http://dev.gentoo.org/~olemarkus/eselect-php/eselect-php-${PV}.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos"
 IUSE="fpm apache2"
 
 DEPEND=">=app-admin/eselect-1.2.4

app-admin/glance/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/glance
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.30 2014/02/13 04:36:33 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.31 2014/02/20 21:00:22 prometheanfire Exp $
+
+*glance-2013.2.2 (20 Feb 2014)
+
+  20 Feb 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +glance-2013.2.2.ebuild:
+  BUMP!
 
 *glance-2013.2.1-r1 (13 Feb 2014)
 

app-admin/glance/Manifest

@@ -8,27 +8,29 @@ AUX glance.initd 2504 SHA256 8000f93dfacd93fa5c4a6d07090bc3c27b63912b6ae55a026e2
 AUX havana-1-CVE-2014-1948.patch 1340 SHA256 12e12e016154dd5c8ca6c1e7093f46024a3f4e3c48d06492e0dd4dc76dfe7dbb SHA512 3976077da2c00c6e847c67e36c37e646a9186e0d123b7fbfb2e5adac61ffcf3c8a6f36f6e935b5a1c94ef519d8062db0ab7e14bb32da031c75a9270d9a400a41 WHIRLPOOL 53b735fe5ff6028cae7d506d67933fa232b45a1ef7096f8680fa410d48f36d3260493f5936aab7f48875cf0817b88bb5bb7d0d0b81cd6cb716c077a9f3b0c550
 DIST glance-2013.1.4.tar.gz 724110 SHA256 dfb8070a12bbf5761db1c55d21db4772fe81ed903d57cf991618e5224cbdcd67 SHA512 31c6c4ba0e777fcd345fe24d32eab548f8e9756764051d8b3c50d4d54404c902473760a0dc1158e8b6b42a0b81e14ae6a31d03bb07d4254fcb4960b05dd747a9 WHIRLPOOL 770f782f539b0ac465c00e726552f4b7fc8824c4a9da1a94ef4103ef56ce17ff1c2ccc75140b71c9f4d3d875885f169d3c1c6d761fed7ff691c83484b86de74f
 DIST glance-2013.2.1.tar.gz 1616541 SHA256 f04eb070a862c0d14bdd94204a6f17f4a813dbeacc1978dffb53752c360731aa SHA512 42a30004d7677c946216bd934712094f585d1a98c8e4d7a4b51a14af93eac3e251bd7ef16fa9d9915f3c2f75974969306439742aaeaa64bf3d983ab458531ee5 WHIRLPOOL b76513207e56f3ceb18976b901a79fd5fbff2a9779df1179e79dc5d10049d3b100124e61b55e26ef47f5df54f03a1122752939e4b028d7873b0b0b771aabe9ac
+DIST glance-2013.2.2.tar.gz 1333129 SHA256 311805e1df5005ee554871f0096845c966af3cec41cbcf00f1a7e906582b05e1 SHA512 4516b0ce08be63aa22ffaeb7b0f2bf7ef5e6637d9058461337bdaffb18c5876637cef5240068954f40c72a8021969d755a678c4d7172606592acce1e731594ae WHIRLPOOL a8c6ad325f3e78786762b5717dcee5878540cc0a06f4428cd47657ee85d93db5c2a3d7b47dc758e88e174c9ea141aba48bef902b52671b4d415c5f2d9463da2a
 EBUILD glance-2013.1.4.ebuild 3146 SHA256 1ea12e958ef036f33d7479bf594251c189d922af33cf4ddb0441ad429193bd96 SHA512 b8fa8788dbd8274fa43fa0dfe88fc8f43f832a82913d4816174bf771639eeb907659faad3315981706bac41b7143b75c5c3ae50d5ad8794d4fd9c88c932ae99a WHIRLPOOL 6a7826ce32d9ba75111c58d130366602d706f406ad0cfd4fa17f42694d73c985cf0c19ffb3f26f78fad58cf88f101456bd6e4614c29f54609e620c313f19626d
 EBUILD glance-2013.1.9999.ebuild 3106 SHA256 fc2b671e94bc47402a2e1037c68ca57791ff573b52b56b0b98b972b7e757ad8c SHA512 5a0a9517f6538c8824c18dcd3add74003c6f06d5277b11e6b62606c17428ecef6db7d6f35e0b7f5cdc29573cc08d3e702da0e20394c0e72f1b0bbea28fed852e WHIRLPOOL d6b1811af8f6ce1dfb190815c7f8b4ea6f23e9b8091939b816b4657c293dcd9e8652ae5443b5777c009c6ba9bf310c5b4be6665d64c966f0b5673138e7011070
 EBUILD glance-2013.2.1-r1.ebuild 5244 SHA256 4557b4ba949f54fe9f3079bc1b2eded9bd0cc914f536f7d6a797e846837dafcd SHA512 ce7b13fc86cf13f43e40fc847d95f8c6011a0e7b694ec9a08c7000d2c1234da958ed6e9f10aca3f37e0899d1e1575ee2b358d027e34600daabafd352b383ef66 WHIRLPOOL 371c3b19ac96435f9003c600778756f765ca8bb2875077c261f920be1554289ee5d80b070ce8c55232a36acf29a30aac6db59b1e032a37bbdfa2c39ab139790a
+EBUILD glance-2013.2.2.ebuild 5196 SHA256 941826da1ae57b2deb2b602e503cee0baf9f6286d68b15ad709ce8ba8147c7af SHA512 3375a9912dd019077819897cedb867508421002f96165a8f7b6770de58057a36f613c50fc06cda3e4f9b35fc8761347b390b07acc2cdbece13c403fc791fc1db WHIRLPOOL dccc6fd870afba584011f99498d61e0c5e69a96dc68b2ad5fd224c5cb733ad59eac3fbc9a94f033b751401b56b2119700ba7567e42de16f1c37004fe4ff2c7be
 EBUILD glance-2013.2.9999.ebuild 5204 SHA256 5499738bac7a4433bcb65240c77d777a346dc1213e456186a016e3b40b5cb920 SHA512 f630539d3ff76825f22f836660503e996a6dcfa6f7432ca7920c8dd48efb0f5cd085b99e4b42d8928678a15ab7751abc02b34af87add05a23b6625f07ebba2c8 WHIRLPOOL e7576b7c5e6a57e0b363fa306ff9aa105ed5cdf9a20677597474483a4db4121c9877de2e1bfe8bfbc80ae0ddc315eeb370a41c3ef336a74262c5983d19db1613
 EBUILD glance-9999.ebuild 3029 SHA256 a0274ad3f834ad7be23bbcaea00c4a8422857bb3903f89954da901ebeeb7872b SHA512 2c9baf347f3577c4fcb62d1bed5f328e2dbd8e2c2149e1dd4b5b4d317520da5e8fa09d8c352d7bbeeb65c4debb35d3fc9df5c436fc51f707717e18bddeb4743e WHIRLPOOL 7f3a20e0ff8404c4ef130b1b2a84543e91acc95d51d332028dca474a2e2e44c2aae2f5e409b2258eec35a09c4c34c93939f99fd182c8050fb845d462e9bde0d4
-MISC ChangeLog 6837 SHA256 f5b1cf42533e3bf923bacb1aacf6451962d74ab023a960edcd36241a77e2e418 SHA512 cda47f074eea0435e1ead27cc6b7c0f1c6f6d05b3a684bf7e8ebaf686948cd0b7015d7ef86805bc7fd696e9f16efdcd40b4ba651ec8306a3ec2173779af08d7e WHIRLPOOL 91662aa89e62aec8818397aa8a42dd9b468cd1341d110cacdd9da540503b9fed663af56716c4d12cbb790180563928941b9c3f31a2312d3614f9d834492bef06
+MISC ChangeLog 6962 SHA256 41b10dfae6d94397894eabd9d5b7746c8c582b57acf45cadaaf9ff5ccc311be0 SHA512 2463c6cd96a22ae4bdb79c105559ee2a7473b57be1795091f1683aab42289e777f913cf2a45c2e3c209e20161a7da8d497213bc8761939f27afd07475a751890 WHIRLPOOL e730ac02cbd0b8fe36c47bddb2272575bc93bfb3720566b3e41941a24a1b9a1b3b65a668fd3a2937d87bd37ea40ca6db523518a22e0002c58f0c68f1fdf201bf
 MISC metadata.xml 551 SHA256 de9d9d349c334c740b04384a4f1288e7f2f8491751c38b5846fa5fdc801dd3c0 SHA512 0141af1612f84846713c8ffe8d0c4e653a77772d4e050deb5b9a47882aed9f803c7a0ebe7709f64279b04a19658f10da4aef962a70ecc7aebc2e7dce2ede4c68 WHIRLPOOL 4858e7841f26f04b1e35838cfb475cf34506fdb26e1a03f75c219d599dddac73fbc3429c80b5ac7c752fe2782445e2d492f58fc0b87da44ddc6d03b4710c8f13
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJS/EvdAAoJECRx6z5ArFrDQ/MP/A3CLm4CiyT1vlNcZLxvKiTd
-gVUuQJIz90HGztBC3lX9tZkzIaKjDdkreXuL8+P3Cz+6vsdlKed5evCUmktbbqe5
-bHImge5Ud1H5uRcc7rOQH2xzw57XsMxFuqzO8KYQWV/9CjNGY1IsTeCL38RmouSP
-DI3pZvzLobiSXD3Dh/6Aaqjb01xemkxWXSdI4z7MPBvWSUBkB/29rGEapkOg69Pv
-weHGXe9gF9FAXERVB6C2ofQOK1RoJqAU7WzVSNuRu2Z3XmRfGMNgMcjfYpnf1uNS
-OMxrUqsDxksx5zoB5hK/Tmj1f6d4x2JkVcm/IIPngHsCzlrtDSmZ5mBzIX0dOFaD
-v6tZ+CDWohXqc2k5Y9357F5lYSAsBIT75u22ulnnjh2u0dvYOtwlFnz8sLagK6Ds
-563IKU+VMCT0WgizgZna50v8NNEOpQLB6xWTFsrgTres26A9RUMdXPpRTW4EKWYD
-rtMql6QGWm1vQeThFnkZ/AyTnd6KYBJ09cqdrFjrIWYr321VukDnEp5UsIYBWeJF
-yBjF7qHCpjEIqSn/UoHyjxCZ+N8qE7zn/9m3nT796ENAHxXbdUdF0yDIbIGH4vy8
-MIjAL/d/wLNotLkQESoqCRiH88fp6KgFgDntpxozngtmDyUxfsjwrzz6ZcbrmHn9
-HIgIzZL6IYvr8O91qCTq
-=hEk0
+iQIcBAEBCAAGBQJTBmz3AAoJECRx6z5ArFrDG8kP/13ZXDzS2W+WJmUm3HX7Jayx
+2Fm+KZz9cI59QfnKt5XZ+SyLbp2kNRQyhEIiiOy2tqu9sg48YToEnJ4l3RMwHfV7
+xEvZZNA/Xrp1WAQ25vagfiQrv27119cmRfz3p2U5Z3lpvZ16jOv0QjH2Y0Gku0Kf
+FPoVR2nN/FuYNeX91VO7asQ5xMl05Bnto3QDu/Zj53Ecb/0dhg84qWll4IHbz5FA
+U/IgcCpKlc2DCS06N5n7IPZPWzjsDArwxyXLPRDH6ZMOkL53uBQ82aEQHF4LWzhZ
+F6DoqGr1ZN/tj8c+OsUyZWWBWem7OC5MIGBn+JmeoU/eZ4o6V9BL+y58gHWS6GsI
+58/L1A3/FvB8Z0NI96BceS6MK5vJydOYNB98gKkSeWcFv1q4MsAehRjFvRKYsq5U
+eVj/HfNFZjbcPCtMvxT3LHrzAiUNY2fz9RcfGjxC2AqRitouXlwc8Ami899gNTDp
+pIj3XcxATrsITzjzi2Dg/Weo1AhDSYwS0rgpfRdGkfdEN1KY+MeVbkrWMlE+s//8
+Qjglu+LO7BT/kVx0xGBrFHxnbg64+k6eqY40Z5uhdRYrVDEOMDKL3HJYpy+NyY/r
+M3K5tk38HLWI3RJYWPQhBFPz8KoJ5z7fAnCeSzhezLxKhhHVFENR3iKQeiyl/H67
+O2tHeTQhCZNp694Jk22J
+=cFV1
 -----END PGP SIGNATURE-----

app-admin/glance/glance-2013.2.2.ebuild

@@ -0,0 +1,139 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2013.2.2.ebuild,v 1.1 2014/02/20 21:00:22 prometheanfire Exp $
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 user
+
+DESCRIPTION="Provides services for discovering, registering, and retrieving
+virtual machine images with Openstack"
+HOMEPAGE="https://launchpad.net/glance"
+SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc mysql postgres +sqlite +swift test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+		dev-python/pbr[${PYTHON_USEDEP}]
+		test? ( >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+			>=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+			dev-python/nose[${PYTHON_USEDEP}]
+			dev-python/nose-exclude[${PYTHON_USEDEP}]
+			>=dev-python/openstack-nose-plugin-0.7[${PYTHON_USEDEP}]
+			>=dev-python/mock-1.0[${PYTHON_USEDEP}]
+			>=dev-python/nosehtmloutput-0.0.3[${PYTHON_USEDEP}]
+			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+			>=dev-python/requests-1.1[${PYTHON_USEDEP}]
+			>=dev-python/testtools-0.9.32[${PYTHON_USEDEP}]
+			>=dev-python/psutil-0.6.1[${PYTHON_USEDEP}]
+			dev-python/mysql-python[${PYTHON_USEDEP}]
+			dev-python/psycopg[${PYTHON_USEDEP}]
+			>=dev-python/pyxattr-0.5.0[${PYTHON_USEDEP}]
+			~dev-python/pep8-1.4.5[${PYTHON_USEDEP}]
+			>=dev-python/pyflakes-0.7.2[${PYTHON_USEDEP}]
+			<dev-python/pyflakes-0.7.4[${PYTHON_USEDEP}]
+			~dev-python/flake8-2.0[${PYTHON_USEDEP}]
+			>=dev-python/hacking-0.5.6[${PYTHON_USEDEP}]
+			<dev-python/hacking-0.8[${PYTHON_USEDEP}]
+			>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+			=dev-python/pysendfile-2.0.0[${PYTHON_USEDEP}]
+			dev-python/qpid-python[${PYTHON_USEDEP}]
+			dev-python/oslo-sphinx
+			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+			<dev-python/sphinx-1.2[${PYTHON_USEDEP}] )"
+#note to self, wsgiref is a python builtin, no need to package it
+#>=dev-python/wsgiref-0.1.2[${PYTHON_USEDEP}]
+
+RDEPEND=">=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+		>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
+		sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
+				  <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] )
+		mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
+				 <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] )
+		postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
+					<dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] )
+		>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
+		>=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+		>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+		>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+		<dev-python/webob-1.3[${PYTHON_USEDEP}]
+		virtual/python-argparse[${PYTHON_USEDEP}]
+		>=dev-python/boto-2.4.0[${PYTHON_USEDEP}]
+		!~dev-python/boto-2.13.0[${PYTHON_USEDEP}]
+		>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
+		dev-python/httplib2[${PYTHON_USEDEP}]
+		>=dev-python/kombu-2.4.8[${PYTHON_USEDEP}]
+		>=dev-python/pycrypto-2.6[${PYTHON_USEDEP}]
+		>=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}]
+		>=dev-python/oslo-config-1.2.1[${PYTHON_USEDEP}]
+		swift? (
+			>=dev-python/python-swiftclient-1.5[${PYTHON_USEDEP}]
+			<dev-python/python-swiftclient-2[${PYTHON_USEDEP}]
+		)
+		>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+		dev-python/paste[${PYTHON_USEDEP}]
+		dev-python/passlib[${PYTHON_USEDEP}]
+		>=dev-python/jsonschema-1.3.0[${PYTHON_USEDEP}]
+		!~dev-python/jsonschema-1.4.0[${PYTHON_USEDEP}]
+		>=dev-python/python-cinderclient-1.0.6[${PYTHON_USEDEP}]
+		>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
+		dev-python/pyopenssl[${PYTHON_USEDEP}]
+		>=dev-python/six-1.4.1[${PYTHON_USEDEP}]"
+
+PATCHES=( "${FILESDIR}/${PN}-2013.2-sphinx_mapping.patch" )
+
+pkg_setup() {
+	enewgroup glance
+	enewuser glance -1 -1 /var/lib/glance glance
+}
+
+python_compile_all() {
+	use doc && "${PYTHON}" setup.py build_sphinx
+}
+
+python_test() {
+	# https://bugs.launchpad.net/glance/+bug/1251105
+	# https://bugs.launchpad.net/glance/+bug/1242501
+	# 2013.2 requires =dev-python/iso8601-0.1.4
+	nosetests glance/ || die "tests failed under python2.7"
+}
+
+python_install() {
+	distutils-r1_python_install
+	newconfd "${FILESDIR}/glance.confd" glance
+	newinitd "${FILESDIR}/glance.initd" glance
+
+	for function in api registry scrubber; do
+		dosym /etc/init.d/glance /etc/init.d/glance-${function}
+	done
+
+	diropts -m 0750
+	dodir /var/run/glance /var/log/glance /var/lib/glance/images /var/lib/glance/scrubber
+	keepdir /etc/glance
+	keepdir /var/log/glance
+	keepdir /var/lib/glance/images
+	keepdir /var/lib/glance/scrubber
+	insinto /etc/glance
+
+	doins "etc/glance-api-paste.ini"
+	doins "etc/glance-api.conf"
+	doins "etc/glance-cache.conf"
+	doins "etc/glance-registry-paste.ini"
+	doins "etc/glance-registry.conf"
+	doins "etc/glance-scrubber.conf"
+	doins "etc/logging.cnf.sample"
+	doins "etc/policy.json"
+	doins "etc/schema-image.json"
+
+	fowners glance:glance /var/run/glance /var/log/glance /var/lib/glance/images /var/lib/glance/scrubber /etc/glance
+}
+
+python_install_all() {
+	use doc && local HTML_DOCS=( doc/build/html/. )
+	distutils-r1_python_install_all
+}

app-admin/hardening-check/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/hardening-check
-# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/hardening-check/ChangeLog,v 1.5 2013/12/29 17:49:34 ago Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/hardening-check/ChangeLog,v 1.7 2014/02/20 13:11:53 ago Exp $
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> hardening-check-2.5.ebuild:
+  Stable for x86, wrt bug #500100
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> hardening-check-2.5.ebuild:
+  Stable for amd64, wrt bug #500100
 
 *hardening-check-2.5 (29 Dec 2013)
 

app-admin/hardening-check/Manifest

@@ -1,26 +1,26 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
 
 DIST hardening-wrapper_2.4.tar.gz 21082 SHA256 411248b1f89e512bd27f96cfaef2aac4fe5c50884ca0769ba94dd2b90bea5d5a SHA512 59366393821116493e204972009bc614a3aee61b15427ecf0a4bc23accea00e0891196b1250f6a3c30e9633ca54022f39ad83d49a213cd4c9aaa78e992647a07 WHIRLPOOL a2aef6b6b302a2b238953b53946865ab7864b36914d0f168073a958c8ae8041d75456283f806d99a124fd853bf775635c7bb4af0f74a5245f49b378eb28ee763
 DIST hardening-wrapper_2.5.tar.gz 21157 SHA256 9ae2cc44d9543476b5b8655b4699af5421218dce44ce0d4a89cf5d81ba12b9bf SHA512 e2c183736e9f1dd1b39ecde7d2bf2c22d4c87c69cb158d98bb527b8325d88ea86bceb6087633cc761e973a22d0cf97c6266464d117e408ed2aee2e67c8ab5565 WHIRLPOOL 652327876a29ad8a69529bcb85b1331a227348a1ca87c1e5cf69fbcea0ad7c57afdcb14536eebfc8668834a701ee80f8579b8851f596e41ee782e4c6dbf47cb9
 EBUILD hardening-check-2.4.ebuild 825 SHA256 3e2bcb30f6981b5f1bcec47e5bff7e60e6d189ca2d529559a3e062639dc70577 SHA512 5505731706834792b6f1b443551bb4cba0f44f0bb06fdce81ba39f4b240b2bcd55bdf4d47ed1d0b8e1aeada137986ef3ec5069eaf28e0cc98e0319b3d76e8609 WHIRLPOOL bea1c320462f74eba8c85b65c91023820de93414c2cb4e74cc8e16ef26ba58a930b275264f5d083a32eeb2fe4e55b0a0ea6c16f78ee1304c5f5bd45d41ade7f7
-EBUILD hardening-check-2.5.ebuild 622 SHA256 db7063e1d432ed1303602ec61faf2780e37176aca7951b158777ccbec43ee4ac SHA512 a686ab2b1164ee33140f090cbe45fa0c08f6aceb155a70a3af73004bc1be3fb3ca8bedffd66ff7ad20ffce8310e8ca59ce63d65584ed4ab7aa7c023a6d20a2ec WHIRLPOOL 530fcf599f3a245317c20417e1d18bf730b865be58f6f7e6de8f80a5ae81c52fc784b205a49174be68ab81d7c8ad37adff9f87e3e1048184ff014160eb133123
-MISC ChangeLog 907 SHA256 aaf8b1947c50d85741f6028bce84b14bf9b073b8230c9a7b3af3244af97c9e5d SHA512 a7c12c63c507b4b0dbe346b825ec6ec8e152c616ebac6470d2f939c38475aa4de58f7f8b6c8b7eaa294aeab85c322d933a0c01baf65f9b02e2a2aff662ed3154 WHIRLPOOL 8bd2192db9fb7b21834d2cf3f91f2182db316bcd032bcd9effb1f3a0ad52dd3ce33f402b9642ec24b2fc50b4c49fe7f1839fb44e7521d577df8b284c8dedae73
+EBUILD hardening-check-2.5.ebuild 620 SHA256 4aee4fe4e2850a77025f1e69b9ac77f72e103d5b3434dde196ec85555957c31f SHA512 a729b7f28a3ab4d8364e67e42f2dbaceb38eb61764c130e6de524ce3cb7e598292017a72be620c81b18b3ab2ba3f35843659cb7c8a122d3e9deff4e5ed21cc16 WHIRLPOOL ae39077e7ec7c9dbb3a652ae38391b78e8dae418b7d1d5f979af15e5b6f072c9899373f79ccd882af273281738adada169e476e6bfc8423467cd88fffaf24501
+MISC ChangeLog 1133 SHA256 eba64262d560c19696fb8d9b26c23c943d724d43d569e247e25ccbf44b9c20d0 SHA512 5f5183ec6e6a09be7fdac7a1ab31f65df52051bc04b55da73d1fa4f32b47886d988c439de3c874dcd1eb527b31e87fa3819776ae119954b7df21ccfcba6d8d4a WHIRLPOOL c2dc84106af2bd6e83072f8b72a57fcc43a9928b7d67a7c1438259c0444ecbe9c52f9cf5121d9d8d5a45eeccb8a0a31e682f232b82f5141bab2c7a3565b3b336
 MISC metadata.xml 402 SHA256 8e563d839499fad9af4524f6e182c346f266114b4044259ec839b2d4e42dd0ae SHA512 c7f67d4270ee05d04ca308cff1361d8fb3bea568c358ec88c442aa265f46cac6def3935bb42018c04a4ecbfb757441c9c8fb0f5223cb371ef0de4c20fa41fe0a WHIRLPOOL 0df4ab069199d2128166881f7439f20456ee5c9b6d546f214c5b77201dad2d32c4ce59246730399c89b905cf7a020690af4bb8a946b4c99ca22ebb870a418e8c
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCgAGBQJSwF+7AAoJELp701BxlEWfreEQAI6xhZjhKGZTh4YbL5ikeF9+
-OAsAoz7AAknI5CTL4L9JOR0tYMV+KQRExH0G76ZMvaXEXGhlIN2u/jSdBIOtl1K1
-d8IN3MZWAGhIScU3zD0byryYTay0CrL48RK4vDKwDFznAgfNSP5xLu7OpQ2VajA2
-Hje3U8GUYutyhnvfJsPLI17lkjI3HH8BPImm+No+uqRJacB89vu1BzuIfkMySfZ3
-hsPMoJT/zeoy6jrYKUDjT8XcyVAt9HiSyTfpCnoJWQGCKVBLiEZ+IrZdl/kYy4wv
-mYytMv0xG8mms/GXGvw0xIpai/ZEK5Fu6l+WejMOuHKH3Gv9Bht7Uv5c9Qj6jwbi
-D2wNkYAXP/UngNKz8BP8+CcoDwpZJ3+OpERdJaJnaj2y5dbrIl4xWGO/1Tdtcf5w
-5mUERjs4Ju59u5gjtDshpctCslWG734had38mrvRJIaI+Z9U3J+pg+n8ok/MbJm+
-/aqm3rRp/mbiS+kJUKGkCXKiMZ6IG/Bk65fXyQ5QKTzByZ3ZGhc8yen4ES2lgvGD
-KZt0mOzo4srJES88WpP76tR4f9e/u9sus0JBHGYxF0H+g1sUZEJtA0wdBBTHdDQE
-dANMA42v4JJCH2DqiGpj9eNFh1ySFc6lEYW3xiepIVIGwPD1iQA2nficHF4bCh8R
-7iZHmd1S/DqxRrr1KHIJ
-=vfgl
+iQIcBAEBCAAGBQJTBf8aAAoJELp701BxlEWf2JEQAKEWtHfysJLOONug1cV38ccK
+0zoa4xxhZNn2RCuzIAcrn5PuuhENCB/4pau7dWWvgC1y5+CsJU1evbIcEJzD5L7I
+niAPj9BMSClCg9VxV5Cq7rWPA/MNyUMNDIowKYZrwNiiB5TStYaegzOS16cQaJkm
+VSIA40YeAQCO30FZwIIJsxsB/kvk9+FzY6Kuf4xM3ZntDt57AgRADtfZP0xYIItk
+tyiBCuFnKnLLYNlgR1iy5/FTfCgney8dNNIsqMt7VTnpY5EX51A6t3l7AjQg0x7i
+Y8cLEvtvfQyFUa6tYjr5FQSkqgwGvUhUsc7ThRC5rFPyoeQOi2FUXuq/7ER3t5jV
+WXzRkoKl8TFM5Z79cXqITlY7uqGinR+fZTsgFOUSizX59fe/gojDt40pQYPWD5lS
+o28AzBWN6eCdCrC5difHTvu6MWW/t6fGRef5Lv9B6J48JZo0OchuSd7Av4bx5lxN
+jyhsjoKhsKhyZCeuqs9fJXwLHdcQAOQC6KQG85tKxZBRHTaDbqQano6wPIa/FToW
+XG5D+cyaLYnEpIVpImnocpu2Vl7jgMOspREHXNEUuHpITrgshc4AEjQlbp8YRO/K
+V40cZCyI7BnJB9l1gT1kPjggvxYr+pAX+gEjpI/QwMIxxQb05Tu/AtKvca0G7L+6
+akF70g1ixW6QVaZH4V7S
+=Y1ZC
 -----END PGP SIGNATURE-----

app-admin/hardening-check/hardening-check-2.5.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/hardening-check/hardening-check-2.5.ebuild,v 1.1 2013/12/29 17:49:34 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/hardening-check/hardening-check-2.5.ebuild,v 1.3 2014/02/20 13:11:53 ago Exp $
 
 EAPI="5"
 
@@ -10,7 +10,7 @@ DESCRIPTION="Report the hardening characterists of a set of binaries"
 HOMEPAGE="https://wiki.debian.org/Hardening"
 SRC_URI="mirror://debian/pool/main/h/${MY_PN}/${MY_PN}_${PV}.tar.gz"
 
-KEYWORDS="~amd64 ~x86"
+KEYWORDS="amd64 x86"
 IUSE=""
 LICENSE="GPL-2+"
 SLOT="0"

app-admin/verynice/ChangeLog

@@ -1,6 +1,9 @@
 # ChangeLog for app-admin/verynice
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/verynice/ChangeLog,v 1.24 2014/02/11 14:28:40 nimiux Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/verynice/ChangeLog,v 1.25 2014/02/20 20:37:58 ago Exp $
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> verynice-1.1-r2.ebuild:
+  Stable for x86, wrt bug #499838
 
   11 Feb 2014; Chema Alonso <nimiux@gentoo.org> verynice-1.1-r2.ebuild:
   Stable for amd64 wrt bug #499838

app-admin/verynice/Manifest

@@ -6,18 +6,24 @@ AUX verynice-1.1-build.patch 2525 SHA256 672c404f155a8be7e0ffa91997f25d2a13d1647
 AUX verynice.service 158 SHA256 f30efe2dbe6b87e637c458c7d618114b9cf9af5f3d12653de18aae9ff5a079f5 SHA512 03a88cc405c8d6fa18f1e523e6987b1455011cf17ff38f1e937d523b33d88cae839f256811b487ec3141d8b396a15b8af778998d53bf55dd69f6a6a6dbc6a148 WHIRLPOOL 7da0946a0b67425bf7e80b0d660bd5f9f601f86ac1364ccbd324bcfbd361e8721870f6d3112bfd593114cfeab6d6d866f5d648b06846f4f335705bbdd8f4aff2
 DIST verynice-1.1.tar.gz 37576 SHA256 5830fd4ac14ba3677e49159adbb7cd61e3d42d1f0b9aa73e4ed0aa154af6cd8d SHA512 731fa22162bb4f48b943839ccf8ccdc769587e323da11e4a77ad14539a724ffbb89e5f4122e1ab36df3306c507afc958d1125160d34d9cbf55df4dc69e4a0139 WHIRLPOOL ed1b7790aa333497e869830b2aacc3fa2289864e363bef3362ffee115c8afa0eb36b8cc29f255d87b929bb3dec3f8d9e839f30668c4572bccfdfb61f95da07c3
 EBUILD verynice-1.1-r1.ebuild 794 SHA256 e308327307afc1170a0b1c6e3e67a32d75ea46b546305e4bf7c47138b9b57c7c SHA512 7c7689fd41d0ee4ee3e0433e6ccd86d1c73dffffac71ab592fec76b792571bad4dfe81d7ec15b831daeda426f2a10beb93a338a437e31a5a421aa5b69feafe12 WHIRLPOOL 9b4fab2bb7bb4cc88eaf0e52584924af09eeb8f18e455d263ea9759f69ccef359b7afae65f884a23f6097bd12b141559b416777d7ba0dae5c8d665a2da2f2db9
-EBUILD verynice-1.1-r2.ebuild 854 SHA256 b489b5175b4eb7ed482456095f812906e743aebfd9968afd0595e6cbe184ab95 SHA512 bb19c618d3a026987a557de9e49901f0c9e1c69bcb2dff167dd28db46eb552e744ec29eee7fd74c4444276fd2e6a9d4ff9ea515e461c4eb8cd13a9bb063e075d WHIRLPOOL 119511afd7b148a8bd45b76c61e649196d08f7818c0586eb42ec36d18f981e8fbf03a203cb736a4f08da80b638c3642f4b2ffb2217e3f3abed11dc7ec340f9b2
+EBUILD verynice-1.1-r2.ebuild 850 SHA256 0ebda4cdbd0de4afee3a180c1d131ef4708c2d7550520319b2144fe1050c5c71 SHA512 a967695ee332be2611bd0e3f57e791807d0f2412b5e21429102ad2f18f9cbc97db567753dd261e0d937b6906ddf1d72738a5c1ffd08fa750a344dc26815efc7f WHIRLPOOL df645245b1ba9c3488cc02b51f8696a194d3d3c68ffa8af3bbf3d87f915cfee81fc697e5fa6a56f8e0babc46e4fc49d904f807bb9f5ec286bb8b7cb158070578
 EBUILD verynice-1.1.ebuild 1179 SHA256 4f7e402c954f441f235c7658b88ead07ec88b5682cd3d90a4f4c7084380fbf08 SHA512 eb8da360b867c27445e0035ff86428531714f0834448270509563c7a29c7e8d3e0d4fbfe25b31202960b2001faf07f57424d5e3ca5c1e8e4d9bb36c6b116e479 WHIRLPOOL 098cf696a304cd5c638d5ed087b1d7ab066d1ce3132181c3808aedf38484fd88dd4f2680f9d7f3804b4dc083cee87fd6e8f8f0000d2814b840ec26b86c2b9bc9
-MISC ChangeLog 2821 SHA256 367b8a8cd0fba3fc4133343258f14c4f821aa43d1c827dae5b52281797ab5eca SHA512 ddec4334c04c7a041c9e27bc873532e0890e73e5442e1faee7170fa9d18eedcfa431a8a3d9b277ab5debac130087ced3471235d9833fbbf224f16ec83c138edc WHIRLPOOL df7eb658d47a3e459d8e9cebb2647b327b87db0e78e985dfb30dae0ae54a52527ca500e79d244da325e3dfb61c4f308a18dba5909a1c702f31ab9d1ffd036a77
+MISC ChangeLog 2926 SHA256 6760b21d91c21ba208438385cbab3c80ce6a57c5f58c31e036dc57e10b300329 SHA512 3f9a8dda4c2b33fa9d4a4b8a4a4b4199698c94a27acd0bd4541e4238caf9b0612804823f22ff154c08edbeba3af11d305d66756c411595cd73752768fe1bec26 WHIRLPOOL 922d55750ab2b08dbc397f162f13ba262e72ae6bfe474b99b7d842be79dde3fd1a5315ca44726e837f61e0191bf3eaaa6147e6055653fc9758ef5a7d8535616c
 MISC metadata.xml 356 SHA256 6e8d66dd876aee03ea5a74b1b9d2cc15c528ff95b2b534719ea11fc8232cc86c SHA512 254c087a67c211201643cd084c6bf4391608e6d56ed06a2dbd58eee68408f8e0a8673bfa9a960652bd83372c2fc9457829f1c5b45d684b05d527cf8535421067 WHIRLPOOL afd49131b1444bf7225d09d842ed0995b885fab62970bbd8143f930fb9298d24a21dd7273abb6fc614653c5f3f397e15471a44a81704c51d0d045690ec96e278
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQEcBAEBCAAGBQJS+jPQAAoJEA2sAkrWKOU20WMIAKUh8Mkdt5PYzhWHGQWL8UI2
-EC0BdUzK/4UeRWFDLidM5H4pyfOHI4RiS6lEyvtsoHu1C5IaVw8Xcezz/H2cajW1
-bleA2cILIrmWWJZK48miBHnllCWXkussewa6sp6NdBx9Y9crDpSKWnZGTh+7mvnT
-BSQxrMY/czbbddRtl8t5BmOhBSXeIh9VuVzMORrL7VhIeS3SL6o8QbBhUpIGtiiE
-fj0mVmladpFGr1BecLiiBY34rwaMEicXwPrYXrB88fffvZCNQnSRJpleJK50Hxp7
-ZrHx5Lc2d+Y/Dfjh5iKTSlkVZEA0Ak/3K/bqEQoBvwDvE+LimOmIf9IOJBpeu6g=
-=kZd4
+iQIcBAEBCAAGBQJTBmeoAAoJELp701BxlEWfGI0P/i6vEaXj+yJXi001t66fyyIy
+zIBqzKlkO2CgAJ8YKg8fyzArFGyXsvS9A6POYteanvx8X5MUjNMUoqlXU428Wc0c
+XiFoDuJvKESJuMXj39wCZEvNRY6lFK1ZdmWb3PI3myB/C51fQuHKUYzbhgKKV+db
+YeLlfZJu1s/ku5X4DnwAo5goPgJRl4OVFZ4NIJbb29ZdjsdzhZFfnEQnRbZGqHEQ
+I14xLW2YqxBrKB15gQcA9XjKdBveciajJWptOZYD7ePHcFn2l+UB++QArfpFnEbs
+r4qjs2iQEPFWWAaYVOn5Z/28x3CoeF6P9J4NYM1RoZJJSmGvz2uhoqq47BE3XyZd
+FXz3NWDLU7dTV70I/JF9IW3eTSNOj4IOpuG1j3C6sptnLGoE6tmuj9JiReCKt/YS
+0pUAo7lPQybyPlyvWiGtmYjIzk6ZvyBQuFK0/Q9HJUNNeKsUDlJ3amScKAJ3Co7j
+2ErS8gfd4P3ZMBMM88WyvXuBTxJ2o9DlpytRfWEJYVNoIspfeJwxxk2gLP5GX3jT
+eE49qAjp7DP9CjGWWyx6aEoUde/18vhU+tEgAsim1kBpk8ob/F82WUthN7q386le
+63tgC5UQK1qBL8rtFNo+nzZC6fu5xyzV/HXVoPZv3pcoXJqKX15cKUPIpwyUvGGu
+aqywUCHrmr5C1AKc7OvM
+=Ripu
 -----END PGP SIGNATURE-----

app-admin/verynice/verynice-1.1-r2.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/verynice/verynice-1.1-r2.ebuild,v 1.2 2014/02/11 14:28:40 nimiux Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/verynice/verynice-1.1-r2.ebuild,v 1.3 2014/02/20 20:37:58 ago Exp $
 
 EAPI=5
 
@@ -12,7 +12,7 @@ SRC_URI="http://thermal.cnde.iastate.edu/~sdh4/verynice/down/${P}.tar.gz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="amd64 ~ppc ~x86"
+KEYWORDS="amd64 ~ppc x86"
 IUSE=""
 
 S=${WORKDIR}/${PN}

app-arch/tar/ChangeLog

@@ -1,6 +1,9 @@
 # ChangeLog for app-arch/tar
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.201 2014/02/19 14:49:03 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.202 2014/02/20 18:02:38 maekke Exp $
+
+  20 Feb 2014; Markus Meier <maekke@gentoo.org> tar-1.27.1-r2.ebuild:
+  arm stable, bug #496212
 
 *tar-1.27.1-r2 (19 Feb 2014)
 

app-arch/tar/Manifest

@@ -14,24 +14,14 @@ DIST tar-1.27.1.tar.bz2 2573070 SHA256 9b0fb3ce8512059337add0da5f8f0f7d7647f2201
 DIST tar-1.27.tar.bz2 2530071 SHA256 2238c5c63c7ecaccc962f10482d76875b45cedfed69138ed852a88e344af3c7b SHA512 7f9c9fa07f67c0a3ca7593ffb334db1c32206ee3cccb4484543b4c055ff3a4b72d46671aa534b4e754158653654ac04c9272d6738e7f06ab502b9c4c8d60c433 WHIRLPOOL fc296b654611545fd8cedabf52b231330371af7c396ebe28bd0c66633cb58f143bbdce4cf9d75e15f770851ebd96426781a050abf770a1d0dc194819e460637f
 EBUILD tar-1.26-r1.ebuild 2290 SHA256 03651edf07bc9cc141a524efd006f4361c4cd79b1d5796dd88ebd3e4fd25eb5e SHA512 346ad7e358e2bc5337011cd076daaff887ed7c83d1bd2c411c409b7327d35dfeb01c4be51102623cb0e004da0c4a24393746b0d8260799e86f5de94ff633958d WHIRLPOOL 492c281e5e6929286c01dc9ecbd37b9de72947d3701237e34adeb690f1cdc84a559fcbc2f346505a64ebc4ae1e25d6d4f6882df03495dd767159e0e04ea89100
 EBUILD tar-1.27-r2.ebuild 2396 SHA256 d8c4d189877fb41b7d4d6cbbc029d49bc81e5700e09a792b5a9e9fca53c22422 SHA512 7cfe91695ddc7ddcec6c659a86fc4ff52f30fb55d939264de655b139ef3f74ddd365776d24680893c801c6ce1278f3647613c55a68a3889cb34834355a5ab234 WHIRLPOOL a0eaf2b17d7ce1c4cbbab1f20797c79a128262edcc9bd1100ce01d3a1b011c83632714fdef70a3a68b392c29e3bc3980e835efc2be3003f60ceff51e22c4c211
-EBUILD tar-1.27.1-r2.ebuild 2457 SHA256 a47446a10576a395fe7dece987039c8afc01df56e821102acd9754ce2256a781 SHA512 8ca6731b81d0a85f44a30acddd9bc2e0bedca30ae89df7ca2edad1957db9509de7c5a9ca8282a9fdb76ea2c85d41b3ea559d7d2f7a5241824c93d124da0189d7 WHIRLPOOL 4db9b338a6311682444d92138ad91cba9688d314f75218f07e48caf396e4cf4b912cc94e5da02950bfed00a52eff7d2325391c70965faecb8e4723d3de37ce1a
+EBUILD tar-1.27.1-r2.ebuild 2450 SHA256 bab15cb68783492f9bb0e745cff36977d13d10036c40e872a167e87f7ec774f2 SHA512 f09972e4672613e6095778898c1106e04596ceaa3dc8f1239a3897554548ea811287a478170e04f6a4edc9baed96ac2865399715a3ead7bbe6292a27887fed84 WHIRLPOOL 16d9c95f433d1c63894cf52e7afb3e9c57cef7cc768b5e360ed2424532da4eb13f2cbc8602131177cc5856cf3b57beb3111327891febe39f7de607c7a91d812f
 EBUILD tar-1.27.1.ebuild 2322 SHA256 e8574b521187193a3877aebe38d6f2a62c3156797c0eef7edf2abbbc3cbba4d6 SHA512 c7c52f4548840d855e662fc09337bf73f1d59a608abac029b94eaf0700a8bec3a2587fd0e3f0acae0d9f2c3e205035c7685413d78e6046e4c013504ace9bf3f1 WHIRLPOOL 4ba5a9baf57af269bf3e436f0a9fd328f195e9899f67142d8dd77c0fb910be66768d6778bae47cc971a45f05c1418acf99bf8c8efd6e65d93f508d5839519e4b
-MISC ChangeLog 30433 SHA256 de2ab6288f426fe66a580a6ca643e3880643cfe787ebe3971aff360a5e6d40a3 SHA512 0726287b396ee9ef5fdc6ddd50a1efcff521cb0877bb7ff7a1c78dd73ad0d1d9233db8eaaa45fffeed1a1bebaba123c4ee4c457c4005ece7277376ef0d551b5c WHIRLPOOL 63fe3612aecf5a5e562b19cb25a07c236afad10e8e3adaf0b33d3fccd39a9e7c6514539d7c3a845dce8d0361092b49a363e57f224f3857f7411561d06140a044
+MISC ChangeLog 30524 SHA256 c5618fbc249f2d5c24b297136862b6860d2dff2ccf92c4254d007707f78cba1f SHA512 5218477e32b68f9d38f9247693ba61582322cd365d43e79a7f1098518262fc5bdd1434794588a6372ced8b560e724f7c7d19a3a3a49b234fc0d383d349bc4faf WHIRLPOOL 5ce3480eecace2c658cdb477a9b3711e896ef8aef225a36ea594eab93b8c951d55ac84b1a00da8e2334fa63877e0463fa18c814953ffa2911a5819cf5b2536df
 MISC metadata.xml 298 SHA256 776c92889812df8f8dc072ae2ac1d7091f1613afc6332eccd0e20a0d90caaf0b SHA512 9e7e0d3343fc95c9164d7b5cd7bf9a8cc21d5bba06af0ce19f693f8e6039415ab472411fba602fb99a1728529774cd85e828311a77c34d1f157cf4fedea59f65 WHIRLPOOL ddeaf15e3d36ed3c9e0ac13b17e49a187d0855255f38bf60a3726bd10ebaddbfc269a2101bbc64d4c8f69491228165016b2d76b15aabbd9bc3a0bd1732ca8f2e
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTBMRgAAoJEPiazRVxLXTFgikP/i4DgSy6FvYAYXGmIkx9s7Bo
-EPwJql6fwYVQLM4ZjjdDtyOOuAx8n9ybMTSpUtB6mWvne8nkIfJDtEwwxocfMpRO
-8ap8h+uEhTHNggfdfSHh2peAOJ0Y6U8x1LVsDUg+q/5oYxC3rJYB2QiLDE7rWsTM
-3MH5d9ad4Y/3ZkloVdTKZAEMJcY5QOQ9mjN/aNR7qZOKOsi29WVhSSeHLimiW0YT
-2evsjv6okPSuJRGf0iZrSpEuyGLbyXo2yERxkLdd/gEvJoXj0iP4e/00es8j6kF0
-5ouXXmnhFXe6C/ZdXclaE0ljtkzawzKbF5r/D986ouiqBO3gu+P9I2dMaTHjcSp/
-Q+v8x/KfvW01PCowjT6lvUb5795sY80eJ5HRU07SDkGqN3nJtwMveBW1Uy7+wn3F
-8XgY6ktDwUQ5k89TMnDN7dk6IUiDExn3wWYHd8iKjj7oJ6TvhaSAH88oZes/q3xQ
-vsl3cA4WnuXFroFK8nrBINJzMYd3U9Ds/y8AUubBEOFvQfbHiAHDXMDle/ulYiMn
-e6rD1ycv2iXu6/SUJH1unjO/2OGYMXQU3Fic/3YOmdgyqwTllRdpUG9uGHft0iQb
-m3NnoG/INRruO5y2bKOv1M82Ju5tW33Efn9iFYzSN34B7swtoXjaEl675CKqYps9
-gJDGZsDaeuIq9sk6sqoB
-=EcIN
+iEYEAREIAAYFAlMGRP4ACgkQkKaRLQcq0GKvOgCfe1GKTw17f/dUg5lo6Fhj0FMs
+TgkAoIeJWVqcrZqyga7wK6cDEfiXkHwt
+=EJnK
 -----END PGP SIGNATURE-----

app-arch/tar/tar-1.27.1-r2.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.27.1-r2.ebuild,v 1.1 2014/02/19 14:49:03 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.27.1-r2.ebuild,v 1.2 2014/02/20 18:02:38 maekke Exp $
 
 EAPI=4
 
@@ -13,7 +13,7 @@ SRC_URI="mirror://gnu/tar/${P}.tar.bz2
 
 LICENSE="GPL-3+"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl minimal nls selinux static userland_GNU xattr"
 
 RDEPEND="acl? ( virtual/acl )

app-crypt/p11-kit/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/p11-kit
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/p11-kit/ChangeLog,v 1.55 2014/02/18 20:56:22 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/p11-kit/ChangeLog,v 1.57 2014/02/20 20:39:48 ago Exp $
+
+  20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> p11-kit-0.20.2.ebuild:
+  Stable for x86, wrt bug #500718
+
+  20 Feb 2014; Akinori Hattori <hattya@gentoo.org> p11-kit-0.20.2.ebuild:
+  ia64 stable wrt bug #500718
 
   18 Feb 2014; Pacho Ramos <pacho@gentoo.org> p11-kit-0.20.2.ebuild:
   amd64 stable, bug #500718

app-crypt/p11-kit/Manifest

@@ -14,13 +14,23 @@ EBUILD p11-kit-0.19.3.ebuild 1000 SHA256 e017919bcb7b148547050c59b1d89985285f751
 EBUILD p11-kit-0.19.4.ebuild 922 SHA256 c909352f236c2a44d4c7ed1037e86d3bbd852685af89220bf509ecf42c4c3acd SHA512 1f2683a49e209bed33bad63965404040cdc7ffb0bc10ac9b7936c571b648e1d266f77f2ebac5be6d019237bba18683abdfbe7282025dc6d92d0ca08c774c1de8 WHIRLPOOL 5357e28da9260c80de9f77367b21a7b5fc0ce9c03e5fc7961c845d2e944eeb9a60d9d7bf31435a69d6999c8be3453ced1f0bd4df3fba746035f677e62fc5a37c
 EBUILD p11-kit-0.20.1.ebuild 922 SHA256 fda3f1a8acb7377c48c798de38bbcccb0405c7d5b1bbc5af507628df96e003d0 SHA512 1ef5512ac6ad9256e57f1a9cdc9a4b2396c6e529a3530d9c03921122bf9d69f022a5b9b44d04ed8c194f8d7e3d0c9ef245a3511fc6cd1159a1ffedd9dad14328 WHIRLPOOL f31cbf5b74a139ef95a554d5f88e062d07ce47c5f163ea8368ce5e217aac719176335970476776026c88a5443ce0b3b2789d5fb3e9daaec314126df13e2f13bf
 EBUILD p11-kit-0.20.2-r1.ebuild 992 SHA256 085290dce7f62db592cf17a2f55d88b1bd42446275c3518ef74ebb17fecd8547 SHA512 7fd9a38f39131bdade94f8e682774cd9bec36aa75e113c810b11a9db02039860c6be3c12b900cbd75ae12a8253255abb18fd58b33cf1c75ed28e30a98fd30de5 WHIRLPOOL 5c1289a45da15268b4a6814835962d4dc37c67a36d55a3c125d92041e566422d7117ac417366dc0afd41b1c97368e5ec4ccf413a5896f5770ed155112812a558
-EBUILD p11-kit-0.20.2.ebuild 916 SHA256 f51b56eeaecfdfd053706f769d8ee28d553bbb855330b15c523d43ff17be64d1 SHA512 ff1c227776732f8196ed8f58f49e649817ba26878f33056d4ffc6c92c7919085ede1d6616ce8a114f66ae58d87027214f711d0dd0cd8d9d4e3c024fb61ca69a6 WHIRLPOOL b8ab38a9035f883e285868b583f1167cf481066992fec10bfe4a8d95901cdcd17f6d215f7355c640ba1c7f70fe56a906457f6d451cb4734318a98d24046b87ff
-MISC ChangeLog 6764 SHA256 7d6335b3cc9dd893d0e1c9b9157afc7a9568a82961054fb62239a6ab368cb3c7 SHA512 cd23e7f8aa00ee0e140628e8b0d9542ffda5e7491ec036fc1c549b468fd391fbc1d77e4e1470cbd410b337aa233ff4dd7d1632d8e1620dce4729514dc26fccf8 WHIRLPOOL e9d84e887730dd72177d912e4d008414d99797eeef39d8b6c21cc4db0e031321ef965b695addc648cebe7f656b3e9417715ccc2cb0438b604ba1a7df892534ab
+EBUILD p11-kit-0.20.2.ebuild 912 SHA256 f61b663c8396e3442e79ee531a77ef9f7e5a2357572d9a28dc4ebc73a0ac53ab SHA512 b7142639d34e7174eb89b2f2a68b4550ef9a823983227a66455a9522a325a4c5aa502cc6e67fd3e6cc67ab3d29415442419105b59e42f27a9866ca24b874b9f7 WHIRLPOOL db7c1a918c1b31062f1b995c82c3aec11a8c535f1c2e316a103c336dd33f37605efc6491d702ab792f9ac1fc0a728c4f2bf33b43d86d2d8d2719b015555b400e
+MISC ChangeLog 6974 SHA256 5f3205bc8f4739646ae3272725637faa42855e9d4bd8157536107d4bb3ba7b01 SHA512 4a30f9b21494be7de67b73c5a4954995d77e98cd63f065a1f83c6c3df78270e2cec5b1021716f18af258ab4f725c06364d7ca99c5ddf8ea8bf90359c499dab4c WHIRLPOOL 386181ce4660e47922c901f32e48c869fa88f038385c7fd8f2f62d659cad800944fe9674db94fc404843f3bae40b15a4af7c3853b5626b05b5a8dd6b147bc645
 MISC metadata.xml 293 SHA256 24f5bd96c485f51ba93ed3d4789f0455e6c1aa4d36d73ab1b8cedbcaff194d3a SHA512 fb812d3b9cca8a2968d511aa790a4b84cfa2195a5fc91d1c4aec2ea6ffbd8fc4365c3eb19e8fb288b183b6407964c3ebef54d52e0de9ea568933f9edc5d0651a WHIRLPOOL 71a0af9fe956651660e65ee58f9804636a0ab0e04d5b77400ecae3bdc1eea56de5a40cbaa018fb6a9bd9b64d1f49832c5f57c4630fc577a4ed128959a41597db
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlMDyPcACgkQCaWpQKGI+9QfRwCeN9Zyx+40Br5+sIYN+L9bXg4m
-GloAnRGz+VaRZkP12TiV6LuODnRuyoRg
-=F0ru
+iQIcBAEBCAAGBQJTBmgWAAoJELp701BxlEWfk/EP/R2yfNQkE3e7SmpL/YQBEb22
+LzTaAZ/gKWaaisk5mlgOoQubCr5a6DYUstMkIcYFlQKfGT5pOtU/zWrELwtasqy2
+IhdN/NXBkbtlY7y9m7XwijooclEHXDxm9JXrtqqeFgOzrEupxKqIdzi5CDUymclX
+VEQ7Y0LikpR1a4PwiQ78GwQXa2Jc1HxnZvCz0eEmXjCdTY0GbksED+Ve2FhHXCnb
+0VWlvyJs3IajIgUkfr78v9FDxsJ+GRXyCnUmqNC0TlCEYw6/RLEUj4HPBN9QCCy3
+3imnuWE4CESpJkutHPM/pwdIVCnINuyuB3peiBrZnP710VO28fKtr3VJZawOt10G
+QzmtKD3H9sJkIjdnI33PJt9aJbM1Lxh/sN2vMRREtW/6fRKdmlkXL8NCFJnl9suU
+ne76yOsyWnxN00Jt7OOa0+U2/t8F4uO/f1ql2kbeaEKIQ1EVqkqPxgQT2t4L+AyU
+JnAMESeXeNt3RfwXffSbig9cMX7acRHQ0sXvbGfZQlfxsDy42401Anlb7QrENblH
++IFLb3bT4DmwXMrzihFV4m5CLD0V+SesizQ2CfI/MGZrBQI+MWERdFWwnQiL8Xc+
+eLI8lKX6V1JrLEHIWmiYCoz8XLku2hQCC55qYoqREtNqDonYQ85qJ1m0dG5ZF7jQ
+PhO8HR+vXnHhGcibgbgs
+=VhxT
 -----END PGP SIGNATURE-----

app-crypt/p11-kit/p11-kit-0.20.2.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/p11-kit/p11-kit-0.20.2.ebuild,v 1.3 2014/02/18 20:56:22 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/p11-kit/p11-kit-0.20.2.ebuild,v 1.5 2014/02/20 20:39:48 ago Exp $
 
 EAPI=5
 
@@ -12,7 +12,7 @@ SRC_URI="http://p11-glue.freedesktop.org/releases/${P}.tar.gz"
 
 LICENSE="MIT"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha amd64 ~arm hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asn1 debug +trust"
 REQUIRED_USE="trust? ( asn1 )"
 

app-editors/emacs/ChangeLog

@@ -1,6 +1,9 @@
 # ChangeLog for app-editors/emacs
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.606 2014/02/17 08:18:21 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/ChangeLog,v 1.607 2014/02/20 20:59:41 ulm Exp $
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org> emacs-18.59-r9.ebuild:
+  Fix SRC_URI, old-gnu is not on GNU mirrors.
 
   17 Feb 2014; Ulrich Müller <ulm@gentoo.org> emacs-23.4-r6.ebuild,
   emacs-24.3-r2.ebuild:

app-editors/emacs/Manifest

@@ -16,25 +16,25 @@ DIST emacs-24.3-patches-5.tar.xz 3260 SHA256 ed9928b23a8b73b3ad265ba6866f609cdf6
 DIST emacs-24.3.tar.xz 35565352 SHA256 70aa2942e9ae689ed17eddedfca5027c364ffbcc8b59968b1645e935f4c7058d SHA512 a1300fa10a9fba2db9735db3d01382bcda89ceec033976c4622796dfdf6d2748ed5fa73edf229182b368190c8acbf706810dd5f344542d2c0d294154bc2d0ca9 WHIRLPOOL 687ad4c7d69b41884bf28269bdea1808e03cdcec5a5218d0bac23c07cca3ced341ef98b4d5892149e2dbe899774a5e60edde9931d6c0fe41687995f530fb61d8
 DIST leim-21.4.tar.gz 3291433 SHA256 db24946985dd644bfed18815d6e991dad27f8ab1fd5823dd6dc4eb8dcd04333b SHA512 c361996f7a3fcc550e7af30a7df3f692071ded2c9dce998e72f537b0e8011f319cfae1742d0be463608a86852046cba23037a29c3ecdcbaf5976807e1d1a1e2c WHIRLPOOL d7f25d5d491f323b80609567ce5cbcb5f20109cdd4671e9972c79279a3ca5338bbf67d35ae8f0bc627bc06917f545d71ab1f66a09c647f47ddaea26772bfc5c1
 EBUILD emacs-18.59-r8.ebuild 4717 SHA256 c02f78fe6fd68875a658b7e50f5587e449db5586237e83a3242dab206bb1c5ce SHA512 ed924f35e1eda58dbfb807f61cbfe32bb549bc311662e6cbe2394dd64faf7939a23216ef9eb4d8c3f723f9ab80938556923bf385f739aba7bc8050bdccdbfe5c WHIRLPOOL a3fa2c4041bf29c562d2e18664ed7c4b2659487e0d5657aefef3f1638e5f1a8d042ea5b20ef4a8e73385b83331a2559c07e75dcbb9722a0b3565c4701250e289
-EBUILD emacs-18.59-r9.ebuild 4766 SHA256 9f98a015268909cb72d1249ba03be2e8ce50cb287cdc3e98fd14d8c55ce4703e SHA512 4d58e5b85c62504cf1c1ed1f3f0b65f1352ee7a9128bfa3f81f4ee556cd473a173ecbf0d3df8d15a33c54f2f6332e815dde837572b8d41e99dde47ae81e6b271 WHIRLPOOL 010235119630bc118128713defdd390a01263e31f7908fea924a04cd7e2f0ca7398c28519c5a0bb6e519c02cd35b21450f6622d0bd13fcec98f719b923c19478
+EBUILD emacs-18.59-r9.ebuild 4771 SHA256 861bf1a45fa18686eb3d221b8670e9263ef84018546fd26ea8ae7d9330582460 SHA512 5c7b2835a05d6dcac87873856d1471603f80fd0307c4d8cb1c7cacbdd3543f2156c89ff6ebcb85a0c6268f75115afa06d0d03adc8272b08e2fe0589671828456 WHIRLPOOL 817e9454f4afb7df3f3f247cb1f4f0db3daa3b82462d5839b742a2b34b2a3566ac60bb5c7ecf18df548f5cd9a036b32a9f656bdce471b4d4f16ac7f7c418e714
 EBUILD emacs-21.4-r24.ebuild 5286 SHA256 564082d9d96421342ec92f1d303ea07fb44ccf4c10aaf0d746a4fe8466ce7f74 SHA512 dd34062685d7c81e080d1ecc31de6c2da5ff6bf1e8f86794724c4edfad5dcd325e6f10e90f96a4700f48186bb4c887a962322a97ef15f57544aaab3250885b26 WHIRLPOOL d1baaf141b4833d23f12628b21b168f624a3f448b05103f123034744bd3de45d209369d6c3b91f038a31511e19990eeb0c1ac02ddb6da28123080726a579195a
 EBUILD emacs-22.3-r10.ebuild 7738 SHA256 5a219fa5f170f33347f07f4fcd8f52e8290bb3cd0c0be2c4abdadefd311511f3 SHA512 35a1450f8cbaeee5a14b7a8fb5e428e473b86e3b31481fad0144168a07b5f3158c9b2c3e68e244f1c14b8b044b1d0736d66e249239482ca3aa4b8be4ad8cfdbd WHIRLPOOL ace481ef8a33d517cb153545fd310761658d592da4232ab8d58c79e4c42bb742436a44fbc99ad91f472b9586bd62c20549347cbca7418c133a7a5b92ee66ba0b
 EBUILD emacs-23.4-r6.ebuild 10801 SHA256 d73125c366b49db835f739fd8cbc1b6fcc3fb9e70e13eb8f36843f21c335d7d2 SHA512 bfbff187751415fc6ffb23932ade7d66950ad8e0420a8c297415e7266010889f29beea3178e6a84a9185cd665d01c437d56cf49eea5fd580765a57de83b19225 WHIRLPOOL 46e90e02677419356a92e7c13c51d6ff7f11b5e12c117c00628700d4def529a9958f661180c13bc9b616ba4abefe68c07451ca8f278130f80faf155d3c4ed26c
 EBUILD emacs-24.2-r1.ebuild 11004 SHA256 e0b04d9da0ec883437134abd0253ea6ededef096bebe5c76a64883489eb9b89e SHA512 d3a40b1c261d0b0c217d6fa1b4874781b78c0c27e6f8662f4ce0f279d20dec5e1b32ba566cf56df25cb8f7b1bf72b54a7c4af478dc95cf948edb77ffab3682bd WHIRLPOOL 22e196214a7bc2ab00b40711d6d51bbac08cfadc2e6c9d5778be02b22c406d3601238870172ef28ae2dc47fdef5f86d35ff83aea6d88ee23112b06f2c0fa2dc3
 EBUILD emacs-24.3-r2.ebuild 10786 SHA256 a6f2a4ca08e974997d213f0a21fe0b905bbf67e4b1011310d679fd05c0cafe06 SHA512 17a0c52e9fba474ba20fc3a6afdce26d41a33ee072f4402c3cdbd704ffa2163aeec3b7cd90e223f7d2e6abce626744855bebd667cfb6a906f9276c400a9b40fa WHIRLPOOL 56a8fbcafd7cc74fca1065680468073cc2785d17df9aaec90347e5086481f0f0403ffadeae8186bfab9edc504a04dce04617abcfbb24b5b9dc766d878eeccb89
-MISC ChangeLog 83918 SHA256 a5a831ed084b21fc113fc497c037d1e0284306c3e4a701e7243f555879f524d7 SHA512 7b0173d8841ead8e695ee7a1fb072f6dfaf310e42f2022bfb033297656fb365504de3d9b31fb60b1887d02ff6c99143768a6e87a3cff5d52afc20d7b8b745181 WHIRLPOOL 394b105f05c164e6a4e100b50ff9517a71c7d482cfb8ac34e47ffc22c894a89ca69ecc0ecad5ab8c13cb8c692a5157171f748dedf71340d5008b269dcd1f145a
+MISC ChangeLog 84035 SHA256 f3304e47aea2c1e843be8efb9862be13e79cc38e15ebe2d7697841c2a66a373d SHA512 babf388220c16d605c35927b8f8433e60b94d6c590d5079af881a596c0b4c07c0a36914d6339976f9e013839a5b53d53b7189ca2c66822ea6eee9ad8006c97a6 WHIRLPOOL 3f676084ae387ebd7e7afa1f1a7ef6846a73453a25f4ca04d94d4aef24535b940b29b137d864f98165e11696b4e1b62c42a833e97c2b2b5376678a4c356b6f90
 MISC metadata.xml 2554 SHA256 94ab92fa323dcb5747564f95bfd1e2a3eca2511cd3e95b48e4ca95ea40ac8238 SHA512 24207b2227969f1d87126bbca5046f10f848f22584fa9c2a23a88ebb854e4344cc564902be1e6e1b86ae8b9da416f65ccf6172d4595633d6063f78893f9ae0c1 WHIRLPOOL db5cb9f87e4804152bf0a41807497733f4a4c382dd634b2ba7cc41fb6bda07191adca7e68b11dcac79d681b3b17dc9a4d629d0b8d152cd8c148883e754385155
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQGcBAEBCAAGBQJTAcXbAAoJEJQzkH1pP7W429ML/1geNdTi44ebeDMVqXXmpKDa
-r9tGyGbEncbdDWFWXMiG0ilnDSmdMtVEVEHXanAvCEtq59F13YTpUJy1bdfGPwOs
-DamDc0GAH4G/+rZw1TFl61p4l9iGtp8I2ZX+n52bI5MSRH9PNObOD30LoJfvhU4c
-W68fvnL0QcdPDsGHNKLKz8AtOVkCOSgZF71EqRm3+OpRqy6thvcYofgPOI3Rj1RB
-uqd3EbCQS8xNZGl3HCbmFOday5slLvBXi9fFwMnBdeCdFcD72b41Jv3uFyNaYVIV
-rXdzx2TkR9OxlFA5eIJxA+wZtYHvrfuQmsrmhohtZGUmXmZuo+BKBKglJKi/m79q
-M84gygsSv+fNDliQaou8vk6SCg1ZfKCIjNnKhWlyfBqbFBP+rAsfXH1BhXuPARw/
-UPQJqLXbdakOYfvKL2iyyPaqV7+GNfjFlBd2bQYXI1DdXST809w6K3s1nMzYD6M5
-/mNibGE7IjMhNd9i8xHFC8IEQME+nHQuwuoK+5zdyw==
-=9sWD
+iQGcBAEBCAAGBQJTBmzVAAoJEJQzkH1pP7W4qZkMAIIcHwTuGrmqqbtFRvAp1SZp
+0PAa0za/Fs8TmKQWDjVbouSikCfwWApWWLRtNXSKj3JWUt6LGiHWg1XT/OkUnmOI
+tZvIyCxUSNUC4xaP0EdMrMXZF5sfyEvGI8jJyXlEvU7Uzjva94COIa9bmOSnKQDA
+JLIcKeKnNETcF68CwfeJDp0bs3XfqyG9NygwJUZROpRVair3SsWg5K5ggu9aI/Ya
+elbdvtnBkFxlJ0/UgrS045lH22BPzIPbhnSCwOcxKhoWzhBG5ZRNFzTHTY4vQxN7
+dnk4yDf1cOV+BDtJ3/JdVMyZmN1kVeZ0V6ruDLaU4qlPUzDKWrKfwcDPlJLz0X3D
+pJ51xHv51HHy/BUXVjUv+RZRQhH0XaZg2Fclgf1kJPY95u2R0coeRAnDIejrMYAv
+qFxEnAn/WK23y5wINSXgRLir3hxYo3jInABKLu6hF0lGU3V4jnck2w/vSTomZq5A
+Z1e7ebiL+Vot1xEE/4gGwc4HR7xG6ecPjJYKTRKIiA==
+=2z9J
 -----END PGP SIGNATURE-----

app-editors/emacs/emacs-18.59-r9.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r9.ebuild,v 1.2 2014/01/25 16:11:17 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-editors/emacs/emacs-18.59-r9.ebuild,v 1.3 2014/02/20 20:59:41 ulm Exp $
 
 EAPI=5
 
@@ -8,7 +8,7 @@ inherit eutils toolchain-funcs flag-o-matic multilib
 
 DESCRIPTION="The extensible self-documenting text editor"
 HOMEPAGE="http://www.gnu.org/software/emacs/"
-SRC_URI="mirror://gnu/old-gnu/emacs/${P}.tar.gz
+SRC_URI="ftp://ftp.gnu.org/old-gnu/emacs/${P}.tar.gz
 	ftp://ftp.splode.com/pub/users/friedman/emacs/${P}-linux22x-elf-glibc21.diff.gz
 	http://dev.gentoo.org/~ulm/emacs/${P}-patches-8.tar.bz2"
 

app-emacs/css-mode/ChangeLog

@@ -1,6 +1,9 @@
 # ChangeLog for app-emacs/css-mode
-# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/css-mode/ChangeLog,v 1.10 2007/10/29 14:13:51 flameeyes Exp $
+# Copyright 2000-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/css-mode/ChangeLog,v 1.11 2014/02/21 00:10:55 ulm Exp $
+
+  21 Feb 2014; Ulrich Müller <ulm@gentoo.org> css-mode-0.11.ebuild:
+  Update ebuild to EAPI 5. Specify LICENSE more precisely.
 
   29 Oct 2007; Diego Pettenò <flameeyes@gentoo.org> css-mode-0.11.ebuild:
   Add ~x86-fbsd keyword.

app-emacs/css-mode/Manifest

@@ -1,25 +1,22 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX 50css-mode-gentoo.el 206 SHA256 8d82f877db8e6a6e136306a6d258e0a0325c4f949bea22f86b485a5f73dfa1a6 SHA512 a6491a40ebe653bac259b8f5c2b1e552b258511d0c87b4ce0b99e172c16ef657efd797924f5835e1760958b9be9ce0eb090cdaded93e3c785ba78d84539298d0 WHIRLPOOL df32720412c25f4437f215037b258f619b6beed14c0f67054879b6ee5794bdf93fe6c6b23d8bebb3f2f12b6d2197067620cd893f6c967d26711fc2e551216c38
+AUX 50css-mode-gentoo.el 171 SHA256 1f48e8d470f9a8e8de545a5c10529beb7a9265f17671bd45018455783d1ec8d2 SHA512 18713c42439aa4d076b7154035ba369060bfc8a0e98e845b7140e137b05ed0aacc2a25ec93612e950fe930c5605d6ea909d5d1ed79433d1472f357bc272ce96e WHIRLPOOL c9c97b77bd3f8aa00522be5f7b6e752ad2061f5c32bf6d2d5813fa2e8cc5862e93795fa442f9934272bf70499b2679d204ed11b373bf541499db68e25fddc8ff
 DIST css-mode-0.11.tar.bz2 6848 SHA256 f7980d13a2d5ba2ac6873fdc2c7b54db5c13e93294a2c1068b4b04e7b6a2f7d4 SHA512 b93574fde8bb24ffc4dac6ddda20db3ec3c1834c1201f250f24805d31c7972edc2ffc157e7717327e7baac5c71a1d943a9d80bc7bec96be99c44cd2ab16e0e03 WHIRLPOOL e9036b4ef8604025aa123fc56c51b2171f0027d493134b89a96d2eceef3b0de3668c5ced5396c684b3ff8cfa595eb21d3ddd491a3c2b45f486955cee4f020b30
-EBUILD css-mode-0.11.ebuild 780 SHA256 1dd1224e15dd85229c25a03167364cbd9127fb5e6b9c62ce412f0bd449ac4019 SHA512 ff7046090d5f5c98c66dd1042b6090f61785af97a40443b97b0828109f343d29b0bf0321226b4b1d16aaf8d130214a2dfc26d901814f928e717ed0418ef4bf2e WHIRLPOOL 4667e81b1089bc878aeb5eccdfe050d69842ba419587628706308984b4c6bd6fb0878332253383ff0a6bd7bc25fe98b028938b5cac78037514a7f09280a4371c
-MISC ChangeLog 1039 SHA256 73314476f1279e6275fbd90e10e07e66869e5fb8befc075ff27b29267161bd36 SHA512 d475bab022a795843ec65607d2b4585667d0e9d09bb2acd03308bd9ac59fde8e1497c9d95a75a13040ce5a397dbbd02005465853075774a2a84b91c6026b78f4 WHIRLPOOL ebae4293841fba7501113c32512e709212d47c646f9f1884e1084f5215b1ee940e32cca6be61e41af0a2151522ed7dcd9e07a340ba5f1e28f526f5fa84a38020
+EBUILD css-mode-0.11.ebuild 705 SHA256 116b93f10ae4e58ffd06e70031986bfef44cf8df40cc1950bec3f0c6485d67ae SHA512 39651313e542ef7c0c9b814c811e2f04eb6637445cd15d5932be5c3fc34bcd76d3451ae499aaac5324dc4aeed285e453a36a6960d36c9d32dfab6aeb9c854f98 WHIRLPOOL 37d0e752cc78f9ff8b4195e66971d2cd769615358641fc6d7a798dc12265e5fa47c966b2598631c500a9c16fb166fa3cd475ad32e3e105576505a374f807a1c0
+MISC ChangeLog 1162 SHA256 8f0df2d11ced4341266bd23eaccfeb9ee1b0ade80e6ecf8f2c2a90934def800a SHA512 4acbe48fcc6c9838ef52ce084ef259873cc2207c33cd61555ea3e463560ecc55d250cd7ac6ab67dc39b70407f49baf814a9b70ad6efb8a58c147b52df73a56d9 WHIRLPOOL df298f1a9e6c8f574a58ec69d9122808592b94b8c014d76a0cb878e480dbd7570cb7ddf129e6eccbf55020f6726ee9e2d0ba4c9a1b4fd79d4e41b13f47825675
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9ev6AAoJEDxpGckxwJCB8LUQAI6I15UBzICHjJ6OqZwLRWbw
-9qQT/HzZn9yAlzISO53OM1NtiZmYZw6n0X0mVnBqvVnJsqVjZxWHeDW6AlgdS9Jx
-+JiNW4bjPVeKDWpT/LDnWRItejAMV1QPQ0Mz/zxZj1Llt21ZuI/ZKxg2HjW1MQtu
-dUBDtjuxFfavovcGHHwYzW1Lty5MT5Y/kdsH/ZPZOjCZNalZuSJm6Yn9075GlW0f
-3ZyythcpyHSLh8/xmdOltjO17KLUdqYHudRPOV8ctBU4H8br/Z8YEE2YHGjCN6a/
-gt9yI+HQNdvFdRXcejJ9884x4UV/Zv74NihyWu51GHXI50vXEjj/wmisLEbNmekT
-PnCgNSQ5vH4Y8xBcSikvxX365KX3mPzYlh3j5DvfaFNmvHgr+ci/1Cf+NJO88tN7
-GsTHQWMLmkzPPGS8TrCXuziQdsyW+8Tiy5M860lUdar5fGetbKcakStxw0KDe1Bd
-wy5IJLvJHGWXTL0VV3ITY8n6F0ou/htBkjC7vUnuY/h8YxIpPb6dP+UGVKsr5McS
-69Uu1Aos0W5WMbfE5zYwerNv1qGlGibMD0xnZZKraGTejG7/URAgq6J7dYQVlvAU
-TS5uFE8njtEdwTktWM/dRsVtpdi39DcYQB1jxnxCCzoXour3MtzvEgPfjtoBUuxd
-Cu8vub0FRRTq3xJGq7RE
-=k+hz
+iQGcBAEBCAAGBQJTBpmkAAoJEJQzkH1pP7W4qdML/iXeff6d+SCR4vCJ8s700pLV
+Gpjx8CKow5ev4zamXKltUe0w3zLA3klWiFM8DhaYUqIkwyINFeasRZmKeMkviPpP
+EVrWyC5m8EZyfm1PSz6j/I57zbVQSLGpJ+Wwz/WYdaRbiPY9oBn3lCSfvIiUc2ro
+vTZj9n9m0ESTKjQSUVbwdZpbA9IezGBzRIzw5Ye6KFGxgPdznvQftgm0bVSAhQ1H
+P0JLrdCatn2sLSYNmO70SLIrY1h3Rw5VCP1pCTsZDRL0qftIhbn2zvwSmiLbf3WJ
+DNVcqfDVr6AGaUSsDxLLbeFyH96FlyGLDd9FVldUgcjJaxHpCqY9xcTJzDcI92gy
+YtwsA5+nuL3GHIHVKbEB8X7MSYIXMSqTWM58dTfr8CT5PacVIYo+LBJ9QcC885ru
+GIYYAu8Fzgkb0gEIVMSQ2PuAC7uGtiQGMwx1QkUcuxwQOZa7oK1x82MUCdFuDzgj
+CqF9NTsdWACJPXwvQ0/sJqK4y01RWjfy10lCr+WmeA==
+=rWfW
 -----END PGP SIGNATURE-----

app-emacs/css-mode/css-mode-0.11.ebuild

@@ -1,32 +1,27 @@
-# Copyright 1999-2008 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/css-mode/css-mode-0.11.ebuild,v 1.10 2008/02/14 10:07:30 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/css-mode/css-mode-0.11.ebuild,v 1.11 2014/02/21 00:10:55 ulm Exp $
+
+EAPI=5
 
 inherit elisp
 
-IUSE=""
-
 DESCRIPTION="A major mode for editing Cascading Style Sheets (CSS)"
 HOMEPAGE="http://www.garshol.priv.no/download/software/css-mode/"
 SRC_URI="mirror://gentoo/${P}.tar.bz2"
-LICENSE="GPL-2"
+
+LICENSE="GPL-2+"
 SLOT="0"
 KEYWORDS="amd64 ppc ppc64 x86 ~x86-fbsd"
 
-DEPEND=">=sys-apps/sed-4"
-RDEPEND=""
-
 SITEFILE="50${PN}-gentoo.el"
 
-src_unpack() {
-	unpack ${A}
-
+src_prepare() {
 	# Fix documentation
-	sed -i -e 's,HREF="/visuals/standard.css",HREF="standard.css",' \
-		"${S}/doco.html"
+	sed -i -e 's,HREF="/visuals/standard.css",HREF="standard.css",' doco.html
 }
 
 src_install() {
 	elisp_src_install
-	dohtml -A css "${S}/doco.html" "${S}/standard.css"
+	dohtml -A css doco.html standard.css
 }

app-emacs/css-mode/files/50css-mode-gentoo.el

@@ -1,6 +1,3 @@
-
-;;; css-mode site-lisp configuration
-
 (add-to-list 'load-path "@SITELISP@")
-(add-to-list 'auto-mode-alist '("\\.css$" . css-mode))
-(autoload 'css-mode "css-mode" "Mode for editing Cascading Style Sheets")
+(add-to-list 'auto-mode-alist '("\\.css\\'" . css-mode))
+(autoload 'css-mode "css-mode" "Mode for editing Cascading Style Sheets" t)

app-emacs/distel/Manifest

@@ -1,26 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
 AUX 50distel-gentoo.el 234 SHA256 381c351c434675e8dce2aa365c6cd444460172541d650d0d69ba678697bf6a33 SHA512 730432ce41672107600cf9256d9c64b41d1a924d8e6209b30acdb6dd6d3ad47272c9521a72652404b04cce964b633ff5ecd3b58ccafa528cbe6c03b17e6a2f92 WHIRLPOOL a8f213f6e5b0239b494e7873631030db42dd6abec8e82a52c8b332449797a572aeadfb400e82f14a69b2d3d23eaf35281823d170e042b053c7eb4a6f784eebb8
 AUX distel-4.03-fix-ebin-path.patch 1152 SHA256 0343e67b3fd5f114cf5da5ddf755cae120ef41bbe31cce78122cb530262bfc0b SHA512 564ba0b0ffbf1f2c221f6f0a7b18861fa44a2a979930afb16c49d69c4aebdf12f91e6ea07b1acd96143f2eafeed4d10328d136f1f4434432661fec1aa5428de2 WHIRLPOOL f2b814c0c95eb26198cec6b45c6815a9fb644437f6bfc521ef50b4e976f065ebcddb3921aa0aa8407a957f08582ac6dc7e8b8b829088e23aba2334f275c64268
 DIST distel-4.03.tgz 210737 SHA256 0fbf14beacfa6019fbe4f453d9b0748e160a82995798b23f37ff4d02dea16551 SHA512 68bf73c873fe3cf70e1ee29ab27ca71a8a51dcfab8cf3466ccc76ce80f77a12bda15006014648c8ed2e407d278feb15d28d0465fc678aac9b8da37faaadc3e8e WHIRLPOOL f58015272174199eb6dc0ebf79cfd4d09fe2451f5710af2b83c147cbf4d18606c5a799835f580cae2904a365ced9b80cc469d28e7e6b2b5fda1e3af3162c9d45
 EBUILD distel-4.03.ebuild 1188 SHA256 b989016cadfcf528a983e55c8a1c2520582c8471360ced826bc8dc7e8ae2f5ce SHA512 bece58ef019b24b31ac88334e32fe0ba4b048c5ba8298a4dcf7b4076009d1c7b60bdfe3f2a33e09848e6cae3ad7233f4384333d3a8578d495e26772bc81aeda4 WHIRLPOOL 92dabd741ac4064913f107b7acc87d5c8b98ea032aed26bc5a6c3172a65b9c3b09e6f90e30780a44900f9620a522c6f643e3b1a7434fd557ebd4b15bd7d8ed6d
 MISC ChangeLog 1133 SHA256 c082bac20a75d99cd761b2217d00d044ee608a69a0e92921205605dab2419e85 SHA512 111b24784e04df5492472fc9cb65a66bec857818feac2278391bfb67a307419d5c23fe29b6b16c47e733df0ed50f49f616ae4259f093398d647290df1dc37b37 WHIRLPOOL 4150f384172f4e53f80549ac38d9d1fccba59da70b52d87fe721f6e1568f41901fbf87e9db6801aa775caa5574e359ff3386ec99eea9159cc61295471806ef67
-MISC metadata.xml 235 SHA256 1c910e039c2e23bcc3b96f7bd8156735e1f8c1d8e8172f9e99398a13f39975e9 SHA512 fda6d42fcc139674ff870afb4d05de7057c427d828dda8c48e171ab1f5d4831a8d690afd7950afd2ae9b63b7b7bc0fb64fbfa2f1d5149bbe135808fc59ce6afa WHIRLPOOL 9711c8e4e49577fcc8c70decda0e4badca57bb2cb6f8679d7687f5ef8f17e47537cb8b04a08d6b7f7fd6b5fa84f9a4b87d2d89e469ce50bc10e81ed6ec16fb65
+MISC metadata.xml 232 SHA256 5b7aaa25f22af9f71a5cefff6bf72d7861c538c8a7870838aab3837219d1792f SHA512 fc48e01b70a11b5fc07e188f4f29c8e35cac6fd12058e370146a28835778f283dfd4872598df7156dfa4b21339211b07b6402ab452d931641a78c9dcb505c634 WHIRLPOOL 4b332e8e897503fbda5c7546e6815c0262c2c97fcf499711c65c7a55cf964339f9b338e8da2509f3793fea85d13ac5d12301e849fb53266f17e4dffbdf7a3f6f
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9eyeAAoJEDxpGckxwJCBCBsP/1KfZlEyBsV3xqWuwC8yru2M
-yDlSTzSMkGhuxdv8iSv2ziPX34UAz4E1UkcI+FAb7SVyfPfV+ifee2Mz4Ihzp+Jy
-OfQoIGCZCUpndaiXwANDc3QMfcByCOn4eFWs+PNma6j8odd1hPFE1rLTa/iWC7yM
-P5j1FglESyEO5MCo1k5xOCFjHDtrYWWWmHe93PN6rF+QsXObVxhzxeMtfymqL3Fs
-qDgnB4bvnMfp0Ljpvgpk3WnFD03gDnuLiFnScZCcTllnwmk+1EXQZOMPyMT087jR
-y+gWW7JC8X7omyW9LQwJhSHFyRC7oIs99S2RuDne9C+GeWmG5oUUAdx/tFXoqcb2
-bToIaTFb7wHCINKKMAEsFN06DfNTiIh229R/fBXcJukzDMNilhMRe3dCCXz0ipoZ
-UWTOw0N1KCpGGAfaLgiwVgIkeVkNUfS1DhiLNTQgqBn0bgxRgxPyyAWLmXBWozcL
-Gwv47MGLfTAkE2pwaw/iaYw7wi0oovoTaGuS8trqW0gRvRR/IZvluJiE4nuJj+OJ
-5f+Vc27YAB874oFaJAYABEKJgtqRslu+SAB/6b/zSW2bLa01lFTfFIT5PDHL760C
-Pu6l4MuZjArWlmOEatpsNth2OA8VsO26fuC91Ku+3W6jcI3N6Oza1q7TygAz1fPW
-hgLdkbav+PrIwaDywZ89
-=N0bL
+iQGcBAEBCAAGBQJTBlkVAAoJEJQzkH1pP7W4urQL/R6+nAKrF4ehd7DDoNSLoNbD
++mk4DzzupX0WFoyR3YviehC+DW911flnJ9D3spNMdgzGOdKinZR771uELtrYG4I6
+UVmyb+tcpUDKm98oxQYm/v47zkuPxlmSfAkwrFqCa4YNwelMd1/W5eyo1XrXFuB7
+nRxszycgyQq1NyKHw0l6SunotjK9GDqlnQjOIM29P7TZMieq2SLoA/7o051Z2lqF
+yOkJeVJ2XHQo210tFft80aLlHzM0R64dBN3T3iAmHEF0iGicB9SNuxKQlXUqS/Yq
+waMj+iGcb8xaszno//gG1JGcI4u9lPF3ieun6BRyl4hZxnDPzCP5+RLScN0glM2e
+rJE24DMSKJu02sVF3lTAZBQOXOHoanRYTbwHz3VaBKb3h1UknadYYqLMeqRoQ4q5
+f4aFR76/1k+uzFGe5YRi6szifED9avhvJ85t6+tX/Z7YqZ0EXCo8G00NZnkeuW2N
+R4q05a8nZYohZADId0mVfeAbo6baw4Yg1cAS+D7zsA==
+=CzIl
 -----END PGP SIGNATURE-----

app-emacs/distel/metadata.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<herd>emacs</herd>
-	<upstream>
-		<remote-id type="google-code">distel</remote-id>
-	</upstream>
+<herd>emacs</herd>
+<upstream>
+  <remote-id type="google-code">distel</remote-id>
+</upstream>
 </pkgmetadata>

app-emacs/initsplit/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-emacs/initsplit
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/initsplit/ChangeLog,v 1.9 2009/01/29 02:07:42 fauli Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/initsplit/ChangeLog,v 1.10 2014/02/20 12:25:30 ulm Exp $
+
+*initsplit-1.7_pre20140203 (20 Feb 2014)
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org>
+  +initsplit-1.7_pre20140203.ebuild, +files/50initsplit-gentoo.el:
+  Version bump. Snapshot of upstream repository.
 
   29 Jan 2009; Christian Faulhammer <fauli@gentoo.org>
   -files/50initsplit-gentoo.el, -initsplit-1.6.ebuild:

app-emacs/initsplit/Manifest

@@ -1,25 +1,25 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
+AUX 50initsplit-gentoo.el 91 SHA256 07bc4a2888123ddac344ebe1696211b5bb9f8b9ccba0173f33bb3a60ebb9e917 SHA512 531d0f480c3787453b182be3b9fe145fffd9752155b2c26df3fdf0b497cd058f5978687df53e43046c1f44f4908679783756377998f49dc407a6e18956bc34b1 WHIRLPOOL c0b35226570b0f5fea40a51ee0631ec47087658fb8975b6ceeac117a14e7ebc4aa8750c93fa74c121f46f898ab3a3890e1099c70a84ee6576041679265581426
 AUX 51initsplit-gentoo.el 521 SHA256 6e66a35f5b0d525880d7d93152b23908514d1ba9f426b1c69c2c006f9ec45a13 SHA512 f36e7d9e07cbd47a69d20c6f61b5db0cce6a07f5ee597917a8811eb28c2bc9f04721c4b4726b6792b35d3287851e876561b2ef86cdae8ea06cd7d313b8fce4a3 WHIRLPOOL 9b4ce0a930c8270898d3d5fa2dad9b41dd9629a4483f93fcca9ff74962c6561a81d9d75390578d55ae4c8bf4d3d083b5796edf004184d1154781891f520336d8
 DIST initsplit-1.6.tar.gz 2454 SHA256 64612a8bdc43875b2889549e1182cae39041676dac92151f53bca0473cbc4e4c SHA512 a03217a4d30c539cb0413d517c954015100f17c1183f3ca7d14a7edd5c4ab7e258f05e0c1c8fe5ed6fff1071eda0f9fbe10590a27521bb99eabb4cc819fb748c WHIRLPOOL 9fdbeb2ab62934bdc669ea50b74436a317df8181f06645d4085d3108af4b0d2f3ff6ff87eaf71ec131b0172413285b9b4960ea99b62237ea64f859a1613845eb
+DIST initsplit-1.7_pre20140203.el.xz 4792 SHA256 4005271af94ca4dad7a3b6b084fcb1e5b93097e98ee15810b766efddd2f8a718 SHA512 f2c894bb9d0359b5e95760541feb83f465950de732266059b9498b7ee7361ebb843e0d900fec92fa5e9c37547ea160836b9fc24f64c56083e3ea4416b4b52e50 WHIRLPOOL d10ba44154fc6030fed39a2cb325ced928501d8bfddc47b5364ac95b0ee55bea6f3a7d01a2dad166622d2baa247a0188b30da6d2fa5f42ad43cbd20259b8ef9d
 EBUILD initsplit-1.6-r1.ebuild 897 SHA256 6a63bfa2c2b83d6b831247491deca69984c84df0f092b7aeea29e64c3b23942a SHA512 8deed0598984932f653701995c659874494110589c0f47c816fa6b4827021065aa85362e6b49f5ae4802e4473863a6ff5d898f8c16c44c067e9fecf10a3805de WHIRLPOOL 32c5a4c4d98c9ca846d73361315aee18b207fde2b2942a7dbafe157984ae69e5b3830181540022ea8c81cd44fd7a7def68bcee5f416c739d13118b132bbff67d
-MISC ChangeLog 1366 SHA256 049dd348011c081276706396cc210d44665ea64141a07d8367afa41d7e1ca110 SHA512 1139d43879927482e1d6ae0e81145d0160cf85f0ca6d61ea142a67bc8ce29c3e42cde673fed1651fdef855a1239988f3da604a6c18a1191d3dc2b9a3622dd684 WHIRLPOOL 59c807c7b3cc580a63a0f45032a975c397ae368f0eb3b5efb2b8f9ebf6d291731a0380f0c79f118489c8c9dbd89af16339cd60eaf64b96fb148601c7a243e899
+EBUILD initsplit-1.7_pre20140203.ebuild 876 SHA256 281cb2b86fa47f47d0ef9f42f83ae7b7bbaacd14a884b849cb98b6df2e81dc08 SHA512 3a323c8b0db2e5d61ec9a7a717378ea05b212f56dee020815cb227d38985ba84043586922091f2fe3302f902844e16c28e33fdede52460e7787095708e7cd58f WHIRLPOOL c48b8aaf36e95e78e7cd606d973b96efc483d8a02a208929b43c280d9feb4da567c9ced6a4da0960804b496846cf07f7abce46ceba6004b5bf557d4bb3cd032c
+MISC ChangeLog 1571 SHA256 c1c13e1ecf0e2ee9d5b722de2c30f6df6290d9feeba8e70219dd6c465c8f2dc0 SHA512 f995580f6c300f344494d3ff824eae9d101aa085aada716acd2fa740e742da8404d68166a49e2035192a66006831c3d483e7607f23f084ccad59d24f22181dae WHIRLPOOL b82ca4b446104e3d136a73bf80e7bc3154aa1110d7ca540476122c0f5674712022393e4da8ebf423d138853ba17ac3b080ad069cf702674b4ffb4d4908088f0e
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9e/0AAoJEDxpGckxwJCB0XwP/0cjuJ8LlCOYHATYo1dl/DUX
-jW61UXqJ4OoG9dafCAXwpKSHV+2IgiWEQWZbNRZYfafb+NnMZ+VK0i5GXIqpEXzP
-dCqU+97TgafxsAACiKmBbosg7oXj+8mOe7BBGx9yVIEJARzb8OHQW51mVeiFT7zP
-Qv4P3VwAbFHyUSXoR1poO5tabyFem0DZlCuzilfoXA1buDM5dBL44iZsocZ64Iwx
-jWegQSDvecPdC23o+2Wz+tEKiPYL3uhyzts8izIJQMLqOIgggMXk4xzzmW+QWhMM
-XYObUZ66dq4ypauWRS+jfhfDPMOgzaOM8Sxu36/R+V5E+8fyp/Djh+G7qkwcJHyU
-CPazrQd1hoppBdx11DE6f1Lr2b6bwELgv7xxazkkWHF332aqybJ8ZDUFYF2tvUbn
-nLOaMERttF99h3wl2Fa0Ah1g1VOtyKN/VX5FOt9Ax0ejHXpQ/jUOSuKDY7x7nqw5
-DTqt2eVz6wu2vrq+T0/0WISoxD9WW3JYBMeVfueInQz2N15crZirBup43pdkC51q
-vMNhccjnUtvZCzsEPW4o8lH16EyrAFNrehy+DYKKAn/IDKNCSDbXqD+YezykmTrp
-FLHrsHhRrrw0usFOZDhEFsGUGWcKP25HIPw0ZUean8YSl/x7hX8Pdih/QeBhkse6
-apK0ItDkQOhbo/p6H66Q
-=vRNQ
+iQGcBAEBCAAGBQJTBfRRAAoJEJQzkH1pP7W4B+0L/juiC1AQVspYPhc4RTBBbu4C
+xxG8zowdVeUSfVZPkYLWfyqBqZxuxTW8grEc/5Xga3eXkO2U70Y45XcArlW3T0pJ
+FKXt17Ly/yG/YnEwnMcJCHftBc5nCJmspjaFih4JR9RsXy42rlNF7hJ7t+DWy+C1
+CzLQQ0/m2wVoZ0kiuT3SlIT0wiHvhpqgGMbOxbKs0COUIR1TwX6keX5uPsBoYkmT
+O1pG0yf8QDERd8XrwdL7B1dH6ITgWF6l9EQ85LbazjMDNSiDjM8WScxI4jcmkf3t
+BDNEl/uG457SnIXh92OvU+DXZFsnXembbyXdpBqZFC/ynWFjcI7e7oid6K0OQjGa
+AWlPwashBOV9Kxt8a1SlwTleXZdyessx4TiCCB6v5PskkRKtNAs3JyNrPBsj/m2n
+gxfWitNSR4DeaMcFH1HxioLZzimZGAbamV5eIZtWDsnoha7BI/uQZ6G+6mudW+D/
+DkQT563yCKiRXcDVlxgxHWApGhvKVl8sAJTOM/h5Sw==
+=8WoA
 -----END PGP SIGNATURE-----

app-emacs/initsplit/files/50initsplit-gentoo.el

@@ -0,0 +1,2 @@
+(add-to-list 'load-path "@SITELISP@")
+(autoload 'initsplit-byte-compile-files "initsplit")

app-emacs/initsplit/initsplit-1.7_pre20140203.ebuild

@@ -0,0 +1,23 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/initsplit/initsplit-1.7_pre20140203.ebuild,v 1.1 2014/02/20 12:25:30 ulm Exp $
+
+EAPI=5
+
+inherit readme.gentoo elisp
+
+DESCRIPTION="Split customizations into different files"
+HOMEPAGE="http://www.emacswiki.org/emacs/InitSplit"
+# taken from https://github.com/dabrahams/${PN}
+SRC_URI="http://dev.gentoo.org/~ulm/distfiles/${P}.el.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+SITEFILE="50${PN}-gentoo.el"
+DOC_CONTENTS="Initsplit is not enabled as a site default. Add the following
+	line to your ~/.emacs file to enable configuration file splitting:
+	\n\t(load \"initsplit\")
+	\n\nIf you want configuration files byte-compiled, also add this line:
+	\n\t(add-hook 'after-save-hook 'initsplit-byte-compile-files t)"

app-emacs/mode-compile/ChangeLog

@@ -1,6 +1,11 @@
 # ChangeLog for app-emacs/mode-compile
-# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/mode-compile/ChangeLog,v 1.3 2008/06/14 23:28:25 ulm Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/mode-compile/ChangeLog,v 1.4 2014/02/20 17:36:48 ulm Exp $
+
+*mode-compile-2.29.1 (20 Feb 2014)
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org> +mode-compile-2.29.1.ebuild:
+  Version bump. Update HOMEPAGE and SRC_URI. LICENSE is GPL-3+ now.
 
   14 Jun 2008; Ulrich Mueller <ulm@gentoo.org> mode-compile-2.29.ebuild:
   Do not assign SIMPLE_ELISP since elisp.eclass now detects this case

app-emacs/mode-compile/Manifest

@@ -1,25 +1,24 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX 50mode-compile-gentoo.el 302 SHA256 e882a46f36a9e920f5ac2656d97f41e653dce6e0ff23086ce17b3b84f5a38634 SHA512 135f6ec692c1330e3bbb49cae08ccb4ad7b27ea1604f39517ed94784cb47502ffcbd1323b4dabd8429ea282ca98f6b1306facd78368bea8c90493a636108784e WHIRLPOOL 28497bbfddc6e76f460b39b923ca84458b8b75de69784da4accec084d24812b053d722e698d38d47479ffd57f89ba75845534d2fad8734779994953ca727eb3a
+AUX 50mode-compile-gentoo.el 255 SHA256 a222c3c4d39a0b5febf275e2594611182d862c044e0fb74d0bdc92959e8e7b65 SHA512 4214eb678ef2ee902bce458f906d19cc90f2d2f793e34e45b98393dc0d6eddd29334bfbdf1983793aa840f827654b093519686bf643a9593df9b0cd5783d4241 WHIRLPOOL 0f97ac0e55798dfa34224fec1d3f8645e75b12332b40b0193cf6b9978a08b0d74a1287417d55a86f0b3fa8883aea8a4ee357e0b3a6dfd8ca462f5e2bde6aeecb
+DIST mode-compile-2.29.1.tar.gz 22924 SHA256 9c7dafa3a5c5706316a01071a2769beeecf228d0831fceb53d27d4e47c9d0421 SHA512 bc43d9cae411f5177ce70c736041db74c6db1dc5b766b22b92227e9e1324d304276bd104d8e3cac9ff5a877fc48b6da5b904e1acdb6cca7396fc7c26cc572815 WHIRLPOOL 3980e43e28438f5eefbd1d8e689cc18d9cc922857ec3e32b58c6aa6d056cc6798c2094b65de28705db6dfc95e493a06858a208c536f2c9d217027d47c4b311a9
 DIST mode-compile-2.29.el.bz2 21579 SHA256 c7cd617d5b1445638621b37f21a062de41f9b3b3eef829d9aa045a5571cb6556 SHA512 31573552298f2ffa8e89dbdb4155f3c95c5e354966ec4966098fe90bffd0e8fd8ecd86a7453adc10fb551622b9929aa58ce3abeb90b605373d6d4a874aa5ba7c WHIRLPOOL 85f1f740d3f3fe311bbc888bcdeba0a9ebb614b0adaae231d0aeb0912862e79c44130880d1e636a7465c9bc8f92261e0eecf961ecf800b60bbba1d76ee5b0e40
+EBUILD mode-compile-2.29.1.ebuild 586 SHA256 7c77e7f39a92b166f125d55ff1f3ddcd9c345a010bdbfa09e4a0fce5a2fa23b7 SHA512 f599daf6488b343297b92155260eb323f6562955a23ed4e73ed9ac5c5e9844cf8631061c55a5448e7ec6dc57626312a9f18f38079e092f3a1fe23e54d3b9a36e WHIRLPOOL bdcfeeba8a5efa060017b108a487e5b489aabc764f69d4bd4ba1ced7582890a9927f34c49b48e58f92bb2f97d09323ae42bb04fdc35e56ad83c7cc06717bdd4a
 EBUILD mode-compile-2.29.ebuild 553 SHA256 3eb3a7535aa60870248455abdae2cb144f5ec6d737dc6de0ed3f16baf5755d37 SHA512 5ac4a741f0ab1d032c0765aa253bfcd7d18e3f5b03681ac7176b2b68acd635346c507fe17cb7314ba7c1f74959d6f1abb5dd2435e56d647c252d870ea1b1df79 WHIRLPOOL b8bf52c5c2846689e011091446021325379b7c942d9ea785f8db17a62ab1f9569ed16ab7b31e9c4633732c0226cd2edcd086c0aa48f6d25c6d923eec8f6c3c91
-MISC ChangeLog 748 SHA256 bfdbc25727d48ba5ca2d749a4d00220c04e385c92bedf600aebde5bfab207de6 SHA512 bd78379bf9a1534e74c82dabb6fb6db318f084e1739a8388be46e6fc51a57a422b3388b7a2e4c079620d4c563f67994a24c3990a615c20a9eb0fb9af50b40f68 WHIRLPOOL 3508e4f914fa8cd8bd880863c4014996db7f1ac33c164d68d8e4cd1385c76d23bc0d263ad73a0d35e18f86a916913d4aa80b6f9999122ae1acd489213c03e0a3
+MISC ChangeLog 929 SHA256 ae327cda445259c7899cf8cfa50e1773df176c4dcb5128bbafc17a1c671cffa6 SHA512 0a0952bfde2fb34fe3e189304b4a03ddc585cb73072b720ca4c78274373f5874e49eead99c09c57238d22bec8c8c9ad76a98dee8664e2b376137bbd3b109dc00 WHIRLPOOL d31d6fad00662e51a928e099428bd9d6285b2769524e8e4f1df5b50006f94e288d06b21c847c7ffe238cb528cd735e61deb21dfecae3af65714bb04425fe59f8
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9fGEAAoJEDxpGckxwJCB5lYP/A8/SMaSDi00dvDyNB+90s/Z
-6fmD2//DrEIZiEndqU1/DrEJ/MqtH1tioLSnwhLP25HFcPC/kBZPWfKZ018hN0dU
-xCY25W5CY3E5+zI6r76cazXf9yhPurkmLFSqtXLkgFWBhzz7QLm46zAOdPuVZiQt
-oZeDs+3GkrO+n5u/Dd2r0arGY5NOuKg139Qq4+6HMCp9zl9zG1fRWYvYPh2Z0Hz5
-3VIi969/2XCY/LT5N6g7bS6Siv/CbkW6DckmI25NfndM0ilrHM8Ex6hfgncApwPi
-yzj/8XcWiSiCMfkxUmzm4Scpuv0Q1T4MpwuvDGAJeYstgHCNpWSjmCZNYiWyDp75
-6JaTSbXnb7+vifHDy1bvqyi+u2uDk63U2hNRv1OeklOQYV0Nthmwgi867px6umv3
-qI6Y3UQwAszEB90vkaU7RFSYkGJf8m2fKJv8op3AByVRuBkpRVzmACqB8ynworTx
-NYKX0K38rlfgLTaPe22TREho838i6JMH6UjUgI7F5AqCxL1Za98IPquOGzGapoH4
-BNTuTEg+zxkjq4k6rNHVXYTQOSnhKghQM+C7QpwD6+4JvQHaznARkJ6I8wXoqcTo
-nfw/HCMPM5rzpuPeHra5B3MyOLITGmb1VBMWLduhvVN6MTjjCfLW/PwhH4WvMdCB
-LCC6KBKJ1K9EXoP6rWwa
-=PGZX
+iQGcBAEBCAAGBQJTBj1HAAoJEJQzkH1pP7W4+WoMAIlCVWxaxx5PvqD2lajRBCMP
+K4Cb8n51vtu4D0T/QyvRhLmmvFq+kOC7V97syujgLNWcP8AMgQZTrmaEQ1yiZabd
+ihH8AYwTB7u+jmmJBzNekkyTmbT3eHFP/ED7GS49UK66j3ku3xq6Z1pdWdwf8bci
+BPg31Lut2H5xy7LfTpf1VyY6U57msu+vwUoLuy1bZIiOUcBQa/Gw6H4PorcAF89M
+3k2LOLBqbsh+qKJCP1YXYcazxQAkApv8UUL9y+TRKV/7M+bZl1r4he99mo6RbZO9
+RJyednZzl+lBC1kb/CyD1Cw/QeWSWk0qGkkykxHqaxJMQCwGeR3HUxiwft2GHZ0K
+vRDp9s+rxZrSxPqlTNHqGk/XbKYplxfa8LBuxVr7n0F5oBOM1z181Kfctds+I8D+
+TUkiOgRaWRwCrF7pd4gXEURg8m4UexX/Nn9PvmmCY2rBFwAF9hx7JurwAZZuKzCd
+YvLo+K10tGZLq3qqKkBB9EzvkmTen91ERFUJawu4NQ==
+=pkxx
 -----END PGP SIGNATURE-----

app-emacs/mode-compile/files/50mode-compile-gentoo.el

@@ -1,6 +1,3 @@
-
-;;; site-lisp configuration for mode-compile
-
 (add-to-list 'load-path "@SITELISP@")
 (autoload 'mode-compile "mode-compile"
   "Command to compile current buffer file based on the major mode" t)

app-emacs/mode-compile/mode-compile-2.29.1.ebuild

@@ -0,0 +1,18 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/mode-compile/mode-compile-2.29.1.ebuild,v 1.1 2014/02/20 17:36:48 ulm Exp $
+
+EAPI=5
+
+inherit elisp
+
+DESCRIPTION="Smart command for compiling files according to major-mode"
+HOMEPAGE="https://github.com/emacsmirror/mode-compile
+	http://www.emacswiki.org/emacs/ModeCompile"
+SRC_URI="https://github.com/emacsmirror/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+SITEFILE="50${PN}-gentoo.el"

app-emacs/mpg123-el/ChangeLog

@@ -1,6 +1,12 @@
 # ChangeLog for app-emacs/mpg123-el
-# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/mpg123-el/ChangeLog,v 1.36 2012/11/20 20:43:21 ago Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/mpg123-el/ChangeLog,v 1.37 2014/02/20 18:25:34 ulm Exp $
+
+*mpg123-el-1.59 (20 Feb 2014)
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org> -mpg123-el-1.55.ebuild,
+  +mpg123-el-1.59.ebuild:
+  Version bump.
 
   20 Nov 2012; Agostino Sarubbo <ago@gentoo.org> mpg123-el-1.58.ebuild:
   Stable for x86, wrt bug #441070

app-emacs/mpg123-el/Manifest

@@ -1,7 +1,24 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX 50mpg123-el-gentoo.el 121 SHA256 f98c0b7674758684be83e3311060a51ddaacd9576ffe88d87083c0406bc93839 SHA512 65b1d2039ce0773a65cf26fc88699ccb6fa26d7db2312ac6a9d0712512c214ba7b5758bd1556365836fdf840bcfc9eedef12f18bcdd1866fde6937777979a032 WHIRLPOOL 38a4b9b8ee3c5edcd344e2f192531ba453d458089c69218a31d87a1cd0ffe7614283b6d1f8a8473843a3433bd5635b02d9ad6afda52fffca8a134c3f3c6939f1
-DIST mpg123-el-1.55.tar.bz2 33925 SHA256 c388bf8e93b772c90126b905224c43cfc2e709be503e3508b684f05750d19499 SHA512 49737d9eab292599f446d87ace8155be0227fc2f18910e3d184d238f323b40218630a91cef2438dd0e5453a289f32f4fe9cff3f884a7e20cc63dd4668cb48c7f WHIRLPOOL 5b067cdc810c843f693cfd1445e9ddaf57dc19cf0ad7440e23482af5146da3aa008cdafb4828a2191153551d81e3e885d924b119b107c2d50c712d2930c65d0b
 DIST mpg123-el-1.58.tar.bz2 34097 SHA256 efdd491329ba56096ad971bd5c2e2ceeea296fe8e26340d2370ae63bcdc33606 SHA512 53a67eb219acbeefeb8360a9d43279d2bb3efa48fa5df3787f2b7fad4f6b49402f319925bac3fc17ee1cad0dcbe38494c8162d4eb5e08261b2e505b40a66a987 WHIRLPOOL 83c8d660fd18d3faefff106c62127c0487c47824f9b53f157c27b127cd1dd624dad445217b99e5e3183ab02bf13fef3abdd077451ec8ce934c188fc356522181
-EBUILD mpg123-el-1.55.ebuild 992 SHA256 f8b4a12ff5b1703e8869e83f49768886a5fceaaddd3750299a67cd1e7a40706c SHA512 65a697b65b1fd29a62796ede35ec5a966dfa833872ef283a3e83d840452844db14948a8eee6676cb47927af6923424f88889a640c491adbdba7c18042f6fed60 WHIRLPOOL d2fd011e88b4c402c959753e5a46be1d5a142b95469f43019ff8a5ce95ac091e12aa94cc33f96013c0a186c467492f486c0562dcedf0284bacd1c0b14d2a0ea7
+DIST mpg123-el-1.59.tar.xz 34076 SHA256 6105c3d11099a96cc5cb77909ca8d9e5ea4d5cb78b6a7ca185eb350425e075b4 SHA512 48fae024529be7b88553fc43fb626253f3d3a10d6709378a565a0d407374569e5573e52c0b26abc4d6f2f51ad7f680d655a1ac15ff696f4534c39a9a3536bc0e WHIRLPOOL 6434aa2368976698437c0a7ec12c126861c7f0096f4263f59b555b59c8d20377b5279ce09ceb99bb4b333318541126bb990009234cbd611ffdc2b91e980903f0
 EBUILD mpg123-el-1.58.ebuild 1002 SHA256 b13e69fef0d8d2fa676d446eab4d2fbb50f4082be5ada07fdea7fa2cd5ea6dac SHA512 ebf112c9f96212b2ab317ad0e85606d12834121711ad1b73817153bf1ae63cf0271f070fa5e591549286645362ef94547c03a4aeb805cf3d16e486259f766f57 WHIRLPOOL 5345d7c9a25bd8b7acaab8980a3f1b1fa4743369924141fffc0a5efc91e15117396f843759c919bb21c6456e92b47523f3757540a1250088e733ca6d8adcc182
-MISC ChangeLog 4338 SHA256 dacb08bc41f31a0d0e11d427ea8bb817b9ed88db451cadbd04c189042ea5fee4 SHA512 91ce75dac05dbfde19d318ad15f5c7a2c3a2a5536071fdfbf95be3045e9add20fac3662c1828aaa4a32dbfbe7cd5737749cf784da9c74f3f1d725dfb478f6244 WHIRLPOOL f669b2c69d70788ba03ee559c5266f4e669845948ab671a1b4f6690271f8c7f8b41dd2914d18a3ab64b2749a958f542c7a2fc5064f6dc70863a5d6e22c2bd85d
+EBUILD mpg123-el-1.59.ebuild 1004 SHA256 99923c34f4c385f22937306d025274a8c7500a9152d9f5d6bc0c658150e5e8b1 SHA512 e1c75dd44a80041eef0bd5804842e290c17a2e8a6d311f53f87aa0d3074d281135977a945422700ca6b33bf7d937824b46e24bdfa2b142a73354fcbd1b9cb67c WHIRLPOOL ef523272ee4ec38f23005156f1b2d759b415755e3f2783e93bcc00200fb821a8a85319133acf959bccb9eb05e3c757487a6a2cf4d0f3d5f6814377a12cc4a5f9
+MISC ChangeLog 4483 SHA256 78889cc3dea55ab29eebc4f5170ab8016f6c49240a7520e5e33a62f615c964ea SHA512 aa8401af6ca39b69bc4c33b4b69db9dc8d230c5ddf36a61390a61ff9d5b1466f3e4803e8085f295871124c0c6417f69f477be38398cbe0a87c003bc0f9e41931 WHIRLPOOL ef4e32d5538d66b9c65d4e90c1b534db18ed265b2e62756ce7c7c9a5d135689b976203b733c8b4ca171869175f6395aa58e89efec4c740fe9c5a79d2cb1fda19
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQGcBAEBCAAGBQJTBkizAAoJEJQzkH1pP7W4HS0MAKMWvcW5pgf1q3+E47oiVc6K
+q2ezyEpSjoSLrmcMznXdaOOsizt5hAN5OHFkaIziaC/3akiyPiVgpsZpzVOPI1AH
+zqw7s8snzxNkUvdEkoxpq0d7/sHBdBc7BcBSgyExbzLUS0YVM0ys62Og1eAYhPkz
+2ceM+9aBEwThpLGuO+PqDLPmeoIKNhjA7ohZ60AqF8VM3VCgL0PTcYRi+81qOmWq
+pEgzj0n+nTtG4J2D5QT0rzuwC5wxCdvHTpz2pnxFlVDt95gk9MtS0l4QXr+FX6/s
+XZz34ZzUu+Ju+WRv0Q0EaIWls5igZJVvBtwA4MusfrycwHGGz5cDS+ewDHcKE7nf
+mtKd33ChBUpubA0qwRNu6IDhVPC/BHAphzn2fbAloW893SigASeITga0co5xPENB
+wgR3Y8G8Wbj1eULvfMecFT/SSjyJ5hw1VbhoXXvoPw/FgZIGY+lQYR7ox6LEW5Ny
+P3PVaEn4nIpglv3CdH4lSiaJrVICNNy0l4RYni8/Mg==
+=8fSY
+-----END PGP SIGNATURE-----

app-emacs/mpg123-el/mpg123-el-1.59.ebuild

@@ -1,34 +1,38 @@
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/mpg123-el/mpg123-el-1.55.ebuild,v 1.7 2012/09/25 21:18:36 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/mpg123-el/mpg123-el-1.59.ebuild,v 1.1 2014/02/20 18:25:35 ulm Exp $
+
+EAPI=5
 
 inherit elisp toolchain-funcs
 
 DESCRIPTION="Emacs front-end to mpg123 audio player and OggVorbis audio player"
 HOMEPAGE="http://www.gentei.org/~yuuji/software/mpg123el/"
-SRC_URI="mirror://gentoo/${P}.tar.bz2"
+SRC_URI="http://dev.gentoo.org/~ulm/distfiles/${P}.tar.xz"
 
 LICENSE="mpg123-el"
 SLOT="0"
-KEYWORDS="amd64 ppc x86"
+KEYWORDS="~amd64 ~ppc ~x86"
 IUSE="vorbis"
 
-DEPEND=""
 RDEPEND="media-sound/mpg123
 	media-sound/alsa-utils
 	vorbis? ( media-sound/vorbis-tools )"
 
 SITEFILE="50${PN}-gentoo.el"
 
-src_compile() {
+src_prepare() {
 	sed -i -e "s/\(mainloop:\)/\1 ;/" tagput.c || die
+}
+
+src_compile() {
 	$(tc-getCC) ${CFLAGS} ${LDFLAGS} -o tagput tagput.c || die
 	$(tc-getCC) ${CFLAGS} ${LDFLAGS} -o id3put id3put.c || die
-	elisp-compile *.el || die
+	elisp-compile *.el
 }
 
 src_install() {
-	dobin tagput id3put || die
-	elisp-install ${PN} *.el *.elc || die
-	elisp-site-file-install "${FILESDIR}/${SITEFILE}" || die
+	dobin tagput id3put
+	elisp-install ${PN} *.el *.elc
+	elisp-site-file-install "${FILESDIR}/${SITEFILE}"
 }

app-emacs/protbuf/ChangeLog

@@ -1,6 +1,11 @@
 # ChangeLog for app-emacs/protbuf
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/protbuf/ChangeLog,v 1.11 2008/12/06 17:16:53 fauli Exp $
+# Copyright 2002-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/protbuf/ChangeLog,v 1.12 2014/02/20 23:14:09 ulm Exp $
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org> protbuf-1.7-r1.ebuild,
+  +files/50protbuf-gentoo.el, -files/51protbuf-gentoo.el:
+  Update ebuild to EAPI 5. Update HOMEPAGE. Specify LICENSE more precisely.
+  Move site-init file to canonical name.
 
   06 Dec 2008; Christian Faulhammer <fauli@gentoo.org>
   -files/50protbuf-gentoo.el, -protbuf-1.7.ebuild:
@@ -33,7 +38,7 @@
 *protbuf-1.7 (31 Oct 2002)
 
   31 Oct 2002; Matthew Kennedy <mkennedy@gentoo.org> ChangeLog,
-  protbuf-1.7.ebuild, files/50protbuf-gentoo.el, 
+  protbuf-1.7.ebuild, files/50protbuf-gentoo.el,
   files/digest-protbuf-1.7 :
 
   Initial import.

app-emacs/protbuf/Manifest

@@ -1,25 +1,22 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX 51protbuf-gentoo.el 567 SHA256 6d0b7a8a2e2d7e28d61131fc4c299444404dfb066a71aad24f3e4236d10f708c SHA512 670d4798b71f1242ddfd6fbb31a2a5e60c0a54cbcd92018fd615af05ced971024f539022533e878df91b42f18d4608cab7a28cf9dd648ef38d4a67f0201d3b34 WHIRLPOOL 88c0200a27b3490920f4b1a759ea54f57f27e6d11640ea40da77ae40cb77666a4f80469a67d20b945cbe8373fecef657e6f56cf92d499b2c7b518ce326684112
+AUX 50protbuf-gentoo.el 529 SHA256 5407e0aa60151748d63d51bc9dc37bda6252820b77f9a95d0773f85e6115a65a SHA512 f1cd37bdeb9568cbff9ffb989334237213b8c1bc50704195708fcac4848cc3c128c8121422a0ea42af8c2ee94647e325cd293e4b29c513ad8cdeb37d33fd3f4c WHIRLPOOL 97c2701d4d4d489f028e21e6ed9dcbb6a251be8a9783dfb2a494fb6c19a2c74c861b9d32d9461a7c8524ee1f9fd6467a3a6ff91457b54a255fd2f8addf4b5366
 DIST protbuf-1.7.tar.bz2 2270 SHA256 a3c78450bc9e04934d842913984e36f674a7c8d54eaf1c63aef61d8904d2fca5 SHA512 9dad81784b71234812ac35be695895c3063e5337dddbed73b28fde800d12110cec6bb9faa42b6ed74d9a2d4f12da96b8e692d193edfc775fd33a7922a019b8b2 WHIRLPOOL a55039d8f4d4dedf4b8c7083204c9cf45c8d9de18b9763ad1f1e05ecd92af93e3c10a0c745b8c3888d6d797704d61dcab0272e2dfffa0c36fade9e89d9a4903f
-EBUILD protbuf-1.7-r1.ebuild 493 SHA256 360d3ad820579f92876ead0f40f196173b445a54240edf0cf3e009739ddeaf45 SHA512 56dc678e1f32ebe013ccf4519d409d2ac29a86342fc381045c0ed5ff2526b73538f3d9bfa5802529279747f93e25f4d67db7014ec11bb7b0714c3ee1fb8761d7 WHIRLPOOL 29f164d363bcdcabb01aff6b501dcf9bc9fb0b8f29d13e55039e29afe302c8c97b92fcf6d90804b86ba3bc6b811f7554e80e3ecdd7b900c3d776078cf2920f49
-MISC ChangeLog 1258 SHA256 e24220ac970014038eb114ad6037904e24772f50e17cf941224210fefd60f85f SHA512 cdbe0eae64c42f3e814f434c4eca295c2ef59596c7de7a74c27804b382a6ca253df88951792dc4194b5ffdf686bae2954810c6659add4d13afd95946cda10975 WHIRLPOOL 34c34eb5177ebbd82edb7213a1095f7ac190412be8688ea3f30d583b84713ee54a66d4656f227e736db2b4924a034d25b10c56d8611f6c70a59dcd73a63095cf
+EBUILD protbuf-1.7-r1.ebuild 538 SHA256 32be7026604cd5cf2cee7c0597406be3f400f2871973a4359380167dbe134b01 SHA512 52ee3ed18ad548a2d9a52a9d00c02dbbe535d3d86e03b7664afb5f52be1cb140bd83cfea1881d0009ce387bb2e11100b32fd7f2484907034fda8fdf349d98151 WHIRLPOOL f9c74619427ea8d0037248ac6b01b64a95889543d35da53b44dea22931ef3d56a94e7aea625355823b187e32059f59bdd1218d79affbf12d7564278b2fffed47
+MISC ChangeLog 1501 SHA256 75b40134f21eb66ec5f79a0f071a7663f00e0910604af2a2c61abee992b564db SHA512 41a0e9e8d42fef37a81bd959929bacabf2a15c1220683fb28bc81bc82e3691fdf910702a3fd87f21e9a1e986e727321ac9fb8f3d70264213bf728c34f706b16c WHIRLPOOL 01d97d44e4fe844a6b212e5176e362be4e24c3477fe75f54519e521ddcbb9421899cdb6889c6a85e439967a6b0ba661fe5aa13068a253a2b02538ce30c49e464
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9fMxAAoJEDxpGckxwJCBBy0QAKbc3ZRvORj5koT43zKrdzTw
-0bmtWH8vX+69qHaYhANzlu0xvJwdUvkN5Qa6qmdonxnleNfdbqr84c9fnl07foxy
-prXwSg3d6WYIl6Q7LpTp6xGEAXg63zohL9jQSPUNcOITNehaGp66cZ5grECjWpdg
-VcFVrr0z5yeK0hLDRIvWNsOxY81tGUnAciAB40e7ufbO0mOJ8n3kk9w7i49/PR4X
-bwp6kB5cIITamYXCsHbk5uu0BHZ0tH/2PTz3W2vZ7lgpQzZCDVJn3zomqmni1Fhv
-/jZ7cKH7BY7vtkYN9xhK7GUUNH0TkUi/5HGP8U8zN5Ct2UXXY6eT2fsJvgd9ZIQp
-dq6S6F/5QbFExaGbikF+dekzEN/PEdPoRUaIrUF4UzBq8gXpBZEShAlvpXh8Gdwd
-YXeeI8/QhMGxl8GNMSXseQAkUcXvj2Tvhbd/NvCPnUdivEbN/f8kzhfO9DPjL93n
-p9eudpRmAezdNDdAoHVoNK/T+3t6HA4h2rRDohZ9cxWDVjhDNAnBe+f9LUSrF0No
-LW1Nvw8+ar6ncCL3c/YZ7U7FQHPUYn7EKoHX3ykk7o2ov/Z6WOBs9LuhHJp14/Pu
-UaeHHVQQB4uVulQjtxW8FfANRFNImMmw3RcMSCLfC890mHOOu0VtrLD+EkdOjs0k
-tyzCqL6Se0RN2xpdkdlm
-=nKI5
+iQGcBAEBCAAGBQJTBoxWAAoJEJQzkH1pP7W41kML/j62+aGvo1WyyQZT7g1BdKBM
+U3sYUYSR714Fq4Z0lATCN+nJ9jZza/GMlc4/IDXK96dfb72z/nS4zxjAABnBE2BF
+qYDPAXjhYuctZQ1OHT2WJPyNsZPy1wIUOimaIGlQ6lA1zXdmPyLmZCNjdkF/+gfj
+DKVe8eubYxhx1ablVebtHIfccWWVWp3wtHud9xnX81d3lzoTvU7VVXlIedFeKL34
+V60dbm9OfVeWxuKOP7gpLz1Rz573xaJCJkSsZ7+2JVIuJwD58G6yID2/uD87YiyQ
+FRtWouC+p5hmiIn3DYo+Zk80BE31qTz3uo0ydS9uLzqESKHGzPvG5gYnaoKpk5II
+1UJIcWiBFTe5NdICETyXqA9kGxK1wUK40qFFDoWhKObxflfyqnrTxnQdIeYnWH+N
+VaV1h79T5fME9vmsc7q/QpRlMQV/89kThNFBckSe2A2FabDceuatwn6QwO9GR2vX
+6xG4vD5SGhfrKOnvE9ECtj3PHlbBdvfq65BnC0hVYg==
+=F5cv
 -----END PGP SIGNATURE-----

app-emacs/protbuf/files/50protbuf-gentoo.el

@@ -1,6 +1,3 @@
-
-;;; protbuf site-lisp configuration
-
 (add-to-list 'load-path "@SITELISP@")
 
 (autoload 'protect-buffer-from-kill-mode "protbuf"

app-emacs/protbuf/protbuf-1.7-r1.ebuild

@@ -1,16 +1,18 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/protbuf/protbuf-1.7-r1.ebuild,v 1.2 2007/12/02 14:07:50 opfer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/protbuf/protbuf-1.7-r1.ebuild,v 1.3 2014/02/20 23:14:09 ulm Exp $
+
+EAPI=5
 
 inherit elisp
 
 DESCRIPTION="Protect Emacs buffers from accidental killing"
-HOMEPAGE="http://www.emacswiki.org/cgi-bin/wiki.pl?ProtectingBuffers"
+HOMEPAGE="http://www.splode.com/~friedman/software/emacs-lisp/
+	http://www.emacswiki.org/emacs/ProtectingBuffers"
 SRC_URI="mirror://gentoo/${P}.tar.bz2"
 
-LICENSE="GPL-2"
+LICENSE="GPL-2+"
 SLOT="0"
 KEYWORDS="amd64 ~ppc x86"
-IUSE=""
 
-SITEFILE=51${PN}-gentoo.el
+SITEFILE="50${PN}-gentoo.el"

app-emacs/psgml/Manifest

@@ -7,11 +7,18 @@ DIST psgml-1.3.2.tar.gz 252394 SHA256 a020bfe9ab75e325e738726dd850e2b17030b3a5a2
 EBUILD psgml-1.2.5-r1.ebuild 885 SHA256 130a4aec3175203d61f52ed08db1b748b6f11f5f58bedf51c3f9afff50a9d6f6 SHA512 3e09a46583c3469ebf54d714c1c4f5a1e1d109fd6bded442422f73d83ec8400ab2e6ef10b43503e0ae8e4ca3b22d693917da131dc7fbe3b5f632fbadd98791b5 WHIRLPOOL be2a3da3f6e3437acb187523df3c8f172d0aef8bb4e9c99b50886ddbbde7f5e9d3f99fd3f7a534e3f6531a57072a8e8c559299ed7a840e5c58704cc73ba806b4
 EBUILD psgml-1.3.2.ebuild 884 SHA256 c917a1b92795b2e64cdc7d6e369f7039d3c3d760938e123cb6ebfde18d7549ca SHA512 14b73ad1d3c5b10123f97e4cccb34913f92ba0b90eede0a962a117c22059c41830c0a73b7de9747a402b73010843747517dae5431b3a7d072c2c2b88d43d2909 WHIRLPOOL a7337bc41fe38c3e2003e7750c71540b0f4cf2b516428f3df2bbba599a682f7597eca97072387bfdac54fe473b7b5f026d6c47cae385b26fd9549d41cf78f038
 MISC ChangeLog 3771 SHA256 bbc358cfd28d047ed6aa18149037228ac326dc231d6e6edae4be7ee11bd2de48 SHA512 9b5177fe7748ff1ab207c9ae7029dea55d5ed0171d5b9e50b4cdda0461404d52e0a698c1ee3b8101305784b7349fde3bed15f2754006e216e1baa85349ee2f1c WHIRLPOOL 303205093d8e0467e4060128570e1069c6809cce7709d4a9277f50f847f4603ff79ab5858076270428180491be7b679ff3d2d351bb7bebe668f52492b1083f3c
-MISC metadata.xml 160 SHA256 6c4aff1c3e014ac91491c0d794cb8a644417fd41d86390f3d220d1d1a24b2403 SHA512 99a1e214dcd19fbf598f40fe2851b47fa34ab640070582c38ca57031b5ef23262e7ef68f107100fc4f740f6acefda15cad13f3574d66920ffafba67f7534966a WHIRLPOOL c7715960df6ab404b7e415769125dc55723d17dd0f1f37839a83233588cd799db3d96f751c3cc242438b9c9843a6e694ab764e6f7cea0bc5c7232961ebd23b11
+MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.20 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlHrsBkACgkQCaWpQKGI+9TxuACfS8K8ZJlBRn+29pEJTxBRuHbD
-sZAAnRKcgsfP0DdoYTzNMUBtJnEuNYRd
-=Ivas
+iQGcBAEBCAAGBQJTBlmXAAoJEJQzkH1pP7W4++IL/jgpEfIlRJY4gJJJZ+DoSCFS
+t1AUWVRkHyUim3y0ZBKNev9st0qfINdrk9Vr1VV1qJiTHWfDdCUV/oDRk71YEiTF
+FPmP8cxsMrZTP+KeGGsWJPO0s9HX2zKvIRUaiHBtqum0u4eNVR6zpgqj0Xn5Xxsc
+oQknqD1YyttwB06XwlApoJaZh3wgkthvq5eYpwXjWQRdM4jYYQrUImpOkSRynr4r
+h+KV4UCnjW6hkE1Kqh47XZI394ScEf0Mi4CA1nMzUUBVS4O0sJNU1orkqhaSljwN
+OaxBGWTYG1lWfbm+ofRDIQhLXImhqCWK7t6WMwXEFLqs1Q5CmbAk5LUyowaqeu/x
+nvdyxOPkLh2bXQL/JjZ2PkkuTwgGG7A8pzBaXXkLh8JUBw4RXIQysJIry4MXsZY4
+K9qrXBgfDPe7tBGq71vvIWpg82zzJgcwQjGEKou9auZ/XNBQ4SsIj9qxSA4SKrVG
+W6qpaRmEyLHsTPlfjvSuc5JdU9bEUtBVH+X9uAgWpQ==
+=p3yy
 -----END PGP SIGNATURE-----

app-emacs/psgml/metadata.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-  <herd>emacs</herd>
+<herd>emacs</herd>
 </pkgmetadata>

app-emacs/rfcview/ChangeLog

@@ -1,6 +1,11 @@
 # ChangeLog for app-emacs/rfcview
-# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/rfcview/ChangeLog,v 1.9 2007/11/04 17:27:04 ulm Exp $
+# Copyright 2000-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/rfcview/ChangeLog,v 1.10 2014/02/20 23:46:50 ulm Exp $
+
+*rfcview-0.13 (20 Feb 2014)
+
+  20 Feb 2014; Ulrich Müller <ulm@gentoo.org> +rfcview-0.13.ebuild:
+  Version bump. New upstream.
 
   04 Nov 2007; Ulrich Mueller <ulm@gentoo.org> rfcview-0.5.ebuild:
   amd64 stable, bug 195512

app-emacs/rfcview/Manifest

@@ -1,25 +1,24 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX 50rfcview-gentoo.el 206 SHA256 f1d6788d696a0fc6535a6d4c6e70b091d46c7d38bd3feb767466de3c21b55aca SHA512 26745d38c005ae05d6f137c0bfcba33a29ec6ce6a6ca2d7e6fd39c172f3451018ea99a6970f73e5ff99b8562d251b29e8e2425062dc0d6b3a133dac1511ea8f8 WHIRLPOOL 2cc21b21438f1b4df79779e0ab9f72333e5a8b62ee9c6da5d0a06ac83f032ff223a75914eef61d9a89385dec171059d4b9c11b3bfc1de3526017e9f19be29a81
+AUX 50rfcview-gentoo.el 168 SHA256 46bbda39b134b844be076ad189719834a532406c442cbb2beaec21e29dd3924e SHA512 ed6bec3e4368d4d7e193c5b6ee0493d6c497bce90ec834376371898777a7c3601288bda59232c1ec4920ca20bbcdf4d01ae3d2ea617da55a31568a5824179637 WHIRLPOOL 97a4eaf328300def0ae0e35f7fb20680cf4f5dc7da352624fda0bf41884c977604c1bb594c75e897871f44a946e9b4aa45dc526e02391d676d013b2a8d7a1127
+DIST rfcview-0.13.el.xz 8836 SHA256 eff317b01824832288abe4e60884665fc22e3dbec315a1fb1779cf679f0a8d89 SHA512 84cda45b5e941808e2ddc50d5f03d7b2d3831208d08dddd2fe2121a20ddcbb7d24b148b2ec2ba07e0b9a04da81ae4d14269d0062955961679ac5c7532de1e6e5 WHIRLPOOL 6f10e4cd4f2d027804f030ff90430b80b89bfbb1df01b4ed8c30fcba049f11d0d3bb192ad18f453d73c81fbf3406b92f92817c3b9c0fa8c74860a371fbd341b1
 DIST rfcview-0.5.tar.gz 6116 SHA256 b74f7918fd9bd40138f5679f45ff8ecdb31dfde3c1f0d2011e6c0a09fe37a3fb SHA512 b83deb28624123f1fdf105cf287b03e45965b9443bcc89c5f1a12b9595791494384af284517ca1f994eddebc2245202811b4001f4cd8a8bdecd15f117392bc6a WHIRLPOOL 0c6debab4c322c7badb782012bcb7df0d570c62e73da5a5e37177ec469cf9bff48e60aabfa1dacdf3137301e48bcf3eea424e5403d50bd9652cda58b19b44b8c
+EBUILD rfcview-0.13.ebuild 601 SHA256 b8707e2fe5bfd38439d5d9e48a449e15aefc679f5029f014974fbc577a48c80e SHA512 c2861a23aa47435f017a7779bd71c41aba26fe2269e2bce6ff3ef2d87b20c69c0af002816b41daa307167cae39603e671f63fe2cda8de63b265bf8a380441fc2 WHIRLPOOL 8423e3cb5e7cfb6574951f43bf7ce3c1d04feb31c640bb33be5519e45476c445de2b0b60291de2d83e22a470db9b9b155a33104038efc076fd6353dfc23930f9
 EBUILD rfcview-0.5.ebuild 493 SHA256 baf17a1f2ac96d47bf9da49a77e5afa8e9a8190d417fcaf19b9791a3c4b61cfb SHA512 ec11fa6f0440ec6471872436bde0eb4dd215afd39afea35e065560ac59af4f441437b08dc52d9218d762164e5582f91c8f3bb3cb8838c9050af1469b1254e0fc WHIRLPOOL 83a4d987b78c276ae8644516a8278ca8df9b047e40b45b14bbf952f0d78b2e100ec0b57b323db096493bc0d4580ff50f7326b7ca5e4fc2c072b0fa0f7b1a0b7c
-MISC ChangeLog 1115 SHA256 43229a48a475a860ba5318ac8708cbdaae8005e3375e612a82ff85677d36101b SHA512 b27f1c8105883e6c3e74e4fc60ce61a634a1d950b7bd6993c807e30c958f0db00a589706858af1ba0f2bcd277ce60f0ab49a75e1efda239fcf08d6d6f9d77e05 WHIRLPOOL 2632c5f292f31dce4aed12722388aed1ca7e6899ffc96b43a1ae2b738d2d16363bd35982676a6984485231fe89f7f1e66cd5ed9d7864d21004a393f2cea7d213
+MISC ChangeLog 1245 SHA256 282d041860c5348737cf3049c760cff06ddb4883e77cee7ff86f7e35f5b50f68 SHA512 d0f3a38bc5bc6a1233caa07ab56c6dff16199a002fdb6839ad826c47db50600ab7bb3173f864f01f953486e64465eb57b36dac02e7e2afe89910edfee3c2c204 WHIRLPOOL 36a144c52a88142776c61ef19d7969903b335de09853adeece12e33ea8767e6f458a1dd4449808df2b21a7fd31215c7536f0422691123bfc11da1bb50e8a59a9
 MISC metadata.xml 158 SHA256 1393bdef3a74343fdb40a112c7096a1af16f67e7a43413250de28dfe73810eab SHA512 e55d75feae933ba948ae987305ea58e36f5880f18687e8acaf91237e33e251be3ecfd5be27048f4907ea6799e0bcf784b602096dd7e2bc9c450eb5e2bb6a73d2 WHIRLPOOL 1d1676172186235a3e99ca1d148298fb24f6a089f9b7908b3c28c246c8854969835fd3742b8b81e0a30b63d76ee0be0c42bfede2416a30dfc3c8b915a147340c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBAgAGBQJP9fP3AAoJEDxpGckxwJCBg0QP/ic+TfTOcKsBNpG6jAqFCUoA
-AOKj6uBP6A1KHicTGSSs/sMOoAGJZgZw85vjgKLcA9rXapjYbBvWNJXXsSGUVbBa
-0TmemCbQQqAAUnAM088WC7fJvUnK3pVxB7irkF/rZyCGdUL0Jklym0kbOugIcCMd
-6WCOopeMnTR/uVdNDSG5MRE67NyNDE77GXUrh5bexWbfcKILb1TeF1ATAaEZz2a2
-Bhv4zalyIoMkNxuY5nB3p21BwmEff5UVadDvSesaxrtHew1QcdstAOjK8GthOkFk
-o7NSMEwRpcpVvJcaFmcvWXT58F2Q1f2mo2HGJ0Y+xGc2EbtRFGL67rqZgsmHNb2M
-fhK9vMfjQDr9grll7f2+YiOQR3qKdq4RX55kfxBetqgK1HuSi+YcXErzlQh+Jgp9
-a8CQw9y+dwNQn+NtXtfDd3wF14DihpimaPTro5Egqo3dc3/NfUYGquVStJo2vzyZ
-nIYKmAI/pRdgPZzG2InTduelKBF8VCyUIJd2mlodF5ffxJm7EncXU9DaobsYDUSs
-853l8ERF4W2xmc4f08kgC1Up99KLTCim0EJbUIGZxf2B2hqnrrzk7D6kPu3CHylF
-CRWH9IIJwGrx8eA91Ann3DKU53Uk6MUFxF0i5qrnDODZhGDIdCphXhkpyaMzPENp
-YgY/VovXN/eV/2IjDUvc
-=TqOk
+iQGcBAEBCAAGBQJTBpQBAAoJEJQzkH1pP7W48P8L/RM6VorX7O4sw62g6bTGUN6J
+6w/R+BucXYG8Gc2WnjmtFWbNLVzNWvIkiX3VJ7H2tzRsoiXCkQzp5pV5Krrdto9J
+XhQjJb1IIDuL31YtQEXWvpQa54goRSho+XNnxql8f1ssXlvKbhCK0vfRntI+4NAt
+vqGhlFugPUhuo6tN2vgD6TYvuX/zI/2lrCS9U/b2WZ5WWEhPMVKnHrZsJIBfFoaJ
+3O43bL1yD4VFmR54uakONC0ggtcDabWCSkLRxbi4f02cLvKfRL/KXGZlkyGj+djs
+0cZbAG+XARkaO/Ktocfip87hUhcqOesuEjn5UlFx7b6EQDe4EKRnwN+4SY16KNiu
+sg4xjauDpZo0cknckNbvy1ioqFka8fPsHNP+HSpglptiod1kweIJpYIMm5jXcDK7
+bXp5/JOKbPkAfFBheP1H0qm3S3tkhpH6JAaaFlSxF6UBJ7cvH/jLVtiSGZqCLwn3
+TATZhPNTlVUoXyIqzfNuaoyEt3rb/8BqXMIDLQfGFg==
+=8d8F
 -----END PGP SIGNATURE-----

app-emacs/rfcview/files/50rfcview-gentoo.el

@@ -1,6 +1,3 @@
-
-;;; rfcview site-lisp configuration
-
 (add-to-list 'load-path "@SITELISP@")
 (autoload 'rfcview-mode "rfcview" nil t)
 (add-to-list 'auto-mode-alist

app-emacs/rfcview/rfcview-0.13.ebuild

@@ -0,0 +1,19 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/rfcview/rfcview-0.13.ebuild,v 1.1 2014/02/20 23:46:50 ulm Exp $
+
+EAPI=5
+
+inherit elisp
+
+DESCRIPTION="An Emacs mode that reformats IETF RFCs for display"
+HOMEPAGE="http://www.loveshack.ukfsn.org/emacs/
+	http://www.emacswiki.org/emacs-de/RfcView"
+# taken from http://www.loveshack.ukfsn.org/emacs/${PN}.el
+SRC_URI="http://dev.gentoo.org/~ulm/distfiles/${P}.el.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~x86"
+
+SITEFILE="50${PN}-gentoo.el"

app-emulation/wine/ChangeLog

@@ -1,6 +1,11 @@
 # ChangeLog for app-emulation/wine
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/wine/ChangeLog,v 1.496 2014/02/08 21:50:51 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/wine/ChangeLog,v 1.497 2014/02/21 06:31:47 tetromino Exp $
+
+*wine-1.7.13 (21 Feb 2014)
+
+  21 Feb 2014; Alexandre Rostovtsev <tetromino@gentoo.org> +wine-1.7.13.ebuild:
+  Version bump, see http://www.winehq.org/announce/1.7.13 for the announcement.
 
 *wine-1.7.12 (08 Feb 2014)
 

app-emulation/wine/Manifest

@@ -56,6 +56,7 @@ DIST wine-1.7.0.tar.bz2 21217085 SHA256 0106ba3c8f0699cc7ae6edfcf505f7709c9e6d96
 DIST wine-1.7.10.tar.bz2 21312974 SHA256 44270e4b97ef930e4e4b59088e6e3972e91e85bacf9a9a4d8712a877c9d5cbdb SHA512 157fe4146df3c174643cc1ac29748778aa90fb9e602b417ad772d3da2af3a86307ca818ded860722513efdba57b85e06a2db2869a69a3f579255829dc3d8ac55 WHIRLPOOL eaba07f65c416ce93b9243df402ad0fb5a2f5e7bce43f40b73941f2ea7baddbcab9ce3a999d9086faeaead7552f5d34234cc3b3f3798db2fb98982ef22a98b71
 DIST wine-1.7.11.tar.bz2 21359534 SHA256 c07d2771ed96c45d428bb11d164c5e4bbe48d6857a0a4cba2e0b73c5f1044f93 SHA512 9743c4cf382b6846d98aa383d9db22cb99bca510ec2db3e9224f10d08095c4a3fe4449b3019d5a6f401458a98696d096a454d00584c667074aed618c47544dcf WHIRLPOOL 38356b5df2c9f5a78b9eb66c6e0f09f7371c57d84f601e6614228b64c629a2c9c222696078d7627df850792a0111e7876fe460c4575bac4accf2f56a391315c6
 DIST wine-1.7.12.tar.bz2 21366705 SHA256 2dcdff7bf8bac2bc10da85e3e632e8add830f22cf416173e53abca4ec580b392 SHA512 7b5be06dd6d71512884bbcc386fb021725125fb95a4493a033624c2b801eaec7fb4be4b70894ee914da138d8e310da3ac49b8a32538ee21d127201cebc44b449 WHIRLPOOL fb04306058403f82df8cf3e88d21d8011bd2e7cdfa4c31f28e64ea0d24393cd6ed8f61724839a1b5cde272ac8dd854c6c6185e7dee8271881b9b3eb1612f4bbe
+DIST wine-1.7.13.tar.bz2 21385204 SHA256 a72fdee6e1898007b38f3b30584f86d996567ad8d2f1cc0fe3a877be0493b9df SHA512 ba01933770c0fbaf056fe252b77eb7f2c160f5455450cace638bc288683fb8f6d97421927ec935795eda9aae500bfeb19e6ca8d632822c345f8bfb34b3d27d15 WHIRLPOOL e500fb6cebee9d87aa0c9ed788df37e2f744c0cb1453a6dc20e447dabd9e1becabb00f93ea9272856aa35015703e98b7512c2e233f98e67143abc80b1ae7f182
 DIST wine-1.7.3.tar.bz2 21489049 SHA256 c66c93c2ffec8d1d9922fbaa226b169d62deb77fcbfd0fbd7379b77dbd97d47f SHA512 41109866b259a5f939c9ca4c26ed0a5ca74fa9cafa2f348b83510dd386459c87ac044a6f954f2f83ce00961d866a6e636ed96aa9e94584b7a79486d434b406cc WHIRLPOOL 90e6aed8930e3496701292415ce87f29a87870a1d00ad26d4f3c4adf33cd296093d0ef3d363bf5cead1ebd5ab4e86907ccb015c10d85f6f90d5f48cd81681b0f
 DIST wine-1.7.4.tar.bz2 21500746 SHA256 517b3465dbf5b516d3fe886c0f9d4f310dc1d4a38ca4e5580c5d66bab3fb6969 SHA512 4267eb43311fe53537a1864a70e88e4bf444b8979dc858725a1170ed06af4e727604a22bafb3deb448eeb62c170ce67ce8eb8082bce040f5488b1a4c4bc6bb95 WHIRLPOOL 7bb14e0dfd4f9a7411e1d5484dba62f8584a0e03997cc3c6192893dccbc7de316eb79a1e5b0ccf96d20e74cf512ebc79e760076ff4882625bc81b410ad8be0bf
 DIST wine-1.7.8.tar.bz2 21463503 SHA256 30e17f5f863a09416f3d229666566b318dbb40f683d4ca6630012c60bb511804 SHA512 1fdaddb7909f818050854bf351d20f445cf6a5906b1bcc789c96ee8d5058c90815a91bbbc6444f3e4527748764f03ab5297585c174b433093a3354a827402fea WHIRLPOOL 3b5b18384ff04b80b936160c2c6e03676d69663c023f484981305c9272d0601b74cda5c5f7d56008b3900d702b1a4fe1929f16b1fba304a6480b076ffede663a
@@ -149,22 +150,23 @@ EBUILD wine-1.7.0.ebuild 12421 SHA256 411f57e42e30b82d4c1ac099689281582d6f88b6e1
 EBUILD wine-1.7.10.ebuild 12756 SHA256 6241d5d9da059712d0f304ff5124f6321c0089d7294be673c20f67fa06f373ba SHA512 fc762b1eedbcfb0cbb204ce601975408d6595c243be22b732c890f093d7157a6a51567e7c74c3497ec0fef203f7a816a1a7fe2bbddd2ed063f2b80977a1b7107 WHIRLPOOL 7411c9db26a9987fcc901effe4d4935220374ae4424da1605c49bf75cbb6563c24068498fa0b1afd4f754ed5b43ea82b9c54bd5dd392dace4bee7d745e1ac2ed
 EBUILD wine-1.7.11.ebuild 12756 SHA256 67876f88ce08ae48cb0b8e450a189bd71cb14e1c9e60d35918c78ff55ae6921e SHA512 92a6eff8da9c16dd5206568ae2eaa41bd4c524ffdd76a9913b9b30d179f19f026585eca52aa19e8076e1234976dcfa9ba722e7284099a5abb15bf2cd17a46088 WHIRLPOOL f3bef1cf062095352c9178f0e88490ad05b0c58113e5f2b7dfed20b2520809cb16730e1061f01b2765dd3d90f5b365ab6fec2f5ab8be2d186be37ef5348d5cc2
 EBUILD wine-1.7.12.ebuild 12757 SHA256 232d537fb88664ad4e7851ca5ba3d6240243cc535eb77505b53f3c07dbc00fa6 SHA512 de5c7f6abd81b30b77c5d04bc6ec5def62db502f004af6a398ed29296e530d2b23615dc2a46a154ee48be569d0f74eca64a9611c1af3c0003788bfb672a2cfb2 WHIRLPOOL 643f45280cfac304df09c74e5fc686368f24003cc593c4ec7c84967390c4fd0f3ebf5a653253f362b547b9386e1bdf735eea363c23fcc36224b9931c33a51f33
+EBUILD wine-1.7.13.ebuild 12757 SHA256 dded05f5a7ba99818f2740420e03614fcd4201d56f00f2bdc1b1d7c0b129aff9 SHA512 61feb4629065435b78bb59c071526d625e62dfcd0e4071bc6c91278ba3eeb322701eb2700f242e9a80cbb9ae9463a6828bc5dbc95acabfd598e7b589935806de WHIRLPOOL 118853eb74f49fbecda867bb99324106724bc7191e65ad634fb00b778aa4d94cda58556184a597df734b29281fcb82337cd24dbd9bf6e096eeeb4fa3f3b700c8
 EBUILD wine-1.7.3.ebuild 12423 SHA256 58d6df01c3bede22cb1c84e2b682e273d73060bd869dad74a7d14aa94f2c2aa5 SHA512 5aea1a2b1fa41f3eb61936820aca4c96b7dd404671772894a199cbf12b721f9746ec837020d464c37f49d7da6a4cbd70ffa89746588854a8513a5d16b953d747 WHIRLPOOL 5f267b3b58f5b0e8b6780abf30229e292c836542f684c34042644e28642fab53dccadcb043a22f279e94d5a8f822f8ec2262e1b2cdcdff227c94bf4f13c02dec
 EBUILD wine-1.7.4.ebuild 12423 SHA256 7ef9808dc6efaf8c1fb60407b79ef3a19ab112a21d33f5e34188e3962641d2f9 SHA512 fe9281355ae372866431a68b276327cd3e5cf55887aee7eee6d989e1e6fe5e9f4f0fe9e2bcb3c681f886ca57ba26786cf09eee90f66a87d62fa4882775f5775b WHIRLPOOL e4247512391929136600c3d37ecfc6f757cc1a91ae179e73dc30e73d23f7cdaa4a3678d69bdb96951afa4b2a5a189fdb8ef22f5cbe736675839f58ccd916cdea
 EBUILD wine-1.7.8.ebuild 12754 SHA256 d6c8decb636bd23b1deba6677bf3167515bd9555ce86d91461c8d6595f17c412 SHA512 94622108c0733bce3c6f60cec2d2dc684228e77d2eaa6f90256e3070186881cd142084feec69098dc460727a06c0e9aed2a6ce9d4082023f0d03b24fb5be3d77 WHIRLPOOL bfd3793ff8530ddf5c76b543a16286af1fc841b6ba4e18573910b5ba6e3de663a180c699266a9dedec71f324b4eee15bc9b99c8acd1e50e9f4ca4bdbea1638bf
 EBUILD wine-1.7.9.ebuild 12754 SHA256 cde2305629c14b891331fc2953a5c32b8f7cc9da23e9ace13b5fd3a78100a5fc SHA512 0b5e5e5ec720a3a91e0e1605ed7de09cf2b86675b170293c1cade2a7e70d3d31b956013a36e216324e75845928f0c540584293775b9648831a790eb125bf2052 WHIRLPOOL db9a0dd9a4562eb6ba3172970a1e0e4d094107824b43fa5dade5787f6d3fe7d3e474247d4aec8f95b8c78b67123249fd82b9a67eeeb9573fad3ed0a2ab6eefaf
 EBUILD wine-9999.ebuild 12757 SHA256 439e2dfa6696c97df9539f0460015b363a57d3ed60ce338729866b8741ee91ed SHA512 3f5d20b5edb81ae5e106b050f72379db96c81812d900521cff2a2b2db8e0800a63b958b615ac609078143b74d76a045f7c506850fc46406bace8443cb1355f52 WHIRLPOOL 384d9bd51d369b90013efb599bc03d84934c121656d8c66021a9e9bc4d0919e2f1ccacc23bffb4aadeef2dd6d3b6faade9062a002d403581ec35e8f88268ed72
-MISC ChangeLog 17312 SHA256 be86b74c30560d2312de640044267a76bb307c3ab7c011c7d927afb9842ea35f SHA512 c180dfc9cea75a52e91a97b95a505c0bf7827cd67770245fe02198f12dbb131a1cc745f9cc6efe8d764c8ff85d92ddfc8c421b7d05fbcd26983db4ca5b7fb01d WHIRLPOOL 37f28c70b4ae7a80612468f13a4852ffed411bea36eed2982debb89fda52e23415951af0bc15ea92f9fa3e2c1db4a7bb02a120c76492d1bd89491da6eed15e94
+MISC ChangeLog 17501 SHA256 c786d8d6a0d8b456b1cb624516658e745d06a7cbe4e97a4f23c1f2c03662359e SHA512 6aa39f5c6bcda9848fb739a6b3e41b2d2b4dd66c56d621e14c69772752520ca470ded8986bbbe04c1fe8c64b393f1eb7054bf5df7098f96cceb365ee4c418528 WHIRLPOOL 157e47b7264c6bdd9f5c0ae3945d94d283aa5aad9d1c6fbb08c8c2be4b7f2d9367b843327d7c9c134015789e9471fd6aaa2d0f60486f3dd3f361674717f6f7a1
 MISC ChangeLog-2012 100362 SHA256 8e70fc54e7945c1f41e3e0b64fef6b9a7fe89acdaf8c79a06a16048fe8d2e26c SHA512 ca875e847ba100e1f19774b31a2b45a81d776275e3d11944be8a7b01dfcdbf4265b1a340d691bc4fe4054fea006059a06ed52bc0516b1f8b44a1772a1c813278 WHIRLPOOL 36ec708601a25cb8fa93b471112538480b6ef82cc4e6703b3d045f883078b49209ceaeef7bafa8417b881c2d11df84df9c83d1985d0d687a11f3db3de5abb014
 MISC metadata.xml 2236 SHA256 2b4d3de73fa84f3f3d192e3d29d8fd22796d4c5630151a380c3c33597263436e SHA512 884a7aa53e7694cec121453103bf3873cba1a8323f8a6ee5fc5e326b05610f1c2d36c07bc357c12777749a33f0ebf986f78341fea5c752dc14f3ab4b90f137a5 WHIRLPOOL 3a2b66e0af17c2e260621e5e065ece87be1a355c8da5bf3c8638f360ed5d1dcd062c44b0e26e72a708e5bc4fb5d8e054e0049ab58b090fc2fe5ed6e2cdee9c19
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQEcBAEBCAAGBQJS9qaKAAoJEJ0WA1zPCt1h2EIIAJWLSSAxO9+vdBVHYynf8bPd
-d/AuDt3sB5INr/1R5jL/9dPIhUu/FCf3ybcVKNAuWdE+JRu28VtJQZqSeNwF5kfq
-QI590GOuWJQRyjEAhxciyP2dB2VqSHE8T6Vlbkz7jFHh6sMWW2SjwNjD+JsIeyoK
-Lmte0TGATDGPgw7zOyczGUoZXWFdLeYA8vO62LnAAX4dj77wkQToPRUxQMcjt7Pj
-F/TnCxDECPBmo3dwUkcBpnSejM3vinkobPXA9jRj5j19oDduRa7gnwqwWpJH8Kes
-x+ThgSYMmNV6Hri8v5lPc2zuxgeWLxGLVYbi5CSAuw4XjMBkq1cRYQd3rj0ClTY=
-=YNuF
+iQEcBAEBCAAGBQJTBvKlAAoJEJ0WA1zPCt1h/BEH/1n6itq7jYnk2VGd0yUxxivL
+FcKcCKDU3mJe+QvxPml+rlV33s1msha9EKhpQ29ZjYuFQ+Ug4uEzzVS7D4bZmOzr
+14k1j/7Hj2Kr5W6wqG80I5/hxEv1+BbQxr40bNqfcAkqW40oqGpuopCm7J2aBkLr
+bGiu/6oP04KD9796L2bbf3ymbFcLEnwOj/5Nk4/HkbTYE+qijSclrbOPOLNzb2YF
+o3CLfMRmGc+fl92tlSFG+YsdFjZNA2fDWEj+tU8loQUAJ6Z4y4hlmb/2d0KavbDG
+i6i6rvnvWWYe8GvSNvqTPCWiceqEAjo9uklb9aQjoB7pBdQLHQbMIK4c0vYTxa0=
+=dXRM
 -----END PGP SIGNATURE-----

app-emulation/wine/wine-1.7.13.ebuild

@@ -0,0 +1,436 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/wine/wine-1.7.13.ebuild,v 1.1 2014/02/21 06:31:47 tetromino Exp $
+
+EAPI="5"
+
+AUTOTOOLS_AUTORECONF=1
+PLOCALES="ar bg ca cs da de el en en_US eo es fa fi fr he hi hr hu it ja ko lt ml nb_NO nl or pa pl pt_BR pt_PT rm ro ru sk sl sr_RS@cyrillic sr_RS@latin sv te th tr uk wa zh_CN zh_TW"
+PLOCALE_BACKUP="en"
+
+inherit autotools-multilib eutils fdo-mime flag-o-matic gnome2-utils l10n multilib pax-utils toolchain-funcs virtualx
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="git://source.winehq.org/git/wine.git"
+	inherit git-2
+	SRC_URI=""
+	#KEYWORDS=""
+else
+	MY_P="${PN}-${PV/_/-}"
+	SRC_URI="mirror://sourceforge/${PN}/Source/${MY_P}.tar.bz2"
+	KEYWORDS="-* ~amd64 ~x86 ~x86-fbsd"
+	S=${WORKDIR}/${MY_P}
+fi
+
+GV="2.24"
+MV="4.5.2"
+PULSE_PATCHES="winepulse-patches-1.7.12"
+WINE_GENTOO="wine-gentoo-2013.06.24"
+DESCRIPTION="Free implementation of Windows(tm) on Unix"
+HOMEPAGE="http://www.winehq.org/"
+SRC_URI="${SRC_URI}
+	gecko? (
+		abi_x86_32? ( mirror://sourceforge/${PN}/Wine%20Gecko/${GV}/wine_gecko-${GV}-x86.msi )
+		abi_x86_64? ( mirror://sourceforge/${PN}/Wine%20Gecko/${GV}/wine_gecko-${GV}-x86_64.msi )
+	)
+	mono? ( mirror://sourceforge/${PN}/Wine%20Mono/${MV}/wine-mono-${MV}.msi )
+	pulseaudio? ( http://dev.gentoo.org/~tetromino/distfiles/${PN}/${PULSE_PATCHES}.tar.bz2 )
+	http://dev.gentoo.org/~tetromino/distfiles/${PN}/${WINE_GENTOO}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="+abi_x86_32 +abi_x86_64 +alsa capi cups custom-cflags dos elibc_glibc +fontconfig +gecko gphoto2 gsm gstreamer +jpeg lcms ldap +mono mp3 ncurses netapi nls odbc openal opencl +opengl osmesa oss +perl +png +prelink pulseaudio +realtime +run-exes samba scanner selinux +ssl test +threads +truetype +udisks v4l +X xcomposite xinerama +xml"
+REQUIRED_USE="|| ( abi_x86_32 abi_x86_64 )
+	test? ( abi_x86_32 )
+	elibc_glibc? ( threads )
+	mono? ( abi_x86_32 )
+	osmesa? ( opengl )" #286560
+
+# FIXME: the test suite is unsuitable for us; many tests require net access
+# or fail due to Xvfb's opengl limitations.
+RESTRICT="test"
+
+NATIVE_DEPEND="
+	truetype? ( >=media-libs/freetype-2.0.0  )
+	capi? ( net-dialup/capi4k-utils )
+	ncurses? ( >=sys-libs/ncurses-5.2:= )
+	udisks? ( sys-apps/dbus )
+	fontconfig? ( media-libs/fontconfig:= )
+	gphoto2? ( media-libs/libgphoto2:= )
+	openal? ( media-libs/openal:= )
+	gstreamer? ( media-libs/gstreamer:0.10 media-libs/gst-plugins-base:0.10 )
+	X? (
+		x11-libs/libXcursor
+		x11-libs/libXext
+		x11-libs/libXrandr
+		x11-libs/libXi
+		x11-libs/libXxf86vm
+	)
+	xinerama? ( x11-libs/libXinerama )
+	alsa? ( media-libs/alsa-lib )
+	cups? ( net-print/cups:= )
+	opencl? ( virtual/opencl )
+	opengl? (
+		virtual/glu
+		virtual/opengl
+	)
+	gsm? ( media-sound/gsm:= )
+	jpeg? ( virtual/jpeg:0= )
+	ldap? ( net-nds/openldap:= )
+	lcms? ( media-libs/lcms:2= )
+	mp3? ( >=media-sound/mpg123-1.5.0 )
+	netapi? ( net-fs/samba[netapi(+)] )
+	nls? ( sys-devel/gettext )
+	odbc? ( dev-db/unixODBC:= )
+	osmesa? ( media-libs/mesa[osmesa] )
+	pulseaudio? ( media-sound/pulseaudio )
+	xml? ( dev-libs/libxml2 dev-libs/libxslt )
+	scanner? ( media-gfx/sane-backends:= )
+	ssl? ( net-libs/gnutls:= )
+	png? ( media-libs/libpng:0= )
+	v4l? ( media-libs/libv4l )
+	xcomposite? ( x11-libs/libXcomposite )"
+
+COMMON_DEPEND="
+	!amd64? ( ${NATIVE_DEPEND} )
+	amd64? (
+		abi_x86_64? ( ${NATIVE_DEPEND} )
+		abi_x86_32? (
+			truetype? ( || (
+				>=app-emulation/emul-linux-x86-xlibs-2.1[development]
+				>=media-libs/freetype-2.0.0[abi_x86_32]
+			) )
+			ncurses? ( || (
+				app-emulation/emul-linux-x86-baselibs[development]
+				sys-libs/ncurses[abi_x86_32]
+			) )
+			udisks? ( || (
+				>=app-emulation/emul-linux-x86-baselibs-20130224[development]
+				sys-apps/dbus[abi_x86_32]
+			) )
+			fontconfig? ( || (
+				app-emulation/emul-linux-x86-xlibs[development]
+				media-libs/fontconfig[abi_x86_32]
+			) )
+			gphoto2? (
+				app-emulation/emul-linux-x86-medialibs[development]
+			)
+			openal? ( || (
+				app-emulation/emul-linux-x86-sdl[development]
+				media-libs/openal[abi_x86_32]
+			) )
+			gstreamer? (
+				app-emulation/emul-linux-x86-gstplugins
+				app-emulation/emul-linux-x86-medialibs[development]
+			)
+			X? ( || (
+				app-emulation/emul-linux-x86-xlibs[development]
+				(
+					x11-libs/libXcursor[abi_x86_32]
+					x11-libs/libXext[abi_x86_32]
+					x11-libs/libXrandr[abi_x86_32]
+					x11-libs/libXi[abi_x86_32]
+					x11-libs/libXxf86vm[abi_x86_32]
+				)
+			) )
+			xinerama? ( || (
+				app-emulation/emul-linux-x86-xlibs[development]
+				x11-libs/libXinerama[abi_x86_32]
+			) )
+			alsa? ( || (
+				app-emulation/emul-linux-x86-soundlibs[alsa,development]
+				media-libs/alsa-lib[abi_x86_32]
+			) )
+			cups? ( app-emulation/emul-linux-x86-baselibs )
+			opencl? ( virtual/opencl[abi_x86_32] )
+			opengl? ( || (
+				app-emulation/emul-linux-x86-opengl[development]
+				(
+					virtual/glu[abi_x86_32]
+					virtual/opengl[abi_x86_32]
+				)
+			) )
+			gsm? ( || (
+				app-emulation/emul-linux-x86-soundlibs[development]
+				media-sound/gsm[abi_x86_32]
+			) )
+			jpeg? ( || (
+				app-emulation/emul-linux-x86-baselibs[development]
+				virtual/jpeg:0[abi_x86_32]
+			) )
+			ldap? ( app-emulation/emul-linux-x86-baselibs[development] )
+			lcms? ( || (
+				app-emulation/emul-linux-x86-baselibs[development]
+				media-libs/lcms:2[abi_x86_32]
+			) )
+			mp3? ( || (
+				app-emulation/emul-linux-x86-soundlibs[development]
+				>=media-sound/mpg123-1.5.0[abi_x86_32]
+			) )
+			nls? ( app-emulation/emul-linux-x86-baselibs[development] )
+			odbc? ( app-emulation/emul-linux-x86-db[development] )
+			osmesa? ( || (
+				>=app-emulation/emul-linux-x86-opengl-20121028[development]
+				media-libs/mesa[osmesa,abi_x86_32]
+			) )
+			pulseaudio? ( || (
+				app-emulation/emul-linux-x86-soundlibs[development]
+				>=media-sound/pulseaudio-4.0-r1[abi_x86_32]
+			) )
+			xml? ( >=app-emulation/emul-linux-x86-baselibs-20131008[development] )
+			scanner? ( app-emulation/emul-linux-x86-medialibs[development] )
+			ssl? ( app-emulation/emul-linux-x86-baselibs[development] )
+			png? ( || (
+				app-emulation/emul-linux-x86-baselibs[development]
+				media-libs/libpng:0[abi_x86_32]
+			) )
+			v4l? ( || (
+				app-emulation/emul-linux-x86-medialibs[development]
+				media-libs/libv4l[abi_x86_32]
+			) )
+			xcomposite? ( || (
+				app-emulation/emul-linux-x86-xlibs[development]
+				x11-libs/libXcomposite[abi_x86_32]
+			) )
+		)
+	)"
+
+RDEPEND="${COMMON_DEPEND}
+	dos? ( games-emulation/dosbox )
+	perl? ( dev-lang/perl dev-perl/XML-Simple )
+	samba? ( >=net-fs/samba-3.0.25 )
+	selinux? ( sec-policy/selinux-wine )
+	udisks? ( sys-fs/udisks:2 )
+	pulseaudio? ( realtime? ( sys-auth/rtkit ) )"
+
+DEPEND="${COMMON_DEPEND}
+	amd64? ( abi_x86_32? ( !abi_x86_64? ( ${NATIVE_DEPEND} ) ) )
+	X? (
+		x11-proto/inputproto
+		x11-proto/xextproto
+		x11-proto/xf86vidmodeproto
+	)
+	xinerama? ( x11-proto/xineramaproto )
+	prelink? ( sys-devel/prelink )
+	>=sys-kernel/linux-headers-2.6
+	virtual/pkgconfig
+	virtual/yacc
+	sys-devel/flex"
+
+# These use a non-standard "Wine" category, which is provided by
+# /etc/xdg/applications-merged/wine.menu
+QA_DESKTOP_FILE="usr/share/applications/wine-browsedrive.desktop
+usr/share/applications/wine-notepad.desktop
+usr/share/applications/wine-uninstaller.desktop
+usr/share/applications/wine-winecfg.desktop"
+
+wine_build_environment_check() {
+	[[ ${MERGE_TYPE} = "binary" ]] && return 0
+
+	if use abi_x86_64 && [[ $(( $(gcc-major-version) * 100 + $(gcc-minor-version) )) -lt 404 ]]; then
+		eerror "You need gcc-4.4+ to build 64-bit wine"
+		eerror
+		return 1
+	fi
+
+	if use abi_x86_32 && use opencl && [[ x$(eselect opencl show 2> /dev/null) = "xintel" ]]; then
+		eerror "You cannot build wine with USE=opencl because intel-ocl-sdk is 64-bit only."
+		eerror "See https://bugs.gentoo.org/487864 for more details."
+		eerror
+		return 1
+	fi
+}
+
+pkg_pretend() {
+	wine_build_environment_check || die
+}
+
+pkg_setup() {
+	wine_build_environment_check || die
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]] ; then
+		git-2_src_unpack
+	else
+		unpack ${MY_P}.tar.bz2
+	fi
+
+	use pulseaudio && unpack "${PULSE_PATCHES}.tar.bz2"
+	unpack "${WINE_GENTOO}.tar.bz2"
+
+	l10n_find_plocales_changes "${S}/po" "" ".po"
+}
+
+src_prepare() {
+	local md5="$(md5sum server/protocol.def)"
+	local PATCHES=(
+		"${FILESDIR}"/${PN}-1.5.26-winegcc.patch #260726
+		"${FILESDIR}"/${PN}-1.4_rc2-multilib-portage.patch #395615
+		"${FILESDIR}"/${PN}-1.7.12-osmesa-check.patch #429386
+		"${FILESDIR}"/${PN}-1.6-memset-O3.patch #480508
+	)
+	use pulseaudio && PATCHES+=(
+		"../${PULSE_PATCHES}"/*.patch #421365
+	)
+
+	autotools-utils_src_prepare
+
+	if [[ "$(md5sum server/protocol.def)" != "${md5}" ]]; then
+		einfo "server/protocol.def was patched; running tools/make_requests"
+		tools/make_requests || die #432348
+	fi
+	sed -i '/^UPDATE_DESKTOP_DATABASE/s:=.*:=true:' tools/Makefile.in || die
+	if ! use run-exes; then
+		sed -i '/^MimeType/d' tools/wine.desktop || die #117785
+	fi
+
+	# hi-res default icon, #472990, http://bugs.winehq.org/show_bug.cgi?id=24652
+	cp "${WORKDIR}"/${WINE_GENTOO}/icons/oic_winlogo.ico dlls/user32/resources/ || die
+
+	l10n_get_locales > po/LINGUAS # otherwise wine doesn't respect LINGUAS
+}
+
+do_configure() {
+	local myeconfargs=( "${myeconfargs[@]}" )
+
+	if use amd64; then
+		if [[ ${ABI} == amd64 ]]; then
+			myeconfargs+=( --enable-win64 )
+		else
+			use netapi && ewarn "Disabling netapi in wine32; see https://bugs.gentoo.org/494394"
+			# We currently don't have 32-bit libnetapi on amd64; #494394
+			myeconfargs+=(
+				--without-netapi
+				--disable-win64
+			)
+		fi
+
+		# Note: using --with-wine64 results in problems with multilib.eclass
+		# CC/LD hackery. We're using separate tools instead.
+	fi
+
+	autotools-utils_src_configure
+}
+
+src_configure() {
+	export LDCONFIG=/bin/true
+	use custom-cflags || strip-flags
+
+	local myeconfargs=( # common
+		--sysconfdir=/etc/wine
+		$(use_with alsa)
+		$(use_with capi)
+		$(use_with lcms cms)
+		$(use_with cups)
+		$(use_with ncurses curses)
+		$(use_with udisks dbus)
+		$(use_with fontconfig)
+		$(use_with ssl gnutls)
+		$(use_with gphoto2 gphoto)
+		$(use_with gsm)
+		$(use_with gstreamer)
+		--without-hal
+		$(use_with jpeg)
+		$(use_with ldap)
+		$(use_with mp3 mpg123)
+		$(use_with netapi)
+		$(use_with nls gettext)
+		$(use_with openal)
+		$(use_with opencl)
+		$(use_with opengl)
+		$(use_with osmesa)
+		$(use_with oss)
+		$(use_with png)
+		$(use_with threads pthread)
+		$(use_with scanner sane)
+		$(use_enable test tests)
+		$(use_with truetype freetype)
+		$(use_with v4l)
+		$(use_with X x)
+		$(use_with xcomposite)
+		$(use_with xinerama)
+		$(use_with xml)
+		$(use_with xml xslt)
+	)
+
+	use pulseaudio && myeconfargs+=( --with-pulse )
+
+	if use amd64 && use abi_x86_32; then
+		# Avoid crossdev's i686-pc-linux-gnu-pkg-config if building wine32 on amd64; #472038
+		# set AR and RANLIB to make QA scripts happy; #483342
+		tc-export PKG_CONFIG AR RANLIB
+	fi
+
+	multilib_parallel_foreach_abi do_configure
+}
+
+src_compile() {
+	autotools-multilib_src_compile depend
+	autotools-multilib_src_compile all
+}
+
+src_test() {
+	if [[ $(id -u) == 0 ]]; then
+		ewarn "Skipping tests since they cannot be run under the root user."
+		ewarn "To run the test ${PN} suite, add userpriv to FEATURES in make.conf"
+		return
+	fi
+
+	# FIXME: win32-only; wine64 tests fail with "could not find the Wine loader"
+	multilib_toolchain_setup x86
+	local BUILD_DIR="${S}-${ABI}"
+	cd "${BUILD_DIR}" || die
+	WINEPREFIX="${T}/.wine-${ABI}" Xemake test
+}
+
+src_install() {
+	local DOCS=( ANNOUNCE AUTHORS README )
+	add_locale_docs() {
+		local locale_doc="documentation/README.$1"
+		[[ ! -e ${locale_doc} ]] || DOCS=( "${DOCS[@]}" ${locale_doc} )
+	}
+	l10n_for_each_locale_do add_locale_docs
+	autotools-multilib_src_install
+
+	emake -C "../${WINE_GENTOO}" install DESTDIR="${D}" EPREFIX="${EPREFIX}"
+	if use gecko ; then
+		insinto /usr/share/wine/gecko
+		use abi_x86_32 && doins "${DISTDIR}"/wine_gecko-${GV}-x86.msi
+		use abi_x86_64 && doins "${DISTDIR}"/wine_gecko-${GV}-x86_64.msi
+	fi
+	if use mono ; then
+		insinto /usr/share/wine/mono
+		doins "${DISTDIR}"/wine-mono-${MV}.msi
+	fi
+	if ! use perl ; then
+		rm "${D}"usr/bin/{wine{dump,maker},function_grep.pl} "${D}"usr/share/man/man1/wine{dump,maker}.1 || die
+	fi
+
+	use abi_x86_32 && pax-mark psmr "${D}"usr/bin/wine{,-preloader} #255055
+	use abi_x86_64 && pax-mark psmr "${D}"usr/bin/wine64{,-preloader}
+
+	if use abi_x86_64 && ! use abi_x86_32; then
+		dosym /usr/bin/wine{64,} # 404331
+		dosym /usr/bin/wine{64,}-preloader
+	fi
+
+	# respect LINGUAS when installing man pages, #469418
+	for l in de fr pl; do
+		use linguas_${l} || rm -r "${D}"usr/share/man/${l}*
+	done
+}
+
+pkg_preinst() {
+	gnome2_icon_savelist
+}
+
+pkg_postinst() {
+	gnome2_icon_cache_update
+	fdo-mime_desktop_database_update
+}
+
+pkg_postrm() {
+	gnome2_icon_cache_update
+	fdo-mime_desktop_database_update
+}

app-emulation/xen-tools/ChangeLog

@@ -1,6 +1,41 @@
 # ChangeLog for app-emulation/xen-tools
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.225 2014/02/20 10:24:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.228 2014/02/21 04:49:13 idella4 Exp $
+
+  21 Feb 2014; Ian Delaney <idella4@gentoo.org> xen-tools-4.2.3-r1.ebuild,
+  xen-tools-4.2.4.ebuild, xen-tools-4.3.2.ebuild:
+  correct typos, tidy
+
+  20 Feb 2014; Yixun Lan <dlan@gentoo.org>
+  -files/xen-4-CVE-2013-0215-XSA-38.patch,
+  -files/xen-4-CVE-2013-1919-XSA-46.patch,
+  -files/xen-4-CVE-2013-1922-XSA-48.patch,
+  -files/xen-4-CVE-2013-1952-XSA-49.patch,
+  -files/xen-4-CVE-2013-1952-XSA_49.patch,
+  -files/xen-4-CVE-2013-2072-XSA-56.patch,
+  -files/xen-4.2-CVE-2013-1-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-12to13-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-14-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-16-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-17-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-18to19-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-2-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-20to23-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-3-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-4-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-5to7-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-6-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-7-XSA-55.patch,
+  -files/xen-4.2-CVE-2013-9to10-XSA-55.patch, -files/xen-4.2-CVE-XSA-57.patch,
+  -files/xen-tools-4-CVE-2013-4369-XSA-68.patch,
+  -files/xen-tools-4-CVE-2013-4370-XSA-69.patch,
+  -files/xen-tools-4-CVE-2013-4371-XSA-70.patch,
+  -files/xen-tools-4-CVE-2013-4416-XSA-72.patch:
+  clean up unused XSA patches
+
+  20 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-tools-4.2.2-r3.ebuild,
+  -xen-tools-4.2.2-r7.ebuild, -xen-tools-4.2.3.ebuild:
+  drop old ebuild, clean up
 
   20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> xen-tools-4.2.3-r1.ebuild:
   Stable for x86, wrt bug #500530

app-emulation/xen-tools/Manifest

@@ -6,30 +6,9 @@ AUX ipxe-nopie.patch 964 SHA256 0b70407969735f36587fade77f524c1c2077f28585b9e0df
 AUX qemu-bridge.patch 3808 SHA256 73155306c318b7a9304eb5b7798f1d2aaf009f45af4d4dcbbc3beeb7ced013b6 SHA512 be35481ea6f9e87a6b1b73bae4c10137379447d9fecf268073015ac10a3091b8f6b0088d494bff18fcb5df27e3417441a63c63bfa3b87dacd62e5a4d31f34cfd WHIRLPOOL e363cb8e666b83b1023e954fd40c4e6d980c6b391a9159cd60d1b4bf775f8376e198e53c3c59a25a820c2f0de9fa94b2245f31d7a77f224362754865a22fe2d2
 AUX stubs-32.h 537 SHA256 4c903162da80cefd394404cb8cd9963a6ef6e3ad6c7adcbaa450a002d929bfc5 SHA512 55308dbedaa91909a2213940f7a7b574cabe6b5a3104761a2a6f28d6aed00164544488c00cbf9d66a9a370a14c6b6d3a00434efd3ff0228cc8e4d81af19c0e68 WHIRLPOOL 9c006e266bea6bb9d623e76011a4eac07c5fe4fdf76a041cc42a2289a7e9163988bad0fb2f458e300e45aabf9fb864ec764a496d7f89d58e57a506bac206a5f1
 AUX xen-4-CVE-2012-6075-XSA-41.patch 1393 SHA256 6aa21c02e94cb9b4f612c7a9d1a8f980967692b1f20346da9670abb1d7ec688c SHA512 547f63e7eaf0a6db1a9de267cc6f9aa0f28e2221f2c69ca463ada85edbc07ac84c276dcd3ee017ab8846d4e4129e182fb76be35b91ae9a0e0afecdc091e0c305 WHIRLPOOL 848359780edc15895a09bf76afeaa503f907ac98a856b52d64ef4dcb137e2319222a47cd7a2866e6f25731498f487cfca2a462fb6dfcda8404026d8acfff5bcc
-AUX xen-4-CVE-2013-0215-XSA-38.patch 2515 SHA256 7d7a5746bc76da747bf61eb87b3303a8f3abb0d96561f35a706c671317ebe4eb SHA512 2abe25c83a3ede047db380b0477ba1aaaf9d955e87244f8d2404699e011cac46ad5501a0f75b76b90b5dc276d19ae08600a2fe57a69681f97088b5d17d977066 WHIRLPOOL 5176ba1c9f3019c50c087c56185c393ae99c0504f10abf08d896998f80d9f0a05c8c103b4276c3370c72171fab2fdc07ba9c68261ac02c6a859ed7a74b6bd056
-AUX xen-4-CVE-2013-1919-XSA-46.patch 9844 SHA256 822da2303f1fc69648d7a29eb72fdda8e64baab3edc0e1548456d31e66ed1d7c SHA512 35ed4d580d219e977ee1085c223563f51ccd9ce3675df2660d10d99c366a2fe2446269c98ac9dbf57c37de83340f4b0868d0eb3c5d898be4c0fc80357f6ed780 WHIRLPOOL 36015584e3f72c3eea62cd0658230805645983be571768f068baa605b274d16cca9fc4dcb27152016dde81f6a1dbcd91430654af5c2c1b5211ed5c2441b65c1c
-AUX xen-4-CVE-2013-1922-XSA-48.patch 3846 SHA256 dc23077028584e71a08dd0dc9e81552c76744a5ce9d39df5958a95ae9cf3107b SHA512 31dd8c62d41cc0a01a79d9b24a5b793f5e2058230808d9c5364c6ff3477ab02f3258f1bbd761d97dc1b97ee120b41524b999eaac77f33b606496fc324b5fa2e4 WHIRLPOOL 6913705b070daeac8925a44585f94f78ec43cf1d7a8feeba6839499b0340a727f3c39848627bcd58217b589a932fbfce13628bdca2b815e2ddf58b9c69c11721
-AUX xen-4-CVE-2013-1952-XSA-49.patch 1877 SHA256 37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f SHA512 1e3ef057744076b9fca22c1982f33d38be06ab8e5d57e40e3160fc2850b69711a1765e4a2b037f7bc1fdb8a9f93f1649d86ea3da972ec4af147b7b80191069f8 WHIRLPOOL 43e78ad3ba597e7084b6194507839b8cc4c21f45c8fd70f00cb061a4ad22ec9ec690bf35ffffc7e02c616de5f35b329c6c4e3a9cf5ddaf23cdf0525681f70639
-AUX xen-4-CVE-2013-1952-XSA_49.patch 1597 SHA256 f7daee05c81bfa4effa821e22c8b0861c254b3a1d4e14b7da5709a6102997b87 SHA512 f4d49b90b08b5ac52a5e41f0b555db20e846016f0020e67ea243eed24f621b4b356c3c9e7c181e97fa2d428024a941b7b52eb5bfd933a850aafc4a7b51bb3295 WHIRLPOOL e0fb3d0d9463276dc6331547ef13d4117d7c3bb1503f9e60885553056a3452cba4937500834dedc79fde29198420bf0c7e5c7e9e596c8d27202559dd00c94bb7
-AUX xen-4-CVE-2013-2072-XSA-56.patch 1748 SHA256 a691c5f5332a42c0d38ddb4dc037eb902f01ba31033b64c47d02909a8de0257d SHA512 26a1c2cc92ddd4c1ab6712b0e41a0135d0e76a7fe3a14b651fb0235e352e5a24077414371acccb93058b7ce4d882b667386811170ba74570c53165837bcd983d WHIRLPOOL 8c3a7b373564f808074f7876d1b25c9ae8960c0f5d9d0eb5b188e845499273bf878998f0a5ca056fb6920e1c15ebfc6f77e996b915e1c483059b5878ee5a7b2b
 AUX xen-4-CVE-XSA-86.patch 6112 SHA256 0f715b7cecf3c5d786cd9ac8ac8e7b864aa7b332a478f4d94f6296f6b7ae0689 SHA512 79c3b2d77c5e3ca26f5c1368450575854b08f0928226b4313549fd9b67db733fcce09b522f23741199a83b8f20d89e7762b967cff5e2ddbdffe5e8f41d04e7ea WHIRLPOOL 6ae630b50f83dbd11bc717dd3ea02119108987e93d4ce331ad34b850903a8deff975ac16b1f25941dd280254cdfd147f7e5e2a6fa3e4cd15b9a91546aa228d85
 AUX xen-4-fix_dotconfig-gcc.patch 9551 SHA256 93c8726fc3e0bd3f54d4162a3fdace45e3c3ea24fecf5f54270c6dc55c3924ab SHA512 64bfc2dd60bf5a7db593250f9da62cdea4daa458aa8c474ec47b065f6e19509555f48d49ec8624c484d873fe947b6f9cab98cdcd2c24ca8795eb1b64b378a004 WHIRLPOOL 341506ced55ae2ad30af1696434df25ba77c665042aa82dda35d0722f0cccbe567c8cebf51c2e20e0df3084f74f7eb7a69808dea2801f911b2d3c46a293b6ba2
 AUX xen-4-ulong.patch 463 SHA256 160af74e6149a7c8066fa3f0b59c7dc36d0185adc98a3897de0ea26868778c1e SHA512 5188b1712009168c994ad72f9d0b0e9cd708a79244d2fbdd675b2fedb5f62b5b2f6c9f1bdd2101e2b66f1c08ab94f55230f4f269907671d82b00f510d059f2f2 WHIRLPOOL 86c98b5d698535893cd05f05481486a8a96f8ee96ce2add4e14de1d6a18701810d6a2c5925fa6cb367e95ef605c8bf9ebecb7dff7cf01763da4235a9c79c5b3f
-AUX xen-4.2-CVE-2013-1-XSA-55.patch 12309 SHA256 03589da73c958503cc9d3a7403b07ee165cda2a61b696a12e432f071d33c8b8d SHA512 1f1e11233ae2503061f66e23bb8e438ceeb55504f9ce140a4093d7b826e42956baa477e2a02bb660e33874ea6fc671dce89094c6c8959aedf9137ff8e2efc9bd WHIRLPOOL 48fd1c4702ce347bbbc2b5a9cfc1d8198a995cc95182005625df71b4cab1b1dacc38a07d5751d17b411e76acba49ff5669c1fe9afbe208634c25a90a8eae4649
-AUX xen-4.2-CVE-2013-12to13-XSA-55.patch 12653 SHA256 0f150534386d4a54e9b8110988f2511b7f045b526e39985dc5dc904b0814b6c6 SHA512 d1c4ef396d90079c2bb4e12e2bfca1be55a12fe9d1f6388d159a996b2cd10d965c96fb84906f87e31fec6831cfd1ce38cb8964fe9b9bde3c19d37e5b88723551 WHIRLPOOL 884215d7cfd8ed1a4254d3dc41725782966f6a32929a5d74610fe350421a07b8e9d34d4b049e8f472d5d5052de8682a8837368be5007bc09e248790576cf4a3e
-AUX xen-4.2-CVE-2013-14-XSA-55.patch 10103 SHA256 d9df769e1b6847a84cd85e3909acee85ce71fd3bc84945890d586388bc69cb11 SHA512 fcd09ca508e78a97169daf38ee455df6646c954bce7042259c7528b3cd2e6d24416d293b7c3b7fd4707caa29ee8d3916f07af5295341a043b350293a3dfe826f WHIRLPOOL 7d7599ca36bba2cbc9ea899dab98a231d4bdb60363aa5f5da36c00269bdb67f091e84c823c2c80cef985bfebbc8c1a3a207148c2b296084cf30d5252dee68eaf
-AUX xen-4.2-CVE-2013-16-XSA-55.patch 17193 SHA256 345068acdcf4f974d78d2f579c90c6d74ac3b6ed190eae0f182e5f12ac2c48fb SHA512 f650fb7c2a874c6f748a99d228d12931cbd77b45691dbc419d1f319c37534f58bf17aa4d47792931d368b8536e98790cb54fbafe356089964fa22c6366882ad4 WHIRLPOOL 5087bb9940b70a2d8283cbad2f782bf0e0c596f6a6b2a4173a9b2410bf512d063d8f3c2639c402ae61a411006167ecbc293303d00dcb68f5fe61d584b78ff0e7
-AUX xen-4.2-CVE-2013-17-XSA-55.patch 18342 SHA256 46665bce2e48a945ac25960f5f9459e9b9b5ffdc6284c0e8622d3fa01636c3a0 SHA512 f8923756911b18996be1a4ce9d8536291b3c7fd97362b840f784854fbe68753a9044da7e1db499f2b7cb85d0bd5e067a2e3ad763b2dad1b5c3dd8d94bd0f9c87 WHIRLPOOL 94001c689fac74225abad6162b3b16f7107e1de33e46090cb17ca5e8a61472236f9cf058737802d21d4fe42546c6c5d72b3cbf3961126abfb51aeff568c2b57d
-AUX xen-4.2-CVE-2013-18to19-XSA-55.patch 17592 SHA256 13686af23eba9aa4b60416376b34092c5d69bb2c9e0100063c828398fe144758 SHA512 dcf867589d1b427c97f4367155f61cb30c8cc449bb04ae216b0a432b794ad0f9743f35a96f3c3c4be69710031097261b5fb26110de0c285f4e089592cade3403 WHIRLPOOL c6cad0db64d51dfd1e700272731984a2ba06c5defe9b0df482c5d0858d0e5e8db87295b02742f6b9dffa29c573b59d34120806702b84f045ca92c1d9b6618c66
-AUX xen-4.2-CVE-2013-2-XSA-55.patch 2074 SHA256 b7673609a18525f238d411f9b150c90ecf48248542cc95ca969c9a85995768f8 SHA512 d19d0135057a313f458feeb5ce149b31133e5c43dc133e24d2058ade5838e33637bd07cfa82e9fecd98a28dbf85a598c1a70f20c7998d7fae3d5509026e1f6e2 WHIRLPOOL 3eb934e836f84d49bce89b3b79fe19a70734b8590857c1c74954f0c619834546222229912aa9143d9e10c9e912575d3440e53dd8ce19493915e7e347a5c87adc
-AUX xen-4.2-CVE-2013-20to23-XSA-55.patch 12908 SHA256 7422a1ae6d9aea2c0f7df0c459ac48f2a0ea5e1b4daaad0fd74a575ee0a5d73c SHA512 d03a0617d9e74e29b9dacc1a86268f164bb14b490c599166bc37b4524240a0d61d9e312cbe50a9eac1c6d98f050638bfb684cb13df1158478f09100948e5f9aa WHIRLPOOL 3142b686bf1279fb17c3a58c43f5b5a11814fbd3d455d7ebee0fe8f949668eed1bcd88ec5e6cbc71963ce99c830af4e21898cf2d4b7252c64d57b89e8ccc2bf4
-AUX xen-4.2-CVE-2013-3-XSA-55.patch 6149 SHA256 f5b809eceb7d342bac01f6a204eca7c89e1c62287040d2588b093b9cd0b5be22 SHA512 6f1ae849160076202d7dfacf2b8b880effeec19112ef18bb40ceaeac6649f9cd235e26eaaf78ffc83907f5098926818633b1344a3626454ad95dd97a1894ccf4 WHIRLPOOL 88f142e62caddffc611917e79dbbbda9870a779514fbee86c42888d53a2e94ad23fb25c626630410ef9cbb704fd5a3358d1a9bc98e2f9ef82298c2b00ba2bf95
-AUX xen-4.2-CVE-2013-4-XSA-55.patch 2139 SHA256 51b5f8a996f0d84c715235b1497e0816a6b31fbeea593b7c14925d11856e48b1 SHA512 41034da15f7ffdb6efee41dcc763276b1fcdf160edda88a15b0e0c39bc175a592825e9faa78b209a54f01dcb0e5198b6b40a924f49aed1334fdca54739f35e56 WHIRLPOOL 4da524a196fc713f75f57aacc178ad1b0e2e5ab6b00b941620f682a8894fca79a212155bc3e8200b870d3df959ef68f18cdd116ce64f1d3c93007159bdac4201
-AUX xen-4.2-CVE-2013-5to7-XSA-55.patch 6392 SHA256 2861fc68d7b9c49784deb43eeb7196e53316f5439d129d686b7b2157543f9c0a SHA512 1f69e1d9c56244bb8a97b0f9a426007e5779a7e88f2add879a289eda923723e3b4bddcc034797a4e79646780bca1b445fbbc857c9155e72d2177739525d5d88b WHIRLPOOL 4bd68553974eab849315ffff90ef7e0d7811923763ab3c0f111d60f15d574e65652aa5c60708bf60410f5caa0914a2d43dfb4242d7451fb76576a4d2b79fe1a8
-AUX xen-4.2-CVE-2013-6-XSA-55.patch 10103 SHA256 d9df769e1b6847a84cd85e3909acee85ce71fd3bc84945890d586388bc69cb11 SHA512 fcd09ca508e78a97169daf38ee455df6646c954bce7042259c7528b3cd2e6d24416d293b7c3b7fd4707caa29ee8d3916f07af5295341a043b350293a3dfe826f WHIRLPOOL 7d7599ca36bba2cbc9ea899dab98a231d4bdb60363aa5f5da36c00269bdb67f091e84c823c2c80cef985bfebbc8c1a3a207148c2b296084cf30d5252dee68eaf
-AUX xen-4.2-CVE-2013-7-XSA-55.patch 15024 SHA256 4bca58ac49bd56f6defefbfa76cfd0e6d45aabb1641fa9e9f983edbc784a9d89 SHA512 0622b2cbb0dc6f7b6a86a0ed41229fa2574d655b2d7c7727e3c0c4416155e26dbd933af8812f0e3b13f196da4d9de1064dc620751ddd4f66b587ecd6f30902f5 WHIRLPOOL 9ffda09ae380b2417d3599a9fbf894becef9f9bf88277cf8b4195f86e271bb6452aedb33050ddac1c25c7fdf71bb754a361633526a90d61d5489d5dae064c4e4
-AUX xen-4.2-CVE-2013-9to10-XSA-55.patch 11035 SHA256 c73c57ff530c15efa62ee4853d8213f0bac9c31280485f7b54e8b96721fadd92 SHA512 2991e7bf598ac2af57a96204a8babb4c15e5eb7c35c2477e4171b6c600ddc98906fe6dcda02fd5c155d196135b6c28631422bde5302db173ebdfc821089b8de1 WHIRLPOOL dbe8fa7421a68c13159b18b3bf898088c02d9b49d587a2f70a733d6a509fea13246b28b73136510b019d2b28fb23c45fb59e8711d189c0538a758639aaa62dd3
-AUX xen-4.2-CVE-XSA-57.patch 15550 SHA256 b698fb6230af3bf134e90f1611735ec2c4378df25a0ce2643171fbb75fbab489 SHA512 d2216dabd6265540d7a90002c739817a834c34b53a2c180796f264fb6a845bc3e2a8dd02dd7de9317475ff1659f35061c3e7eb51c4ced673a4b5638dba711484 WHIRLPOOL 59bdca24ab5eeb65c8f25c111edfc8b4ca7f62429502eff99e1612113d4dd8077fc38b13993df296bdb5a75831cc4725c25ab0d8b8843a3e3659f1e245cbcbd6
 AUX xen-4.2-configsxp.patch 1216 SHA256 2ac6642cc1db65bb087e8179bb81f3a88230c81042ca951f487faf294def1f39 SHA512 50af6a970be4cbeb7f7c2e721a6f5bea13e73dabe3141131844970838ffc5e04bb65e3c7a98f602a3bbb8326dfb8e3f058adfcffe4e267a07cf081786f5bbc50 WHIRLPOOL ddb0c8ad6ee0653d9b30c86561eee9d6c66675023c0fe2fa7911f9639d5c7b21a1c0fc400978cc23ad075f38c28d97bdd64b3ed4e2ce56740415f8d30d7607ab
 AUX xen-4.2.0-anti-download.patch 1028 SHA256 95ff7390d25eddf56af1d98b1310d2ebf97eebcad5c298c8320eb6ce9afd596e SHA512 8d84c3386764e2dd38bd0e93163c016b38d9e634cc4c9078138e593a887f3a9d2cecf391008004ae934a49b24af2a18051aab22b2a83b48fdad60ea50fc6120d WHIRLPOOL d95955f7236c1a4d9e23e5e4be1a8f8e9148511fc16b4fe0bba3854c02e24789c808739654684140d9900f22172b635c9af5bb6910f594b115b1eca4a7c907bc
 AUX xen-4.2.0-jserver.patch 900 SHA256 a8f9c0517b7fa4d56f3125515d260e60c51ef2cfe3fc22223c54415a92ffa16e SHA512 7f9bb7189273ecc34b5c66aea8cc9567a15c3d7e0fbd44e0f49669b067d719c9d85d6758cc213145679cbb8c2224cb5704aabb3ed40925bb2529965a5238d411 WHIRLPOOL ed6bcf1135c7dcb58eb2219c02b002fb57b16f50bfb0161bc64319b78dd7f8b87bc6206952755af900245d13073408946e31a51f01e95517f7def072f4810e66
@@ -39,10 +18,6 @@ AUX xen-4.3-fix_dotconfig-gcc.patch 19143 SHA256 53464dbb766f4437826c084e74aa84e
 AUX xen-4.3-jserver.patch 1487 SHA256 3bbf6d06ad1960e30dc84a3e3b179d5d23331ecf60d347871b7008c58456a6ed SHA512 f92bced9f3e7fec84b1bfce6ce3366f134cec2b892ffc3afcdd3fd3f73daf158c17c312260fae39bc9e04c1dab1045d17f0da706dd0dba0279e66dea454aed8d WHIRLPOOL 10828eb65effad714a61a18bcd6c33c2b7fb7fd0007b1a68aed7a653cd7e67acc04cc5eb9574d7d50c92fc7ca8223dff0c73f1cfde994e4ee1d787f536588b99
 AUX xen-consoles.logrotate 63 SHA256 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 SHA512 ab2105c75cfe01768aecd5bcbb56269d63666e8a44e42b6a83aee87df6c84ee2f9ab249171c21b2e09f8fec2cae8318f6e87d160989398a3e7dd68db8d52c426 WHIRLPOOL be108bf298202851de434af513ac8c03a533e7621623c2a7e8f26d498074b3eec81b85b2ae29ad2ec67f4fe9937c88bd78c5f5e260793e7e69ec964d4adb989e
 AUX xen-tools-3.4.0-network-bridge-broadcast.patch 496 SHA256 d00a1954447fc29500ab2f1a8c7900310e0dee81942be5c922ad66b6b42dfb74 SHA512 496c61ec237506c77577e832828de923283f55ab07ad141718af1a719b1b5bcdb8152a8cffddc679ff4a3e389582e7b8de8aaf1b4c8b1124bf1563467bdf674f WHIRLPOOL f80a557ed62cc26a51f85bc8682a738ab29d4573e3261c440f6e66f50cd81263fa2c6898b1aa1b1c227a2d3923cc9fd718ffad2e123ee69c6d7929def7906433
-AUX xen-tools-4-CVE-2013-4369-XSA-68.patch 1923 SHA256 64716cb49696298e0bbd9556fe9d6f559a4e2785081e28d50607317b6e27ba32 SHA512 bd1deab154e129fc63dcc51ce5c4d004f5fe044443755a0b8943d8b6087f2ef7cbfd76f2390d36f7b4ad1797ef28abbb23157401468e1bf33ecc7a17aff9e8a4 WHIRLPOOL fe4094b44455aa265780a20dd6c27eff782161908adb235769411e978fe5c8e1e8c6d24487be6b1dcab45e6eb3830d23ec3eacf1f9e5ab99f491c83617ff535b
-AUX xen-tools-4-CVE-2013-4370-XSA-69.patch 995 SHA256 d3beb662aacf628b6a25ff6cfcd9526ab689aa43a56cf25e792a001f89b4edbc SHA512 606bb9e8fbc16893a927cfa1bb45a61cfb0588eead7dd7440301e10275a23590e98af72bb4c01f7772469b4760daeac71a9a3899c55b96f0b88ad4355621ea32 WHIRLPOOL 9f63f44187e1b77d1ace968ee98f46017539b4675e5e164bde97e5e614790eede4754fdd33d57d9e48f8b4cc1607992fa85ae5ccf27b06fa34a4fd5d537f0732
-AUX xen-tools-4-CVE-2013-4371-XSA-70.patch 1050 SHA256 2582d3d545903af475436145f7e459414ad9d9c61d5720992eeeec42de8dde56 SHA512 107335f8e4ffddb9cab9e21dfdf745dea0e4d078c71ee59671942291c189dd0e998a9d480fa91ae439e6410591c9fb06491ca8e810006e22640bf0dc9cf5da81 WHIRLPOOL d7c6908432225ccf13093a378ef3cee09facd2c87cec56251f05e91d7a38dc1878c6be5d7148b7f704a2df94cc60e8b286efb403e58fb50a582076363d18f2b7
-AUX xen-tools-4-CVE-2013-4416-XSA-72.patch 2633 SHA256 66e11513fc512173140f3ca12568f8ef79415e9a7884254a700991b3f1afd125 SHA512 5b97f1d97f3f3109d63cca37ef4922e69031bee42df620aa5aec9ef91d9499b4310aa1dfac49974ed528fdac9885521026a839f66e69d392e4cfc23fa6b4ece5 WHIRLPOOL 988268db13b5ab72bcf1dc60aeb843cb2b33c638c346f84cae792d734c0b987f9ee26b3ecf1db3449750b355a33d68d508722ffafd38c3f967855ff39369c39d
 AUX xen-tools-4-CVE-2014-1950-XSA-88.patch 851 SHA256 7a73ca9db19a9ffe6e8cd259fa71dc1299738f26fa024303f4ab38931db75f14 SHA512 16cb312d5f8f3e83850900ed4c557d9f47e03670ffa8b148a4ac3ca792e309d86706f05119244c9e29b37e366a11d7dbcd4b5f1b47936c9a7b65094fabb4965b WHIRLPOOL a3c21b03a00c3d61bb9d1c843a371f14bb9d3b13aa18bdbc59020bdcf542aadbd027f4357b0b3298f32a4e3e0928ad5b6ccbd4e7462238a91ea8708eaad28fe3
 AUX xen-tools-4-docfix.patch 438 SHA256 016120c2333667aa84861ac9289c48a072c4842fb517936570882e1fc4060de6 SHA512 0a67d703749df823f5223b555c6dc896420e73ed7eeb5e77a8f8b950fc8bafaf9e20d66c35b29883b3cee6f8ca5054af3b55f804d20ae20d676feeeabf92b489 WHIRLPOOL fed73bd521b4cbea804ef4bc3b4b3a4007e7765cf0ab67e700e95afd328181ab5fce246b53a5e2a462baf6029664b25f82ffeabc1aaeb45fa99af344ecc957a5
 AUX xen-tools-4-qemu-xen-doc.patch 820 SHA256 691b2d84f7312388d528c83f3e9e90521e6b2c97abae8ca8a83325655264c98a SHA512 bc07420be7629796e49e128c1cfbde8fa7d4dc3b66174462448e9033f78c0c982dfdbd4dde9b1c54a9862fd2f9602c6bac0be1dfc0df8280aaaf8de60acb708f WHIRLPOOL 4fc2907a42bc3f824160f92586392f7dba07c2229382585f5f7bf4c0f3ab2574a814e8e8fd076b68abb2580497492e1fc0e6181ffb8f1acb5c70e60caff81505
@@ -66,40 +41,24 @@ AUX xenqemudev.confd 156 SHA256 61c5ff72464c5098d9cad50e5dc94a090dd107b4831bb60a
 AUX xenqemudev.initd 1847 SHA256 c1b002a54917f60adf6941fecf44453c0072a9048c9c3e318d2e695f7ea12c72 SHA512 3fb6a8c5d35b773e0fb7bc9b6c26aa18be48b97d95cbb21df8aefeebb814e3fd5819d579504a4015acb0e5fd6abe2f864f48ea83c095cedae2c69720b6e355ad WHIRLPOOL 2a286111d18eb1f8701f3d30e1fb0b006e2ab359db1ff32100e18fd0e4f46cf13407d765842542c38a31598f62cc71f246bb5c11d06410336850c0288c9e8d4a
 AUX xenstored.confd 42 SHA256 afcc14f014fe4ec478f85d230efefba9ffad024bf8c83b30074e8a3712cc7831 SHA512 0906cbcdc84935d07cf53bc4447a1f9a9dc4e4fb9fda9a7163f6982f1d8a3ada1f0650fcd254fb6f715a54f7971daf0a5e61c3de6db70dfd156156fd55b59fe4 WHIRLPOOL df46f3fde8b13c3427f445bcf08eb4c660f6000164a01e461cff85cf93ce1195009fc3b4457181788da8eef8dec9125b41ace233ec6f169919be64337a57ebb8
 AUX xenstored.initd 935 SHA256 d5d731beebe4e24150fab9d79e6a3c48889290324c28180977b97d8d4c5e36f2 SHA512 1fe1df637bb6f01a67ea1aecd2f3648cdd1575187e41cd7ac0f7d6be30d817d37222de914ee97dbe1ac19ea2f772e1db6c09b5e1cb9f5a8f2cfcdec0c912d975 WHIRLPOOL 750a984ef6d2690aa47bd22e2b5fe8617c4bbff0e79a5e4c1d26f7456d07039a9389ca3b70dfd7bfb65f009d8eb738c74052642c775ffd51213bfb5629162746
-DIST XSA-55patches.tar.gz 23888 SHA256 e86749d02ca5594ebcfdaea820a6cf1fe11015c7fdcc5836260498fae317d75b SHA512 ed1f321a1351df99cfb05e1dfc62dda1268544b0c0ceb7a01438805046e027fb9d59194d179b7a8c302b091a7bf444811b0b9359c4d42f7e902510515c275b6b WHIRLPOOL 5a611e5260f0fc97471f386da3499f7714e015c5c2556bd7199466558d8e375784d32655bdbe9ed4cbf492fa3b41091677d9fe6d3714b029c9a2b1dda6102edb
 DIST ipxe.tar.gz 2867999 SHA256 632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c SHA512 c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4 WHIRLPOOL 58b7459aaf7323968e2f4d1cdcb563a04a0ee40d7d0e8fc600495baf6914127fbbbcddfb66199cd9f462eb59565b3d1ae90a05b3c771b8f13c2d2dcb6070eebc
-DIST seabios-0-20121121.tar.bz2 2199282 SHA256 f7f67181c6c0b4cea3a9db48e2569fdcbbc81b732a2f672079c42fb44153ee62 SHA512 4f886088ebaa911590b8cb19db5c5dbc8f1384d2d5a7c4bf04df083e177513b3123b1839dad744171670eded8b69ce092a774288aec1804d00aa32b1b6778599 WHIRLPOOL f2e62682d7213ee5eaecbc2590637ef36d9c86f746840c0ee758c0c153139f485032ea2cd098c87bb8a2b5f17f91375b8fb65599e3b71b45b1645df85a88887f
 DIST seabios-dir-remote-20130720.tar.gz 3201017 SHA256 0cf06b54e8ae1cfc25f2942eea1490a9e7e01f478541577025f6eef76e0c76de SHA512 e9ebe3711e3f678d3632f8e8e645f8be4fb65608aff04aeeb0e1152521bf571bc4d879f136d23bb0aa8bd4c4ec20f294b472cf54dc70916e52d330328aadd357 WHIRLPOOL 6138271f72fd96fabe3cffc07a6efcb9c0e195ed96f4ad708d00e85e0a84a03900dc41389cd4f26d533a3aa42142a9e17708d7b87d722f1c9348f61a5db3e59d
-DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea
 DIST xen-4.2.3-upstream-patches-0.tar.xz 84436 SHA256 7c2477b9b29c9d84bb26ed60bfc2700f2a614ed8040b93906e801831f3498b41 SHA512 a4e8b53a0efb9d64d4dc65ee3107422c8007537e03f9c8e6f1b2c838cf62e6819d447c1ed44aacb5c4e9979f0dad7ed313d2db61df6e6ad2d7708a81964a7e12 WHIRLPOOL cc3c2224bba3b2e5f057ec95f9e85e58b17bc0dce338da429c7970877967cddf69228258ff491be9c1d022169a90fcde34ef1bcb0c198c9123ca219707a5a99f
 DIST xen-4.2.3.tar.gz 15613235 SHA256 69b6a73701383d609ad094a38925004e8595755fb39a6fafd579ba754e8667db SHA512 01521c8724354f92a2555683a8b103e5e16aedeb2c6166cc3ce40a0cc6cd9e07a601aa24930bb7391e00eb97f04003e6523dead09382cf86eb56f5b886509b9a WHIRLPOOL e7f7848ad632e5e77db95b2eb37c82f31a73021af4b6bb44091cc14103faa193bc2d6deb089e2a196daab5a08dbc08f135a8937a25a4ff5d31fe37c789bae1e9
 DIST xen-4.2.4.tar.gz 15663999 SHA256 e23e6292affd7a6d82da99527e8bf3964e57eb7322144c67c2025692b1a21550 SHA512 3e5263511e7c40899f580f3384bd987f9c875b8e6816202fd1a5a64fe7e336803d09e58148af074938ef261f0ceeafad121ac541ddd2bf66b76c5aa4ad07c357 WHIRLPOOL 25d23f5d921139ba0f853fcd76ae998647d32292bccfd4e7c4f3b12f860a38fbb33ebda67c839657bf3a25d837c9c02b80d663362263d16d42284ffde09f0bc2
 DIST xen-4.3.1.tar.gz 16429423 SHA256 3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd SHA512 f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275 WHIRLPOOL 087390786cea9aee273a5d81988436303991aa5ea92faf111d3b619517368f8c8feef84f4f8c602cac723980a344eb90414887db4ca88a2ee14bc6b0253e36ca
 DIST xen-4.3.2.tar.gz 16472188 SHA256 17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 SHA512 ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 WHIRLPOOL 72250369fb2c90ba608e1da018cb6417b3089642c8ba59af9f2825ec5ba7c4e6c5d6f86140b20825817e4625727c6d58c5d38b00863c994e31c8a04927997bd3
-EBUILD xen-tools-4.2.2-r3.ebuild 11697 SHA256 9407f8c81db48b9c41845cbf60635675b5f0c7917cff073d6b43bf2f9dfc0a41 SHA512 77b16ea53ba72363d77c64722b18705c80c51d0fe4fa63018b2611d9da049186c6914047e3e8683e48bcb53d2a77a05e00f3f3d7bf5a70b5900b3395a04e1382 WHIRLPOOL 046f0e38775b7af9293f713e30aa17725601f0ac5c75b59d0b86262bbab5b89ffb95f808a20be7fe40be419f58e48787857dfffc0ba23dfdbfb650ec7a19a070
-EBUILD xen-tools-4.2.2-r7.ebuild 13105 SHA256 b51215ca584b784a5079f632b5c954769440d3d730caf37233032df42a9a7c25 SHA512 7a845a85fa740b01891aaccafadea30d9e1419493db88bfa53cbea79ffcbfe38a4b3394abab27f2c4c02413ebacfcb3f8b49505104f7221c51eabb7271efcffb WHIRLPOOL 4a425e42c1012f31a1d525e9475964afc17f686718f5d2bfb58dc40c9cac21f5d00a38ee0ad3c6020b2f945cb38c7a6d380822793b33aa80599e4be942cb792a
-EBUILD xen-tools-4.2.3-r1.ebuild 11981 SHA256 96fa80fc2008281cebb02341e504f21fb11350bba7ed94529cf4955324c8adb5 SHA512 b3942ef5835714db909ad1b5ef5d6fe388d18c40e4d2d15490655b6e16c2f76c78eea155f0263cfb2b59e073a6e09a6d33a4aae00e1fd5066122e6735f0610b4 WHIRLPOOL 50999cf061e11a2cda0dc4798d810ceee61a7b520f481f80070dd31c1757e8d8e810e957923979d193987292441fc5f5500991dd08ceaed7012ba6a2810d83e7
-EBUILD xen-tools-4.2.3.ebuild 12375 SHA256 bffeb11cc012d86446442c630df384b195f241d1c7ae6159e618419e09a325b5 SHA512 0f549303d456bcdfdfcbb2422ffb9d6619237f1170f734a071d87d99a28853e6d6542652a36ff3aeeecbace96dc04fb10531c342cb2025f18ea361288292542b WHIRLPOOL c8e83fd3862b5608c10e7cc363604c5de29c391954ee7ab8879aac3acb355e863cb8d894dbfff194ca71a191ba8c8c02fde4b0df44c1f4d95e89dde4c2c9fb11
-EBUILD xen-tools-4.2.4.ebuild 11980 SHA256 6f020eabe55fb999097c137e0e6e2923a7d9b451106476910e91233484e4fe3a SHA512 cd4bcaf7cbe9807950ffa7408d5330acf40536a15c3703ea7edc3625f615ee51b4795402f9f1d1c197cfa9cc31a50bfd201dd492c4158e76ea4bd054bc20d93b WHIRLPOOL c4282c7862c18f87f4fef5e9a13dcacf88a6c0838ccb21e9d1b87ac16f81fc2d08138de6dc53b9924f85ec15c8c3dd528bad2136b4dde7ae249a35e996bf31a2
+EBUILD xen-tools-4.2.3-r1.ebuild 11986 SHA256 dcdd44857cf2c6c78d63772322c5ccdd54e680eeeaea7fec1bf668270fdfa995 SHA512 088bead44a5e101c638542c211976ba4072864e62cf4c1dc64287af9209ded61de1dd0a8651047886f649abb1c288e0eac0743383671f5be6039c040fb59814a WHIRLPOOL d9a1cfdf14e4a0f5b434a72e0cee9a092178a352d5d650d8066576dd7407a774b10cf2d8c75e8abaaaf8ef89a90fa03650e311af46683fddf8ba141cb3c32739
+EBUILD xen-tools-4.2.4.ebuild 11984 SHA256 cbd34696846e9d3323080c52f2195b4ea5e599ba719e77eb98e33336fbef60b8 SHA512 ff42d94717716e0b699db2f01bd92f0f74fdb14420cd851e54f58307bc4ebbdc169915f339f6cd6c9e2effd7198de813c3b69eaca367f1ea3223ce871ae7eba0 WHIRLPOOL 2a996a780f9a9bf3e55f15417e74969f8d5a567645cea0c25786cc5d753a5443524a98d0d6aac97ac0956f657ada149e7b740fdd205966051d2d58396cdfe5d3
 EBUILD xen-tools-4.3.1-r5.ebuild 13355 SHA256 df19ea40b75d276dcbbcc358bd39bc2681e6a3b77ba829004e01adc34dcb1a9c SHA512 b5283d8f18f7b41ecd6155ae5cd2fcf31d5fc845eb297c7cc42722b5f4caf5ab184dbcfef2f85310a6ac78e0f535d85ca9e056462db14b7cfc910e173301b727 WHIRLPOOL 3c5580bd53ec61b40537645a1ce53081b4648b5abf1c8d885b2296c375b738085a48e4343cc2504a83a28cfe49ac9d0710d635fd116d3faee6d3cf2768738ff6
 EBUILD xen-tools-4.3.1-r6.ebuild 12999 SHA256 1f06e82fe941a8099bee6deaf44bb678c3eb9a1b22babbba9f11de3c6f665b2c SHA512 2ff51434796f04767273d621ebff1a5714734ab6a8449c9ebfd70b073796a349bdbbfa0260bf083b9f25580cfc3a6858956eb4af4568288d382af8023dc74b8d WHIRLPOOL 2a50029c8ce0993bd35d4f7f1761ab21293b666fa08ba1daa1d10fb463a473e8e9fb4df41020365bbc0a58cca3e879075c00b062537377e0d115029c1d7bbc94
-EBUILD xen-tools-4.3.2.ebuild 13238 SHA256 00c9c15ce76aa2bb3dab1df3cbc318f041ea702314cfc973eb936ca7286eb5a1 SHA512 0b3d9ab2dc54b21d5689b06eec4fd003a5595e7f3acd9e7bef657e9386f7e1bf7a9a8e6287bc312d5fd0f3928bf7e27ee6b6284558b5facb67dc51bb2c29ba2e WHIRLPOOL 7cff0adfd44f33d96ab44f656d8e568239969873ac4ee2238403949a186bc42fc451b948f657adabad1d6a5cdf42c3025214b5be66d442ed7e7b697aa9feea69
-MISC ChangeLog 52803 SHA256 7082aec89af088641c4ebe2ec71b360e01de895754bfa3b57741cf254bcfee67 SHA512 a6980c2573030209b95603587d45e39804e5a052f8cc1ed1ab007b2c85eaedf7da8f664313bbd1a9e6589e9d149e0e76597db373896898636d013c5464cb880c WHIRLPOOL 0c9800f7214a45e3d1ba04dd4e65aca25a3c5e7b5aa45906e6ffb6da955d9e2ff4d1841d1ccf0157d8daf14684ca2e4a5936daf4194e4a46c88812ee541c0cd4
+EBUILD xen-tools-4.3.2.ebuild 13242 SHA256 3e060a74d12eba31c9325a1adce942b8bac357500b32d87e480b3ebadb652b8c SHA512 6a8137b0ab7498bd76deeb352aa3f47a1d470cc8f46154653fdd4fc67086f1d56f189492131fbf15912848c3c9986350e29b12455bfd87bffde4d85481b3ea90 WHIRLPOOL c044740a9773112f8a55889766fba7b4fc8612cf78ce00db80a64ab4e2b6a6c005628c1a1a03b01a2ce0297c8c5d6dd2f0d666252d9af2dda7e07c5da3d3f22b
+MISC ChangeLog 54284 SHA256 af8fdf00d3fd4d62e7124888fc328c7707a4cc8832f1fc01d8653a2d322f6c98 SHA512 b3edc95f9b6b96038b85fde320492528476569d6a9a1b9b59089266f251f3af3ff104be3f3885e0de60bf5c248b17aae867eab214fb46b4f1bf20f1443ddcc1b WHIRLPOOL 49ba519e03f894e35d37b8ea4fadc18c80f3326e7fd8173ab955de85c0b1732cc59b9de74bc377204f91e1d62e06e5a93105523a7951a9868cf9a9526570e675
 MISC metadata.xml 810 SHA256 adf8036cf95a218b6ac09df641acc482e39557e3cfd16728e03af04810c92e36 SHA512 8fd59fc4b8110132df068d3658b8d48b9f10c36243b2ca340c5b178a58eea12bc7531c14b6a41478a0aa754a2b29ec1bf32827d5fca240ad1237c017e50f1de9 WHIRLPOOL 01e873b0cebe4a40f702e0977efc2b3f62984032e3ff81d3e45b3e291712e51c20510f41dd1402bd4d916a674204b02acc49fc6e6be53cbb0f4fc8430cbb53d8
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTBdfRAAoJELp701BxlEWfn9AP/Rru4LaCcTo6x8po7p2xRVtL
-2pVMlayUYA+d0+bLDM0KEN1EVBTuYZijl4/XavAeAgnTuCJCaI4ZToqyKt1dowZE
-9c/NKIsphDPobjys1JGGNHFoVcKkskPEy3txTciUfedfa2qPmA63+cIRno7tBoSU
-HBfFzQU/Pc4oE+AM65hcxUXjLfPkpa5tARkNqqSk5LoQkt32/SYVWFkC+QjV5pq1
-HvgAAMbmGQMcxXEYXMSz4WoPxriKPTNIxKDUJ0kG+h2EO4m3NggyzMdUF4EazB7k
-vdC0J1j81rAIOwCox0uyaW9xDtCLodOECWGD6TIisnJ9PHHvOVPGKRfEN9xU0bn9
-909Ew1rLjAhhHL0yiMFwAFHRexXQBxxNzfd8ZGtdfyYPStrdWeQr0uhq0RT0rnmS
-+YOai1XIYRNFNFGrtaHiK4oJuyMeR7GtPn+aQ3VK7M2l4T5W8QnEuiVJQ8XNsCgd
-3U8NvkvZSBsLfyV86bJ7TtiJ7CT+AmVx+nG5hx4QLRNhKVbTo5dlbKMI/4/M7Saw
-ELhiXZFOQY84Z0tYVh4Di8ReiOjwdEvjCYv0wh01y+zDKx9H1bYxMVwzeBFDS9OO
-pewH0o7AQYouy/Esu4vWlkVYHWV/bx4BJaxMPjZA/RBuL407Iv82AtBRt2zg9WB/
-uVFX8YZxfQMBTSFzaDS8
-=EJ+A
+iEYEAREIAAYFAlMG2UoACgkQso7CE7gHKw34OgCgv6ahZKjsTgTQZZSBZ28q+TNF
+cBIAoLHzgLTWm8h6wgGkJOgNedd/pg+3
+=2awT
 -----END PGP SIGNATURE-----

app-emulation/xen-tools/files/xen-4-CVE-2013-0215-XSA-38.patch

@@ -1,73 +0,0 @@
-diff --git a/tools/ocaml/libs/xb/partial.ml b/tools/ocaml/libs/xb/partial.ml
-index 3558889..d4d1c7b 100644
---- a/tools/ocaml/libs/xb/partial.ml
-+++ b/tools/ocaml/libs/xb/partial.ml
-@@ -27,8 +27,15 @@ external header_size: unit -> int = "stub_header_size"
- external header_of_string_internal: string -> int * int * int * int
-          = "stub_header_of_string"
- 
-+let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
-+
- let of_string s =
- 	let tid, rid, opint, dlen = header_of_string_internal s in
-+	(* A packet which is bigger than xenstore_payload_max is illegal.
-+	   This will leave the guest connection is a bad state and will
-+	   be hard to recover from without restarting the connection
-+	   (ie rebooting the guest) *)
-+	let dlen = min xenstore_payload_max dlen in
- 	{
- 		tid = tid;
- 		rid = rid;
-@@ -38,6 +45,7 @@ let of_string s =
- 	}
- 
- let append pkt s sz =
-+	if pkt.len > 4096 then failwith "Buffer.add: cannot grow buffer";
- 	Buffer.add_string pkt.buf (String.sub s 0 sz)
- 
- let to_complete pkt =
-diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c
-index 00414c5..4888ac5 100644
---- a/tools/ocaml/libs/xb/xs_ring_stubs.c
-+++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
-@@ -39,21 +39,23 @@ static int xs_ring_read(struct mmap_interface *interface,
-                              char *buffer, int len)
- {
- 	struct xenstore_domain_interface *intf = interface->addr;
--	XENSTORE_RING_IDX cons, prod;
-+	XENSTORE_RING_IDX cons, prod; /* offsets only */
- 	int to_read;
- 
--	cons = intf->req_cons;
--	prod = intf->req_prod;
-+	cons = *(volatile uint32*)&intf->req_cons;
-+	prod = *(volatile uint32*)&intf->req_prod;
- 	xen_mb();
-+	cons = MASK_XENSTORE_IDX(cons);
-+	prod = MASK_XENSTORE_IDX(prod);
- 	if (prod == cons)
- 		return 0;
--	if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) 
-+	if (prod > cons)
- 		to_read = prod - cons;
- 	else
--		to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
-+		to_read = XENSTORE_RING_SIZE - cons;
- 	if (to_read < len)
- 		len = to_read;
--	memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
-+	memcpy(buffer, intf->req + cons, len);
- 	xen_mb();
- 	intf->req_cons += len;
- 	return len;
-@@ -66,8 +68,8 @@ static int xs_ring_write(struct mmap_interface *interface,
- 	XENSTORE_RING_IDX cons, prod;
- 	int can_write;
- 
--	cons = intf->rsp_cons;
--	prod = intf->rsp_prod;
-+	cons = *(volatile uint32*)&intf->rsp_cons;
-+	prod = *(volatile uint32*)&intf->rsp_prod;
- 	xen_mb();
- 	if ( (prod - cons) >= XENSTORE_RING_SIZE )
- 		return 0;

app-emulation/xen-tools/files/xen-4-CVE-2013-1919-XSA-46.patch

@@ -1,293 +0,0 @@
-x86: fix various issues with handling guest IRQs
-
-- properly revoke IRQ access in map_domain_pirq() error path
-- don't permit replacing an in use IRQ
-- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
-- track IRQ access permission in host IRQ terms, not guest IRQ ones
-  (and with that, also disallow Dom0 access to IRQ0)
-
-This is CVE-2013-1919 / XSA-46.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-
---- a/tools/libxl/libxl_create.c
-+++ b/tools/libxl/libxl_create.c
-@@ -968,14 +968,16 @@ static void domcreate_launch_dm(libxl__e
-     }
- 
-     for (i = 0; i < d_config->b_info.num_irqs; i++) {
--        uint32_t irq = d_config->b_info.irqs[i];
-+        int irq = d_config->b_info.irqs[i];
- 
--        LOG(DEBUG, "dom%d irq %"PRIx32, domid, irq);
-+        LOG(DEBUG, "dom%d irq %d", domid, irq);
- 
--        ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
-+        ret = irq >= 0 ? xc_physdev_map_pirq(CTX->xch, domid, irq, &irq)
-+                       : -EOVERFLOW;
-+        if (!ret)
-+            ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
-         if ( ret<0 ){
--            LOGE(ERROR,
--                 "failed give dom%d access to irq %"PRId32, domid, irq);
-+            LOGE(ERROR, "failed give dom%d access to irq %d", domid, irq);
-             ret = ERROR_FAIL;
-         }
-     }
---- a/tools/python/xen/xend/server/irqif.py
-+++ b/tools/python/xen/xend/server/irqif.py
-@@ -73,6 +73,12 @@ class IRQController(DevController):
-        
-         pirq = get_param('irq')
- 
-+        rc = xc.physdev_map_pirq(domid = self.getDomid(),
-+                                 index = pirq,
-+                                 pirq  = pirq)
-+        if rc < 0:
-+            raise VmError('irq: Failed to map irq %x' % (pirq))
-+
-         rc = xc.domain_irq_permission(domid        = self.getDomid(),
-                                       pirq         = pirq,
-                                       allow_access = True)
-@@ -81,12 +87,6 @@ class IRQController(DevController):
-             #todo non-fatal
-             raise VmError(
-                 'irq: Failed to configure irq: %d' % (pirq))
--        rc = xc.physdev_map_pirq(domid = self.getDomid(),
--                                index = pirq,
--                                pirq  = pirq)
--        if rc < 0:
--            raise VmError(
--                'irq: Failed to map irq %x' % (pirq))
-         back = dict([(k, config[k]) for k in self.valid_cfg if k in config])
-         return (self.allocateDeviceID(), back, {})
- 
---- a/xen/arch/x86/domain_build.c
-+++ b/xen/arch/x86/domain_build.c
-@@ -1219,7 +1219,7 @@ int __init construct_dom0(
-     /* DOM0 is permitted full I/O capabilities. */
-     rc |= ioports_permit_access(dom0, 0, 0xFFFF);
-     rc |= iomem_permit_access(dom0, 0UL, ~0UL);
--    rc |= irqs_permit_access(dom0, 0, d->nr_pirqs - 1);
-+    rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1);
- 
-     /*
-      * Modify I/O port access permissions.
---- a/xen/arch/x86/domctl.c
-+++ b/xen/arch/x86/domctl.c
-@@ -772,9 +772,13 @@ long arch_do_domctl(
-             goto bind_out;
- 
-         ret = -EPERM;
--        if ( !IS_PRIV(current->domain) &&
--             !irq_access_permitted(current->domain, bind->machine_irq) )
--            goto bind_out;
-+        if ( !IS_PRIV(current->domain) )
-+        {
-+            int irq = domain_pirq_to_irq(d, bind->machine_irq);
-+
-+            if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
-+                goto bind_out;
-+        }
- 
-         ret = -ESRCH;
-         if ( iommu_enabled )
-@@ -803,9 +807,13 @@ long arch_do_domctl(
-         bind = &(domctl->u.bind_pt_irq);
- 
-         ret = -EPERM;
--        if ( !IS_PRIV(current->domain) &&
--             !irq_access_permitted(current->domain, bind->machine_irq) )
--            goto unbind_out;
-+        if ( !IS_PRIV(current->domain) )
-+        {
-+            int irq = domain_pirq_to_irq(d, bind->machine_irq);
-+
-+            if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
-+                goto unbind_out;
-+        }
- 
-         if ( iommu_enabled )
-         {
---- a/xen/arch/x86/irq.c
-+++ b/xen/arch/x86/irq.c
-@@ -184,6 +184,14 @@ int create_irq(int node)
-         desc->arch.used = IRQ_UNUSED;
-         irq = ret;
-     }
-+    else if ( dom0 )
-+    {
-+        ret = irq_permit_access(dom0, irq);
-+        if ( ret )
-+            printk(XENLOG_G_ERR
-+                   "Could not grant Dom0 access to IRQ%d (error %d)\n",
-+                   irq, ret);
-+    }
- 
-     return irq;
- }
-@@ -280,6 +288,17 @@ void clear_irq_vector(int irq)
- void destroy_irq(unsigned int irq)
- {
-     BUG_ON(!MSI_IRQ(irq));
-+
-+    if ( dom0 )
-+    {
-+        int err = irq_deny_access(dom0, irq);
-+
-+        if ( err )
-+            printk(XENLOG_G_ERR
-+                   "Could not revoke Dom0 access to IRQ%u (error %d)\n",
-+                   irq, err);
-+    }
-+
-     dynamic_irq_cleanup(irq);
-     clear_irq_vector(irq);
- }
-@@ -1858,7 +1877,7 @@ int map_domain_pirq(
- 
-     if ( !IS_PRIV(current->domain) &&
-          !(IS_PRIV_FOR(current->domain, d) &&
--           irq_access_permitted(current->domain, pirq)))
-+           irq_access_permitted(current->domain, irq)))
-         return -EPERM;
- 
-     if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs )
-@@ -1887,17 +1906,18 @@ int map_domain_pirq(
-         return ret;
-     }
- 
--    ret = irq_permit_access(d, pirq);
-+    ret = irq_permit_access(d, irq);
-     if ( ret )
-     {
--        dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d\n",
--                d->domain_id, pirq);
-+        printk(XENLOG_G_ERR
-+               "dom%d: could not permit access to IRQ%d (pirq %d)\n",
-+               d->domain_id, irq, pirq);
-         return ret;
-     }
- 
-     ret = prepare_domain_irq_pirq(d, irq, pirq, &info);
-     if ( ret )
--        return ret;
-+        goto revoke;
- 
-     desc = irq_to_desc(irq);
- 
-@@ -1921,8 +1941,14 @@ int map_domain_pirq(
-         spin_lock_irqsave(&desc->lock, flags);
- 
-         if ( desc->handler != &no_irq_type )
-+        {
-+            spin_unlock_irqrestore(&desc->lock, flags);
-             dprintk(XENLOG_G_ERR, "dom%d: irq %d in use\n",
-                     d->domain_id, irq);
-+            pci_disable_msi(msi_desc);
-+            ret = -EBUSY;
-+            goto done;
-+        }
-         setup_msi_handler(desc, msi_desc);
- 
-         if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV
-@@ -1951,7 +1977,14 @@ int map_domain_pirq(
- 
- done:
-     if ( ret )
-+    {
-         cleanup_domain_irq_pirq(d, irq, info);
-+ revoke:
-+        if ( irq_deny_access(d, irq) )
-+            printk(XENLOG_G_ERR
-+                   "dom%d: could not revoke access to IRQ%d (pirq %d)\n",
-+                   d->domain_id, irq, pirq);
-+    }
-     return ret;
- }
- 
-@@ -2017,10 +2050,11 @@ int unmap_domain_pirq(struct domain *d, 
-     if ( !forced_unbind )
-         cleanup_domain_irq_pirq(d, irq, info);
- 
--    ret = irq_deny_access(d, pirq);
-+    ret = irq_deny_access(d, irq);
-     if ( ret )
--        dprintk(XENLOG_G_ERR, "dom%d: could not deny access to irq %d\n",
--                d->domain_id, pirq);
-+        printk(XENLOG_G_ERR
-+               "dom%d: could not deny access to IRQ%d (pirq %d)\n",
-+               d->domain_id, irq, pirq);
- 
-  done:
-     return ret;
---- a/xen/arch/x86/physdev.c
-+++ b/xen/arch/x86/physdev.c
-@@ -147,7 +147,7 @@ int physdev_map_pirq(domid_t domid, int 
-         if ( irq == -1 )
-             irq = create_irq(NUMA_NO_NODE);
- 
--        if ( irq < 0 || irq >= nr_irqs )
-+        if ( irq < nr_irqs_gsi || irq >= nr_irqs )
-         {
-             dprintk(XENLOG_G_ERR, "dom%d: can't create irq for msi!\n",
-                     d->domain_id);
---- a/xen/common/domctl.c
-+++ b/xen/common/domctl.c
-@@ -25,6 +25,7 @@
- #include <xen/paging.h>
- #include <xen/hypercall.h>
- #include <asm/current.h>
-+#include <asm/irq.h>
- #include <asm/page.h>
- #include <public/domctl.h>
- #include <xsm/xsm.h>
-@@ -897,9 +898,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
-         else if ( xsm_irq_permission(d, pirq, allow) )
-             ret = -EPERM;
-         else if ( allow )
--            ret = irq_permit_access(d, pirq);
-+            ret = pirq_permit_access(d, pirq);
-         else
--            ret = irq_deny_access(d, pirq);
-+            ret = pirq_deny_access(d, pirq);
- 
-         rcu_unlock_domain(d);
-     }
---- a/xen/common/event_channel.c
-+++ b/xen/common/event_channel.c
-@@ -369,7 +369,7 @@ static long evtchn_bind_pirq(evtchn_bind
-     if ( (pirq < 0) || (pirq >= d->nr_pirqs) )
-         return -EINVAL;
- 
--    if ( !is_hvm_domain(d) && !irq_access_permitted(d, pirq) )
-+    if ( !is_hvm_domain(d) && !pirq_access_permitted(d, pirq) )
-         return -EPERM;
- 
-     spin_lock(&d->event_lock);
---- a/xen/include/xen/iocap.h
-+++ b/xen/include/xen/iocap.h
-@@ -28,4 +28,22 @@
- #define irq_access_permitted(d, i)                      \
-     rangeset_contains_singleton((d)->irq_caps, i)
- 
-+#define pirq_permit_access(d, i) ({                     \
-+    struct domain *d__ = (d);                           \
-+    int i__ = domain_pirq_to_irq(d__, i);               \
-+    i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\
-+            : -EINVAL;                                  \
-+})
-+#define pirq_deny_access(d, i) ({                       \
-+    struct domain *d__ = (d);                           \
-+    int i__ = domain_pirq_to_irq(d__, i);               \
-+    i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\
-+            : -EINVAL;                                  \
-+})
-+#define pirq_access_permitted(d, i) ({                  \
-+    struct domain *d__ = (d);                           \
-+    rangeset_contains_singleton(d__->irq_caps,          \
-+                                domain_pirq_to_irq(d__, i));\
-+})
-+
- #endif /* __XEN_IOCAP_H__ */

app-emulation/xen-tools/files/xen-4-CVE-2013-1922-XSA-48.patch

@@ -1,114 +0,0 @@
-Add -f FMT  / --format FMT arg to qemu-nbd
-
-From: "Daniel P. Berrange" <berrange@redhat.com>
-
-Currently the qemu-nbd program will auto-detect the format of
-any disk it is given. This behaviour is known to be insecure.
-For example, if qemu-nbd initially exposes a 'raw' file to an
-unprivileged app, and that app runs
-
-   'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'
-
-then the next time the app is started, the qemu-nbd will now
-detect it as a 'qcow2' file and expose /etc/shadow to the
-unprivileged app.
-
-The only way to avoid this is to explicitly tell qemu-nbd what
-disk format to use on the command line, completely disabling
-auto-detection. This patch adds a '-f' / '--format' arg for
-this purpose, mirroring what is already available via qemu-img
-and qemu commands.
-
-  qemu-nbd --format raw -p 9000 evil.img
-
-will now always use raw, regardless of what format 'evil.img'
-looks like it contains
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-[Use errx, not err. - Paolo]
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-
-[ This is a security issue, CVE-2013-1922 / XSA-48. ]
-
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 291cba2..8fbe2cf 100644
---- a/tools/qemu-xen/qemu-nbd.c
-+++ b/tools/qemu-xen/qemu-nbd.c
-@@ -247,6 +247,7 @@ out:
- int main(int argc, char **argv)
- {
-     BlockDriverState *bs;
-+    BlockDriver *drv;
-     off_t dev_offset = 0;
-     off_t offset = 0;
-     uint32_t nbdflags = 0;
-@@ -256,7 +257,7 @@ int main(int argc, char **argv)
-     struct sockaddr_in addr;
-     socklen_t addr_len = sizeof(addr);
-     off_t fd_size;
--    const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t";
-+    const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t";
-     struct option lopt[] = {
-         { "help", 0, NULL, 'h' },
-         { "version", 0, NULL, 'V' },
-@@ -271,6 +272,7 @@ int main(int argc, char **argv)
-         { "snapshot", 0, NULL, 's' },
-         { "nocache", 0, NULL, 'n' },
-         { "shared", 1, NULL, 'e' },
-+        { "format", 1, NULL, 'f' },
-         { "persistent", 0, NULL, 't' },
-         { "verbose", 0, NULL, 'v' },
-         { NULL, 0, NULL, 0 }
-@@ -292,6 +294,7 @@ int main(int argc, char **argv)
-     int max_fd;
-     int persistent = 0;
-     pthread_t client_thread;
-+    const char *fmt = NULL;
- 
-     /* The client thread uses SIGTERM to interrupt the server.  A signal
-      * handler ensures that "qemu-nbd -v -c" exits with a nice status code.
-@@ -368,6 +371,9 @@ int main(int argc, char **argv)
-                 errx(EXIT_FAILURE, "Shared device number must be greater than 0\n");
-             }
-             break;
-+        case 'f':
-+            fmt = optarg;
-+            break;
- 	case 't':
- 	    persistent = 1;
- 	    break;
-@@ -478,9 +484,19 @@ int main(int argc, char **argv)
-     bdrv_init();
-     atexit(bdrv_close_all);
- 
-+    if (fmt) {
-+        drv = bdrv_find_format(fmt);
-+        if (!drv) {
-+            errx(EXIT_FAILURE, "Unknown file format '%s'", fmt);
-+        }
-+    } else {
-+        drv = NULL;
-+    }
-+
-     bs = bdrv_new("hda");
-     srcpath = argv[optind];
--    if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) {
-+    ret = bdrv_open(bs, srcpath, flags, drv);
-+    if (ret < 0) {
-         errno = -ret;
-         err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]);
-     }
-diff --git a/qemu-nbd.texi b/qemu-nbd.texi
-index 44996cc..f56c68e 100644
---- a/tools/qemu-xen/qemu-nbd.texi
-+++ b/tools/qemu-xen/qemu-nbd.texi
-@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protocol.
-   disconnect the specified device
- @item -e, --shared=@var{num}
-   device can be shared by @var{num} clients (default @samp{1})
-+@item -f, --format=@var{fmt}
-+  force block driver for format @var{fmt} instead of auto-detecting
- @item -t, --persistent
-   don't exit on the last connection
- @item -v, --verbose

app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA-49.patch

@@ -1,50 +0,0 @@
-VT-d: don't permit SVT_NO_VERIFY entries for known device types
-
-Only in cases where we don't know what to do we should leave the IRTE
-blank (suppressing all validation), but we should always log a warning
-in those cases (as being insecure).
-
-This is CVE-2013-1952 / XSA-49.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: "Zhang, Xiantao" <xiantao.zhang@intel.com>
-
---- a/xen/drivers/passthrough/vtd/intremap.c
-+++ b/xen/drivers/passthrough/vtd/intremap.c
-@@ -440,16 +440,15 @@ static void set_msi_source_id(struct pci
-     type = pdev_type(seg, bus, devfn);
-     switch ( type )
-     {
-+    case DEV_TYPE_PCIe_ENDPOINT:
-     case DEV_TYPE_PCIe_BRIDGE:
-     case DEV_TYPE_PCIe2PCI_BRIDGE:
--    case DEV_TYPE_LEGACY_PCI_BRIDGE:
--        break;
--
--    case DEV_TYPE_PCIe_ENDPOINT:
-         set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
-         break;
- 
-     case DEV_TYPE_PCI:
-+    case DEV_TYPE_LEGACY_PCI_BRIDGE:
-+    /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
-         ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
-         if ( ret == 0 ) /* integrated PCI device */
-         {
-@@ -461,10 +460,15 @@ static void set_msi_source_id(struct pci
-             if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
-                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
-                             (bus << 8) | pdev->bus);
--            else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
-+            else
-                 set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
-                             PCI_BDF2(bus, devfn));
-         }
-+        else
-+            dprintk(XENLOG_WARNING VTDPREFIX,
-+                    "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
-+                    pdev->domain->domain_id,
-+                    seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
-         break;
- 
-     default:

app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA_49.patch

@@ -1,41 +0,0 @@
-diff -ur xen-4.2.1.orig/xen/drivers/passthrough/vtd/intremap.c xen-4.2.1/xen/drivers/passthrough/vtd/intremap.c
---- xen/drivers/passthrough/vtd/intremap.c	2012-12-17 23:01:55.000000000 +0800
-+++ xen/drivers/passthrough/vtd/intremap.c	2013-05-15 23:09:06.704546506 +0800
-@@ -440,16 +440,17 @@
-     type = pdev_type(seg, bus, devfn);
-     switch ( type )
-     {
-+    case DEV_TYPE_PCIe_ENDPOINT:
-     case DEV_TYPE_PCIe_BRIDGE:
-     case DEV_TYPE_PCIe2PCI_BRIDGE:
--    case DEV_TYPE_LEGACY_PCI_BRIDGE:
--        break;
- 
--    case DEV_TYPE_PCIe_ENDPOINT:
-         set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
-         break;
- 
-     case DEV_TYPE_PCI:
-+    case DEV_TYPE_LEGACY_PCI_BRIDGE:
-+    /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
-+
-         ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
-         if ( ret == 0 ) /* integrated PCI device */
-         {
-@@ -461,10 +462,15 @@
-             if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
-                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
-                             (bus << 8) | pdev->bus);
--            else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
-+            else
-                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
-                             PCI_BDF2(bus, devfn));
-         }
-+        else
-+            dprintk(XENLOG_WARNING VTDPREFIX,
-+                    "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
-+                    pdev->domain->domain_id,
-+                    seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
-         break;
- 
-     default:

app-emulation/xen-tools/files/xen-4-CVE-2013-2072-XSA-56.patch

@@ -1,50 +0,0 @@
-libxc: limit cpu values when setting vcpu affinity
-
-When support for pinning more than 64 cpus was added, check for cpu
-out-of-range values was removed. This can lead to subsequent
-out-of-bounds cpumap array accesses in case the cpu number is higher
-than the actual count.
-
-This patch returns the check.
-
-This is CVE-2013-2072 / XSA-56
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-
-diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c
-index e220f68..e611b24 100644
---- a/tools/python/xen/lowlevel/xc/xc.c
-+++ b/tools/python/xen/lowlevel/xc/xc.c
-@@ -228,6 +228,7 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
-     int vcpu = 0, i;
-     xc_cpumap_t cpumap;
-     PyObject *cpulist = NULL;
-+    int nr_cpus;
- 
-     static char *kwd_list[] = { "domid", "vcpu", "cpumap", NULL };
- 
-@@ -235,6 +236,10 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
-                                       &dom, &vcpu, &cpulist) )
-         return NULL;
- 
-+    nr_cpus = xc_get_max_cpus(self->xc_handle);
-+    if ( nr_cpus == 0 )
-+        return pyxc_error_to_exception(self->xc_handle);
-+
-     cpumap = xc_cpumap_alloc(self->xc_handle);
-     if(cpumap == NULL)
-         return pyxc_error_to_exception(self->xc_handle);
-@@ -244,6 +249,13 @@ static PyObject *pyxc_vcpu_setaffinity(XcObject *self,
-         for ( i = 0; i < PyList_Size(cpulist); i++ ) 
-         {
-             long cpu = PyInt_AsLong(PyList_GetItem(cpulist, i));
-+            if ( cpu < 0 || cpu >= nr_cpus )
-+            {
-+                free(cpumap);
-+                errno = EINVAL;
-+                PyErr_SetFromErrno(xc_error_obj);
-+                return NULL;
-+            }
-             cpumap[cpu / 8] |= 1 << (cpu % 8);
-         }
-     }

app-emulation/xen-tools/files/xen-4.2-CVE-2013-1-XSA-55.patch

@@ -1,417 +0,0 @@
-From 9737484becab4a25159f1e985700eaee89690d34 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:15 +0100
-Subject: [PATCH 01/23] libelf: abolish libelf-relocate.c
-
-This file is not actually used.  It's not built in Xen's instance of
-libelf; in libxc's it's built but nothing in it is called.  Do not
-compile it in libxc, and delete it.
-
-This reduces the amount of work we need to do in forthcoming patches
-to libelf (particularly since as libelf-relocate.c is not used it is
-probably full of bugs).
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
- tools/libxc/Makefile                |    2 +-
- xen/common/libelf/libelf-relocate.c |  372 -----------------------------------
- 2 files changed, 1 insertions(+), 373 deletions(-)
- delete mode 100644 xen/common/libelf/libelf-relocate.c
-
-diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
-index ca38cbd..d8c6a60 100644
---- a/tools/libxc/Makefile
-+++ b/tools/libxc/Makefile
-@@ -53,7 +53,7 @@ vpath %.c ../../xen/common/libelf
- CFLAGS += -I../../xen/common/libelf
- 
- GUEST_SRCS-y += libelf-tools.c libelf-loader.c
--GUEST_SRCS-y += libelf-dominfo.c libelf-relocate.c
-+GUEST_SRCS-y += libelf-dominfo.c
- 
- # new domain builder
- GUEST_SRCS-y                 += xc_dom_core.c xc_dom_boot.c
-diff --git a/xen/common/libelf/libelf-relocate.c b/xen/common/libelf/libelf-relocate.c
-#deleted file mode 100644
-index 7ef4b01..0000000
---- a/xen/common/libelf/libelf-relocate.c
-+++ /dev/null
-@@ -1,372 +0,0 @@
--/*
-- * ELF relocation code (not used by xen kernel right now).
-- *
-- * This library is free software; you can redistribute it and/or
-- * modify it under the terms of the GNU Lesser General Public
-- * License as published by the Free Software Foundation;
-- * version 2.1 of the License.
-- *
-- * This library is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-- * Lesser General Public License for more details.
-- *
-- * You should have received a copy of the GNU Lesser General Public
-- * License along with this library; if not, write to the Free Software
-- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-- */
--
--#include "libelf-private.h"
--
--/* ------------------------------------------------------------------------ */
--
--static const char *rel_names_i386[] = {
--    "R_386_NONE",
--    "R_386_32",
--    "R_386_PC32",
--    "R_386_GOT32",
--    "R_386_PLT32",
--    "R_386_COPY",
--    "R_386_GLOB_DAT",
--    "R_386_JMP_SLOT",
--    "R_386_RELATIVE",
--    "R_386_GOTOFF",
--    "R_386_GOTPC",
--    "R_386_32PLT",
--    "R_386_TLS_TPOFF",
--    "R_386_TLS_IE",
--    "R_386_TLS_GOTIE",
--    "R_386_TLS_LE",
--    "R_386_TLS_GD",
--    "R_386_TLS_LDM",
--    "R_386_16",
--    "R_386_PC16",
--    "R_386_8",
--    "R_386_PC8",
--    "R_386_TLS_GD_32",
--    "R_386_TLS_GD_PUSH",
--    "R_386_TLS_GD_CALL",
--    "R_386_TLS_GD_POP",
--    "R_386_TLS_LDM_32",
--    "R_386_TLS_LDM_PUSH",
--    "R_386_TLS_LDM_CALL",
--    "R_386_TLS_LDM_POP",
--    "R_386_TLS_LDO_32",
--    "R_386_TLS_IE_32",
--    "R_386_TLS_LE_32",
--    "R_386_TLS_DTPMOD32",
--    "R_386_TLS_DTPOFF32",
--    "R_386_TLS_TPOFF32",
--};
--
--static int elf_reloc_i386(struct elf_binary *elf, int type,
--                          uint64_t addr, uint64_t value)
--{
--    void *ptr = elf_get_ptr(elf, addr);
--    uint32_t *u32;
--
--    switch ( type )
--    {
--    case 1 /* R_386_32 */ :
--        u32 = ptr;
--        *u32 += elf->reloc_offset;
--        break;
--    case 2 /* R_386_PC32 */ :
--        /* nothing */
--        break;
--    default:
--        return -1;
--    }
--    return 0;
--}
--
--/* ------------------------------------------------------------------------ */
--
--static const char *rel_names_x86_64[] = {
--    "R_X86_64_NONE",
--    "R_X86_64_64",
--    "R_X86_64_PC32",
--    "R_X86_64_GOT32",
--    "R_X86_64_PLT32",
--    "R_X86_64_COPY",
--    "R_X86_64_GLOB_DAT",
--    "R_X86_64_JUMP_SLOT",
--    "R_X86_64_RELATIVE",
--    "R_X86_64_GOTPCREL",
--    "R_X86_64_32",
--    "R_X86_64_32S",
--    "R_X86_64_16",
--    "R_X86_64_PC16",
--    "R_X86_64_8",
--    "R_X86_64_PC8",
--    "R_X86_64_DTPMOD64",
--    "R_X86_64_DTPOFF64",
--    "R_X86_64_TPOFF64",
--    "R_X86_64_TLSGD",
--    "R_X86_64_TLSLD",
--    "R_X86_64_DTPOFF32",
--    "R_X86_64_GOTTPOFF",
--    "R_X86_64_TPOFF32",
--};
--
--static int elf_reloc_x86_64(struct elf_binary *elf, int type,
--                            uint64_t addr, uint64_t value)
--{
--    void *ptr = elf_get_ptr(elf, addr);
--    uint64_t *u64;
--    uint32_t *u32;
--    int32_t *s32;
--
--    switch ( type )
--    {
--    case 1 /* R_X86_64_64 */ :
--        u64 = ptr;
--        value += elf->reloc_offset;
--        *u64 = value;
--        break;
--    case 2 /* R_X86_64_PC32 */ :
--        u32 = ptr;
--        *u32 = value - addr;
--        if ( *u32 != (uint32_t)(value - addr) )
--        {
--            elf_err(elf, "R_X86_64_PC32 overflow: 0x%" PRIx32
--                    " != 0x%" PRIx32 "\n",
--                    *u32, (uint32_t) (value - addr));
--            return -1;
--        }
--        break;
--    case 10 /* R_X86_64_32 */ :
--        u32 = ptr;
--        value += elf->reloc_offset;
--        *u32 = value;
--        if ( *u32 != value )
--        {
--            elf_err(elf, "R_X86_64_32 overflow: 0x%" PRIx32
--                    " != 0x%" PRIx64 "\n",
--                    *u32, value);
--            return -1;
--        }
--        break;
--    case 11 /* R_X86_64_32S */ :
--        s32 = ptr;
--        value += elf->reloc_offset;
--        *s32 = value;
--        if ( *s32 != (int64_t) value )
--        {
--            elf_err(elf, "R_X86_64_32S overflow: 0x%" PRIx32
--                    " != 0x%" PRIx64 "\n",
--                    *s32, (int64_t) value);
--            return -1;
--        }
--        break;
--    default:
--        return -1;
--    }
--    return 0;
--}
--
--/* ------------------------------------------------------------------------ */
--
--static struct relocs {
--    const char **names;
--    int count;
--    int (*func) (struct elf_binary * elf, int type, uint64_t addr,
--                 uint64_t value);
--} relocs[] =
--/* *INDENT-OFF* */
--{
--    [EM_386] = {
--        .names = rel_names_i386,
--        .count = sizeof(rel_names_i386) / sizeof(rel_names_i386[0]),
--        .func = elf_reloc_i386,
--    },
--    [EM_X86_64] = {
--        .names = rel_names_x86_64,
--        .count = sizeof(rel_names_x86_64) / sizeof(rel_names_x86_64[0]),
--        .func = elf_reloc_x86_64,
--    }
--};
--/* *INDENT-ON* */
--
--/* ------------------------------------------------------------------------ */
--
--static const char *rela_name(int machine, int type)
--{
--    if ( machine > sizeof(relocs) / sizeof(relocs[0]) )
--        return "unknown mach";
--    if ( !relocs[machine].names )
--        return "unknown mach";
--    if ( type > relocs[machine].count )
--        return "unknown rela";
--    return relocs[machine].names[type];
--}
--
--static int elf_reloc_section(struct elf_binary *elf,
--                             const elf_shdr * rels,
--                             const elf_shdr * sect, const elf_shdr * syms)
--{
--    const void *ptr, *end;
--    const elf_shdr *shdr;
--    const elf_rela *rela;
--    const elf_rel *rel;
--    const elf_sym *sym;
--    uint64_t s_type;
--    uint64_t r_offset;
--    uint64_t r_info;
--    uint64_t r_addend;
--    int r_type, r_sym;
--    size_t rsize;
--    uint64_t shndx, sbase, addr, value;
--    const char *sname;
--    int machine;
--
--    machine = elf_uval(elf, elf->ehdr, e_machine);
--    if ( (machine >= (sizeof(relocs) / sizeof(relocs[0]))) ||
--         (relocs[machine].func == NULL) )
--    {
--        elf_err(elf, "%s: can't handle machine %d\n",
--                __FUNCTION__, machine);
--        return -1;
--    }
--    if ( elf_swap(elf) )
--    {
--        elf_err(elf, "%s: non-native byte order, relocation not supported\n",
--                __FUNCTION__);
--        return -1;
--    }
--
--    s_type = elf_uval(elf, rels, sh_type);
--    rsize = (SHT_REL == s_type) ? elf_size(elf, rel) : elf_size(elf, rela);
--    ptr = elf_section_start(elf, rels);
--    end = elf_section_end(elf, rels);
--
--    for ( ; ptr < end; ptr += rsize )
--    {
--        switch ( s_type )
--        {
--        case SHT_REL:
--            rel = ptr;
--            r_offset = elf_uval(elf, rel, r_offset);
--            r_info = elf_uval(elf, rel, r_info);
--            r_addend = 0;
--            break;
--        case SHT_RELA:
--            rela = ptr;
--            r_offset = elf_uval(elf, rela, r_offset);
--            r_info = elf_uval(elf, rela, r_info);
--            r_addend = elf_uval(elf, rela, r_addend);
--            break;
--        default:
--            /* can't happen */
--            return -1;
--        }
--        if ( elf_64bit(elf) )
--        {
--            r_type = ELF64_R_TYPE(r_info);
--            r_sym = ELF64_R_SYM(r_info);
--        }
--        else
--        {
--            r_type = ELF32_R_TYPE(r_info);
--            r_sym = ELF32_R_SYM(r_info);
--        }
--
--        sym = elf_sym_by_index(elf, r_sym);
--        shndx = elf_uval(elf, sym, st_shndx);
--        switch ( shndx )
--        {
--        case SHN_UNDEF:
--            sname = "*UNDEF*";
--            sbase = 0;
--            break;
--        case SHN_COMMON:
--            elf_err(elf, "%s: invalid section: %" PRId64 "\n",
--                    __FUNCTION__, shndx);
--            return -1;
--        case SHN_ABS:
--            sname = "*ABS*";
--            sbase = 0;
--            break;
--        default:
--            shdr = elf_shdr_by_index(elf, shndx);
--            if ( shdr == NULL )
--            {
--                elf_err(elf, "%s: invalid section: %" PRId64 "\n",
--                        __FUNCTION__, shndx);
--                return -1;
--            }
--            sname = elf_section_name(elf, shdr);
--            sbase = elf_uval(elf, shdr, sh_addr);
--        }
--
--        addr = r_offset;
--        value = elf_uval(elf, sym, st_value);
--        value += r_addend;
--
--        if ( elf->log_callback && (elf->verbose > 1) )
--        {
--            uint64_t st_name = elf_uval(elf, sym, st_name);
--            const char *name = st_name ? elf->sym_strtab + st_name : "*NONE*";
--
--            elf_msg(elf,
--                    "%s: type %s [%d], off 0x%" PRIx64 ", add 0x%" PRIx64 ","
--                    " sym %s [0x%" PRIx64 "], sec %s [0x%" PRIx64 "]"
--                    "  ->  addr 0x%" PRIx64 " value 0x%" PRIx64 "\n",
--                    __FUNCTION__, rela_name(machine, r_type), r_type, r_offset,
--                    r_addend, name, elf_uval(elf, sym, st_value), sname, sbase,
--                    addr, value);
--        }
--
--        if ( relocs[machine].func(elf, r_type, addr, value) == -1 )
--        {
--            elf_err(elf, "%s: unknown/unsupported reloc type %s [%d]\n",
--                    __FUNCTION__, rela_name(machine, r_type), r_type);
--            return -1;
--        }
--    }
--    return 0;
--}
--
--int elf_reloc(struct elf_binary *elf)
--{
--    const elf_shdr *rels, *sect, *syms;
--    uint64_t i, count, type;
--
--    count = elf_shdr_count(elf);
--    for ( i = 0; i < count; i++ )
--    {
--        rels = elf_shdr_by_index(elf, i);
--        type = elf_uval(elf, rels, sh_type);
--        if ( (type != SHT_REL) && (type != SHT_RELA) )
--            continue;
--
--        sect = elf_shdr_by_index(elf, elf_uval(elf, rels, sh_info));
--        syms = elf_shdr_by_index(elf, elf_uval(elf, rels, sh_link));
--        if ( NULL == sect || NULL == syms )
--            continue;
--
--        if ( !(elf_uval(elf, sect, sh_flags) & SHF_ALLOC) )
--        {
--            elf_msg(elf, "%s: relocations for %s, skipping\n",
--                    __FUNCTION__, elf_section_name(elf, sect));
--            continue;
--        }
--
--        elf_msg(elf, "%s: relocations for %s @ 0x%" PRIx64 "\n",
--                __FUNCTION__, elf_section_name(elf, sect),
--                elf_uval(elf, sect, sh_addr));
--        if ( elf_reloc_section(elf, rels, sect, syms) != 0 )
--            return -1;
--    }
--    return 0;
--}
--
--/*
-- * Local variables:
-- * mode: C
-- * c-set-style: "BSD"
-- * c-basic-offset: 4
-- * tab-width: 4
-- * indent-tabs-mode: nil
-- * End:
-- */
--- 
-#1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-12to13-XSA-55.patch

@@ -1,371 +0,0 @@
-From d0790bdad7496e720416b2d4a04563c4c27e7b95 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:17 +0100
-Subject: [PATCH 12/23] libelf: Check pointer references in elf_is_elfbinary
-
-elf_is_elfbinary didn't take a length parameter and could potentially
-access out of range when provided with a very short image.
-
-We only need to check the size is enough for the actual dereference in
-elf_is_elfbinary; callers are just using it to check the magic number
-and do their own checks (usually via the new elf_ptrval system) before
-dereferencing other parts of the header.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
----
- tools/libxc/xc_dom_elfloader.c    |    2 +-
- xen/arch/x86/bzimage.c            |    4 ++--
- xen/common/libelf/libelf-loader.c |    2 +-
- xen/common/libelf/libelf-tools.c  |    9 ++++++---
- xen/include/xen/libelf.h          |    4 +++-
- 5 files changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index b82a08c..ea45886 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -95,7 +95,7 @@ static int check_elf_kernel(struct xc_dom_image *dom, int verbose)
-         return -EINVAL;
-     }
- 
--    if ( !elf_is_elfbinary(dom->kernel_blob) )
-+    if ( !elf_is_elfbinary(dom->kernel_blob, dom->kernel_size) )
-     {
-         if ( verbose )
-             xc_dom_panic(dom->xch,
-diff --git a/xen/arch/x86/bzimage.c b/xen/arch/x86/bzimage.c
-index 5adc223..3600dca 100644
---- a/xen/arch/x86/bzimage.c
-+++ b/xen/arch/x86/bzimage.c
-@@ -220,7 +220,7 @@ unsigned long __init bzimage_headroom(char *image_start,
-         image_length = hdr->payload_length;
-     }
- 
--    if ( elf_is_elfbinary(image_start) )
-+    if ( elf_is_elfbinary(image_start, image_length) )
-         return 0;
- 
-     orig_image_len = image_length;
-@@ -251,7 +251,7 @@ int __init bzimage_parse(char *image_base, char **image_start, unsigned long *im
-         *image_len = hdr->payload_length;
-     }
- 
--    if ( elf_is_elfbinary(*image_start) )
-+    if ( elf_is_elfbinary(*image_start, *image_len) )
-         return 0;
- 
-     BUG_ON(!(image_base < *image_start));
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index a3310e7..f8be635 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -29,7 +29,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size)
-     ELF_HANDLE_DECL(elf_shdr) shdr;
-     uint64_t i, count, section, offset;
- 
--    if ( !elf_is_elfbinary(image_input) )
-+    if ( !elf_is_elfbinary(image_input, size) )
-     {
-         elf_err(elf, "%s: not an ELF binary\n", __FUNCTION__);
-         return -1;
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 46ca553..744027e 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -332,11 +332,14 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(
- 
- /* ------------------------------------------------------------------------ */
- 
--int elf_is_elfbinary(const void *image)
-+int elf_is_elfbinary(const void *image_start, size_t image_size)
- {
--    const Elf32_Ehdr *ehdr = image;
-+    const Elf32_Ehdr *ehdr = image_start;
- 
--    return IS_ELF(*ehdr); /* fixme unchecked */
-+    if ( image_size < sizeof(*ehdr) )
-+        return 0;
-+
-+    return IS_ELF(*ehdr);
- }
- 
- int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index ddc3ed7..ac93858 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -350,7 +350,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
-                                 unsigned int unitsz, unsigned int idx);
- ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- 
--int elf_is_elfbinary(const void *image);
-+/* (Only) checks that the image has the right magic number. */
-+int elf_is_elfbinary(const void *image_start, size_t image_size);
-+
- int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
- 
- /* ------------------------------------------------------------------------ */
--- 
-1.7.2.5
-#From a965b8f80388603d439ae2b8ee7b9b018a079f90 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:17 +0100
-#Subject: [PATCH 13/23] libelf: Make all callers call elf_check_broken
-#
-#This arranges that if the new pointer reference error checking
-#tripped, we actually get a message about it.  In this patch these
-#messages do not change the actual return values from the various
-#functions: so pointer reference errors do not prevent loading.  This
-#is for fear that some existing kernels might cause the code to make
-#these wild references, which would then break, which is not a good
-#thing in a security patch.
-#
-#In xen/arch/x86/domain_build.c we have to introduce an "out" label and
-#change all of the "return rc" beyond the relevant point into "goto
-#out".
-#
-#Difference in the 4.2 series, compared to unstable:
-#
-#* tools/libxc/xc_hvm_build_x86.c:setup_guest and
-#  xen/arch/arm/kernel.c:kernel_try_elf_prepare have different
-#  error handling in 4.2 to unstable; patch adjusted accordingly.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#
-#xen-unstable version Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com>
-#---
-# tools/libxc/xc_dom_elfloader.c |   25 +++++++++++++++++++++----
-# tools/libxc/xc_hvm_build_x86.c |    5 +++++
-# tools/xcutils/readnotes.c      |    3 +++
-# xen/arch/arm/kernel.c          |   15 ++++++++++++++-
-# xen/arch/x86/domain_build.c    |   28 +++++++++++++++++++++-------
-# 5 files changed, 64 insertions(+), 12 deletions(-)
-#
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index ea45886..4fb4da2 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -276,6 +276,13 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-             elf_store_field(elf, shdr, e32.sh_name, 0);
-     }
- 
-+    if ( elf_check_broken(&syms) )
-+        DOMPRINTF("%s: symbols ELF broken: %s", __FUNCTION__,
-+                  elf_check_broken(&syms));
-+    if ( elf_check_broken(elf) )
-+        DOMPRINTF("%s: ELF broken: %s", __FUNCTION__,
-+                  elf_check_broken(elf));
-+
-     if ( tables == 0 )
-     {
-         DOMPRINTF("%s: no symbol table present", __FUNCTION__);
-@@ -312,19 +319,23 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
-     {
-         xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: ELF image"
-                      " has no shstrtab", __FUNCTION__);
--        return -EINVAL;
-+        rc = -EINVAL;
-+        goto out;
-     }
- 
-     /* parse binary and get xen meta info */
-     elf_parse_binary(elf);
-     if ( (rc = elf_xen_parse(elf, &dom->parms)) != 0 )
--        return rc;
-+    {
-+        goto out;
-+    }
- 
-     if ( elf_xen_feature_get(XENFEAT_dom0, dom->parms.f_required) )
-     {
-         xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: Kernel does not"
-                      " support unprivileged (DomU) operation", __FUNCTION__);
--        return -EINVAL;
-+        rc = -EINVAL;
-+        goto out;
-     }
- 
-     /* find kernel segment */
-@@ -338,7 +349,13 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
-     DOMPRINTF("%s: %s: 0x%" PRIx64 " -> 0x%" PRIx64 "",
-               __FUNCTION__, dom->guest_type,
-               dom->kernel_seg.vstart, dom->kernel_seg.vend);
--    return 0;
-+    rc = 0;
-+out:
-+    if ( elf_check_broken(elf) )
-+        DOMPRINTF("%s: ELF broken: %s", __FUNCTION__,
-+                  elf_check_broken(elf));
-+
-+    return rc;
- }
- 
- static int xc_dom_load_elf_kernel(struct xc_dom_image *dom)
-diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c
-index ccfd8b5..8165287 100644
---- a/tools/libxc/xc_hvm_build_x86.c
-+++ b/tools/libxc/xc_hvm_build_x86.c
-@@ -403,11 +403,16 @@ static int setup_guest(xc_interface *xch,
-         munmap(page0, PAGE_SIZE);
-     }
- 
-+    if ( elf_check_broken(&elf) )
-+        ERROR("HVM ELF broken: %s", elf_check_broken(&elf));
-+
-     free(page_array);
-     return 0;
- 
-  error_out:
-     free(page_array);
-+    if ( elf_check_broken(&elf) )
-+        ERROR("HVM ELF broken, failing: %s", elf_check_broken(&elf));
-     return -1;
- }
- 
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index cfae994..d1f7a30 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -301,6 +301,9 @@ int main(int argc, char **argv)
- 		printf("__xen_guest: %s\n",
-                        elf_strfmt(&elf, elf_section_start(&elf, shdr)));
- 
-+	if (elf_check_broken(&elf))
-+		printf("warning: broken ELF: %s\n", elf_check_broken(&elf));
-+
- 	return 0;
- }
- 
-diff --git a/xen/arch/arm/kernel.c b/xen/arch/arm/kernel.c
-index 2d56130..dec0519 100644
---- a/xen/arch/arm/kernel.c
-+++ b/xen/arch/arm/kernel.c
-@@ -146,6 +146,8 @@ static int kernel_try_elf_prepare(struct kernel_info *info)
- {
-     int rc;
- 
-+    memset(&info->elf.elf, 0, sizeof(info->elf.elf));
-+
-     info->kernel_order = get_order_from_bytes(KERNEL_FLASH_SIZE);
-     info->kernel_img = alloc_xenheap_pages(info->kernel_order, 0);
-     if ( info->kernel_img == NULL )
-@@ -160,7 +162,7 @@ static int kernel_try_elf_prepare(struct kernel_info *info)
- #endif
-     elf_parse_binary(&info->elf.elf);
-     if ( (rc = elf_xen_parse(&info->elf.elf, &info->elf.parms)) != 0 )
--        return rc;
-+        goto err;
- 
-     /*
-      * TODO: can the ELF header be used to find the physical address
-@@ -169,7 +171,18 @@ static int kernel_try_elf_prepare(struct kernel_info *info)
-     info->entry = info->elf.parms.virt_entry;
-     info->load = kernel_elf_load;
- 
-+    if ( elf_check_broken(&info->elf.elf) )
-+        printk("Xen: warning: ELF kernel broken: %s\n",
-+               elf_check_broken(&info->elf.elf));
-+
-     return 0;
-+
-+err:
-+    if ( elf_check_broken(&info->elf.elf) )
-+        printk("Xen: ELF kernel broken: %s\n",
-+               elf_check_broken(&info->elf.elf));
-+
-+    return rc;
- }
- 
- int kernel_prepare(struct kernel_info *info)
-diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
-index a655b21..0dbec96 100644
---- a/xen/arch/x86/domain_build.c
-+++ b/xen/arch/x86/domain_build.c
-@@ -374,7 +374,7 @@ int __init construct_dom0(
- #endif
-     elf_parse_binary(&elf);
-     if ( (rc = elf_xen_parse(&elf, &parms)) != 0 )
--        return rc;
-+        goto out;
- 
-     /* compatibility check */
-     compatible = 0;
-@@ -413,14 +413,16 @@ int __init construct_dom0(
-     if ( !compatible )
-     {
-         printk("Mismatch between Xen and DOM0 kernel\n");
--        return -EINVAL;
-+        rc = -EINVAL;
-+        goto out;
-     }
- 
-     if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE &&
-          !test_bit(XENFEAT_dom0, parms.f_supported) )
-     {
-         printk("Kernel does not support Dom0 operation\n");
--        return -EINVAL;
-+        rc = -EINVAL;
-+        goto out;
-     }
- 
- #if defined(__x86_64__)
-@@ -734,7 +736,8 @@ int __init construct_dom0(
-          (v_end > HYPERVISOR_COMPAT_VIRT_START(d)) )
-     {
-         printk("DOM0 image overlaps with Xen private area.\n");
--        return -EINVAL;
-+        rc = -EINVAL;
-+        goto out;
-     }
- 
-     if ( is_pv_32on64_domain(d) )
-@@ -914,7 +917,7 @@ int __init construct_dom0(
-     if ( rc < 0 )
-     {
-         printk("Failed to load the kernel binary\n");
--        return rc;
-+        goto out;
-     }
-     bootstrap_map(NULL);
- 
-@@ -925,7 +928,8 @@ int __init construct_dom0(
-         {
-             write_ptbase(current);
-             printk("Invalid HYPERCALL_PAGE field in ELF notes.\n");
--            return -1;
-+            rc = -1;
-+            goto out;
-         }
-         hypercall_page_initialise(
-             d, (void *)(unsigned long)parms.virt_hypercall);
-@@ -1272,9 +1276,19 @@ int __init construct_dom0(
- 
-     BUG_ON(rc != 0);
- 
--    iommu_dom0_init(dom0);
-+    if ( elf_check_broken(&elf) )
-+        printk(" Xen warning: dom0 kernel broken ELF: %s\n",
-+               elf_check_broken(&elf));
- 
-+    iommu_dom0_init(dom0);
-     return 0;
-+
-+out:
-+    if ( elf_check_broken(&elf) )
-+        printk(" Xen dom0 kernel broken ELF: %s\n",
-+               elf_check_broken(&elf));
-+
-+    return rc;
- }
- 
- /*
--- 
-1.7.2.5
-
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-14-XSA-55.patch

@@ -1,252 +0,0 @@
-From 3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:18 +0100
-Subject: [PATCH 14/23] libelf: use C99 bool for booleans
-
-We want to remove uses of "int" because signed integers have
-undesirable undefined behaviours on overflow.  Malicious compilers can
-turn apparently-correct code into code with security vulnerabilities
-etc.
-
-In this patch we change all the booleans in libelf to C99 bool,
-from <stdbool.h>.
-
-For the one visible libelf boolean in libxc's public interface we
-retain the use of int to avoid changing the ABI; libxc converts it to
-a bool for consumption by libelf.
-
-It is OK to change all values only ever used as booleans to _Bool
-(bool) because conversion from any scalar type to a _Bool works the
-same as the boolean test in if() or ?: and is always defined (C99
-6.3.1.2).  But we do need to check that all these variables really are
-only ever used that way.  (It is theoretically possible that the old
-code truncated some 64-bit values to 32-bit ints which might become
-zero depending on the value, which would mean a behavioural change in
-this patch, but it seems implausible that treating 0x????????00000000
-as false could have been intended.)
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
----
- tools/libxc/xc_dom_elfloader.c     |    8 ++++----
- xen/common/libelf/libelf-dominfo.c |    2 +-
- xen/common/libelf/libelf-loader.c  |    4 ++--
- xen/common/libelf/libelf-private.h |    2 +-
- xen/common/libelf/libelf-tools.c   |   10 +++++-----
- xen/include/xen/libelf.h           |   18 ++++++++++--------
- 6 files changed, 23 insertions(+), 21 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 4fb4da2..9ba64ae 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -34,7 +34,7 @@
- /* ------------------------------------------------------------------------ */
- 
- static void log_callback(struct elf_binary *elf, void *caller_data,
--                         int iserr, const char *fmt, va_list al) {
-+                         bool iserr, const char *fmt, va_list al) {
-     xc_interface *xch = caller_data;
- 
-     xc_reportv(xch,
-@@ -46,7 +46,7 @@ static void log_callback(struct elf_binary *elf, void *caller_data,
- 
- void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf,
-                         int verbose) {
--    elf_set_log(elf, log_callback, xch, verbose);
-+    elf_set_log(elf, log_callback, xch, verbose /* convert to bool */);
- }
- 
- /* ------------------------------------------------------------------------ */
-@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom,
- /* ------------------------------------------------------------------------ */
- /* parse elf binary                                                         */
- 
--static int check_elf_kernel(struct xc_dom_image *dom, int verbose)
-+static int check_elf_kernel(struct xc_dom_image *dom, bool verbose)
- {
-     if ( dom->kernel_blob == NULL )
-     {
-@@ -112,7 +112,7 @@ static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom)
- }
- 
- static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
--                                  struct elf_binary *elf, int load)
-+                                  struct elf_binary *elf, bool load)
- {
-     struct elf_binary syms;
-     ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2;
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 98c80dc..12b6c2a 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -101,7 +101,7 @@ int elf_xen_parse_note(struct elf_binary *elf,
- /* *INDENT-OFF* */
-     static const struct {
-         char *name;
--        int str;
-+        bool str;
-     } note_desc[] = {
-         [XEN_ELFNOTE_ENTRY] = { "ENTRY", 0},
-         [XEN_ELFNOTE_HYPERCALL_PAGE] = { "HYPERCALL_PAGE", 0},
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index f8be635..0dccd4d 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -92,7 +92,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size)
- }
- 
- #ifndef __XEN__
--void elf_call_log_callback(struct elf_binary *elf, int iserr,
-+void elf_call_log_callback(struct elf_binary *elf, bool iserr,
-                            const char *fmt,...) {
-     va_list al;
- 
-@@ -107,7 +107,7 @@ void elf_call_log_callback(struct elf_binary *elf, int iserr,
- }
-     
- void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
--                 void *log_caller_data, int verbose)
-+                 void *log_caller_data, bool verbose)
- {
-     elf->log_callback = log_callback;
-     elf->log_caller_data = log_caller_data;
-diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h
-index 280dfd1..277be04 100644
---- a/xen/common/libelf/libelf-private.h
-+++ b/xen/common/libelf/libelf-private.h
-@@ -77,7 +77,7 @@
- #define elf_err(elf, fmt, args ... )                    \
-     elf_call_log_callback(elf, 1, fmt , ## args );
- 
--void elf_call_log_callback(struct elf_binary*, int iserr, const char *fmt,...);
-+void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...);
- 
- #define safe_strcpy(d,s)                        \
- do { strncpy((d),(s),sizeof((d))-1);            \
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 744027e..fa58f76 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -31,7 +31,7 @@ const char *elf_check_broken(const struct elf_binary *elf)
-     return elf->broken;
- }
- 
--static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-+static bool elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-                                const void *region, uint64_t regionsize)
-     /*
-      * Returns true if the putative memory area [ptrval,ptrval+size>
-@@ -53,7 +53,7 @@ static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-     return 1;
- }
- 
--int elf_access_ok(struct elf_binary * elf,
-+bool elf_access_ok(struct elf_binary * elf,
-                   uint64_t ptrval, size_t size)
- {
-     if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) )
-@@ -92,7 +92,7 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base,
-                              uint64_t moreoffset, size_t size)
- {
-     elf_ptrval ptrval = base + moreoffset;
--    int need_swap = elf_swap(elf);
-+    bool need_swap = elf_swap(elf);
-     const uint8_t *u8;
-     const uint16_t *u16;
-     const uint32_t *u32;
-@@ -332,7 +332,7 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(
- 
- /* ------------------------------------------------------------------------ */
- 
--int elf_is_elfbinary(const void *image_start, size_t image_size)
-+bool elf_is_elfbinary(const void *image_start, size_t image_size)
- {
-     const Elf32_Ehdr *ehdr = image_start;
- 
-@@ -342,7 +342,7 @@ int elf_is_elfbinary(const void *image_start, size_t image_size)
-     return IS_ELF(*ehdr);
- }
- 
--int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
-+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-     uint64_t p_type = elf_uval(elf, phdr, p_type);
-     uint64_t p_flags = elf_uval(elf, phdr, p_flags);
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index ac93858..951430f 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -29,6 +29,8 @@
- #error define architectural endianness
- #endif
- 
-+#include <stdbool.h>
-+
- #undef ELFSIZE
- #include "elfstructs.h"
- #ifdef __XEN__
-@@ -42,7 +44,7 @@
- 
- struct elf_binary;
- typedef void elf_log_callback(struct elf_binary*, void *caller_data,
--                              int iserr, const char *fmt, va_list al);
-+                              bool iserr, const char *fmt, va_list al);
- 
- #endif
- 
-@@ -237,7 +239,7 @@ struct elf_binary {
-     elf_log_callback *log_callback;
-     void *log_caller_data;
- #endif
--    int verbose;
-+    bool verbose;
-     const char *broken;
- };
- 
-@@ -301,8 +303,8 @@ void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t);
-    * outside permitted areas.
-    */
- 
--int elf_access_ok(struct elf_binary * elf,
--                  uint64_t ptrval, size_t size);
-+bool elf_access_ok(struct elf_binary * elf,
-+                   uint64_t ptrval, size_t size);
- 
- #define elf_store_val(elf, type, ptr, val)                              \
-     ({                                                                  \
-@@ -351,9 +353,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
- ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- 
- /* (Only) checks that the image has the right magic number. */
--int elf_is_elfbinary(const void *image_start, size_t image_size);
-+bool elf_is_elfbinary(const void *image_start, size_t image_size);
- 
--int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
- 
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_loader.c                                                       */
-@@ -367,7 +369,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size);
- void elf_set_verbose(struct elf_binary *elf);
- #else
- void elf_set_log(struct elf_binary *elf, elf_log_callback*,
--                 void *log_caller_pointer, int verbose);
-+                 void *log_caller_pointer, bool verbose);
- #endif
- 
- void elf_parse_binary(struct elf_binary *elf);
-@@ -419,7 +421,7 @@ struct elf_dom_parms {
-     char xen_ver[16];
-     char loader[16];
-     int pae;
--    int bsd_symtab;
-+    bool bsd_symtab;
-     uint64_t virt_base;
-     uint64_t virt_entry;
-     uint64_t virt_hypercall;
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-16-XSA-55.patch

@@ -1,409 +0,0 @@
-From 52d8cc2dd3bb3e0f6d51e00280da934e8d91653a Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:18 +0100
-Subject: [PATCH 16/23] libelf: check loops for running away
-
-Ensure that libelf does not have any loops which can run away
-indefinitely even if the input is bogus.  (Grepped for \bfor, \bwhile
-and \bgoto in libelf and xc_dom_*loader*.c.)
-
-Changes needed:
- * elf_note_next uses the note's unchecked alleged length, which might
-   wrap round.  If it does, return ELF_MAX_PTRVAL (0xfff..fff) instead,
-   which will be beyond the end of the section and so terminate the
-   caller's loop.  Also check that the returned psuedopointer is sane.
- * In various loops over section and program headers, check that the
-   calculated header pointer is still within the image, and quit the
-   loop if it isn't.
- * Some fixed limits to avoid potentially O(image_size^2) loops:
-    - maximum length of strings: 4K (longer ones ignored totally)
-    - maximum total number of ELF notes: 65536 (any more are ignored)
- * Check that the total program contents (text, data) we copy or
-   initialise doesn't exceed twice the output image area size.
- * Remove an entirely useless loop from elf_xen_parse (!)
- * Replace a nested search loop in in xc_dom_load_elf_symtab in
-   xc_dom_elfloader.c by a precomputation of a bitmap of referenced
-   symtabs.
-
-We have not changed loops which might, in principle, iterate over the
-whole image - even if they might do so one byte at a time with a
-nontrivial access check function in the middle.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/xc_dom_elfloader.c     |   33 ++++++++++++++++++-------
- xen/common/libelf/libelf-dominfo.c |   43 ++++++++++++++++++++------------
- xen/common/libelf/libelf-loader.c  |   47 ++++++++++++++++++++++++++++++++++-
- xen/common/libelf/libelf-tools.c   |   28 ++++++++++++++++++++-
- xen/include/xen/libelf.h           |   13 ++++++++++
- 5 files changed, 135 insertions(+), 29 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 62a0d3b..c5014d2 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -28,6 +28,7 @@
- 
- #include "xg_private.h"
- #include "xc_dom.h"
-+#include "xc_bitops.h"
- 
- #define XEN_VER "xen-3.0"
- 
-@@ -120,6 +121,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-     ELF_PTRVAL_CHAR hdr;
-     size_t size;
-     unsigned h, count, type, i, tables = 0;
-+    unsigned long *strtab_referenced = NULL;
- 
-     if ( elf_swap(elf) )
-     {
-@@ -220,22 +222,35 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-               symtab, maxaddr);
- 
-     count = elf_shdr_count(&syms);
-+    /* elf_shdr_count guarantees that count is reasonable */
-+
-+    strtab_referenced = xc_dom_malloc(dom, bitmap_size(count));
-+    if ( strtab_referenced == NULL )
-+        return -1;
-+    bitmap_clear(strtab_referenced, count);
-+    /* Note the symtabs @h linked to by any strtab @i. */
-+    for ( i = 0; i < count; i++ )
-+    {
-+        shdr2 = elf_shdr_by_index(&syms, i);
-+        if ( elf_uval(&syms, shdr2, sh_type) == SHT_SYMTAB )
-+        {
-+            h = elf_uval(&syms, shdr2, sh_link);
-+            if (h < count)
-+                set_bit(h, strtab_referenced);
-+        }
-+    }
-+
-     for ( h = 0; h < count; h++ )
-     {
-         shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-+            /* input has an insane section header count field */
-+            break;
-         type = elf_uval(&syms, shdr, sh_type);
-         if ( type == SHT_STRTAB )
-         {
--            /* Look for a strtab @i linked to symtab @h. */
--            for ( i = 0; i < count; i++ )
--            {
--                shdr2 = elf_shdr_by_index(&syms, i);
--                if ( (elf_uval(&syms, shdr2, sh_type) == SHT_SYMTAB) &&
--                     (elf_uval(&syms, shdr2, sh_link) == h) )
--                    break;
--            }
-             /* Skip symtab @h if we found no corresponding strtab @i. */
--            if ( i == count )
-+            if ( !test_bit(h, strtab_referenced) )
-             {
-                 if ( elf_64bit(&syms) )
-                     elf_store_field(elf, shdr, e64.sh_offset, 0);
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index cdd0d31..25a10d7 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -221,7 +221,8 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf,
- static unsigned elf_xen_parse_notes(struct elf_binary *elf,
-                                struct elf_dom_parms *parms,
-                                ELF_PTRVAL_CONST_VOID start,
--                               ELF_PTRVAL_CONST_VOID end)
-+                               ELF_PTRVAL_CONST_VOID end,
-+                               unsigned *total_note_count)
- {
-     unsigned xen_elfnotes = 0;
-     ELF_HANDLE_DECL(elf_note) note;
-@@ -233,6 +234,12 @@ static unsigned elf_xen_parse_notes(struct elf_binary *elf,
-           ELF_HANDLE_PTRVAL(note) < parms->elf_note_end;
-           note = elf_note_next(elf, note) )
-     {
-+        if ( *total_note_count >= ELF_MAX_TOTAL_NOTE_COUNT )
-+        {
-+            elf_mark_broken(elf, "too many ELF notes");
-+            break;
-+        }
-+        (*total_note_count)++;
-         note_name = elf_note_name(elf, note);
-         if ( note_name == NULL )
-             continue;
-@@ -473,6 +480,7 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf,
-     ELF_HANDLE_DECL(elf_phdr) phdr;
-     unsigned xen_elfnotes = 0;
-     unsigned i, count, more_notes;
-+    unsigned total_note_count = 0;
- 
-     elf_memset_unchecked(parms, 0, sizeof(*parms));
-     parms->virt_base = UNSET_ADDR;
-@@ -487,6 +495,9 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf,
-     for ( i = 0; i < count; i++ )
-     {
-         phdr = elf_phdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) )
-+            /* input has an insane program header count field */
-+            break;
-         if ( elf_uval(elf, phdr, p_type) != PT_NOTE )
-             continue;
- 
-@@ -499,7 +510,8 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf,
- 
-         more_notes = elf_xen_parse_notes(elf, parms,
-                                  elf_segment_start(elf, phdr),
--                                 elf_segment_end(elf, phdr));
-+                                 elf_segment_end(elf, phdr),
-+                                 &total_note_count);
-         if ( more_notes == ELF_NOTE_INVALID )
-             return -1;
- 
-@@ -516,13 +528,17 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf,
-         for ( i = 0; i < count; i++ )
-         {
-             shdr = elf_shdr_by_index(elf, i);
-+            if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-+                /* input has an insane section header count field */
-+                break;
- 
-             if ( elf_uval(elf, shdr, sh_type) != SHT_NOTE )
-                 continue;
- 
-             more_notes = elf_xen_parse_notes(elf, parms,
-                                      elf_section_start(elf, shdr),
--                                     elf_section_end(elf, shdr));
-+                                     elf_section_end(elf, shdr),
-+                                     &total_note_count);
- 
-             if ( more_notes == ELF_NOTE_INVALID )
-                 return -1;
-@@ -540,20 +556,15 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf,
-      */
-     if ( xen_elfnotes == 0 )
-     {
--        count = elf_shdr_count(elf);
--        for ( i = 0; i < count; i++ )
-+        shdr = elf_shdr_by_name(elf, "__xen_guest");
-+        if ( ELF_HANDLE_VALID(shdr) )
-         {
--            shdr = elf_shdr_by_name(elf, "__xen_guest");
--            if ( ELF_HANDLE_VALID(shdr) )
--            {
--                parms->guest_info = elf_section_start(elf, shdr);
--                parms->elf_note_start = ELF_INVALID_PTRVAL;
--                parms->elf_note_end   = ELF_INVALID_PTRVAL;
--                elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__,
--                        elf_strfmt(elf, parms->guest_info));
--                elf_xen_parse_guest_info(elf, parms);
--                break;
--            }
-+            parms->guest_info = elf_section_start(elf, shdr);
-+            parms->elf_note_start = ELF_INVALID_PTRVAL;
-+            parms->elf_note_end   = ELF_INVALID_PTRVAL;
-+            elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__,
-+                    elf_strfmt(elf, parms->guest_info));
-+            elf_xen_parse_guest_info(elf, parms);
-         }
-     }
- 
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index c3a9e51..06799af 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -75,6 +75,9 @@ elf_errorstatus elf_init(struct elf_binary *elf, const char *image_input, size_t
-     for ( i = 0; i < count; i++ )
-     {
-         shdr = elf_shdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-+            /* input has an insane section header count field */
-+            break;
-         if ( elf_uval(elf, shdr, sh_type) != SHT_SYMTAB )
-             continue;
-         elf->sym_tab = shdr;
-@@ -170,6 +173,9 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
-     for ( i = 0; i < elf_shdr_count(elf); i++ )
-     {
-         shdr = elf_shdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-+            /* input has an insane section header count field */
-+            break;
-         type = elf_uval(elf, shdr, sh_type);
-         if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) )
-             sz = elf_round_up(elf, sz + elf_uval(elf, shdr, sh_size));
-@@ -224,6 +230,9 @@ do {                                            \
- 
-     for ( i = 0; i < elf_shdr_count(elf); i++ )
-     {
-+        elf_ptrval old_shdr_p;
-+        elf_ptrval new_shdr_p;
-+
-         type = elf_uval(elf, shdr, sh_type);
-         if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) )
-         {
-@@ -235,8 +244,16 @@ do {                                            \
-              elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr);
-              maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz);
-         }
--        shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) +
--                            (unsigned long)elf_uval(elf, elf->ehdr, e_shentsize));
-+        old_shdr_p = ELF_HANDLE_PTRVAL(shdr);
-+        new_shdr_p = old_shdr_p + elf_uval(elf, elf->ehdr, e_shentsize);
-+        if ( new_shdr_p <= old_shdr_p ) /* wrapped or stuck */
-+        {
-+            elf_mark_broken(elf, "bad section header length");
-+            break;
-+        }
-+        if ( !elf_access_ok(elf, new_shdr_p, 1) ) /* outside image */
-+            break;
-+        shdr = ELF_MAKE_HANDLE(elf_shdr, new_shdr_p);
-     }
- 
-     /* Write down the actual sym size. */
-@@ -256,6 +273,9 @@ void elf_parse_binary(struct elf_binary *elf)
-     for ( i = 0; i < count; i++ )
-     {
-         phdr = elf_phdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) )
-+            /* input has an insane program header count field */
-+            break;
-         if ( !elf_phdr_is_loadable(elf, phdr) )
-             continue;
-         paddr = elf_uval(elf, phdr, p_paddr);
-@@ -278,11 +298,20 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
-     ELF_HANDLE_DECL(elf_phdr) phdr;
-     uint64_t i, count, paddr, offset, filesz, memsz;
-     ELF_PTRVAL_VOID dest;
-+    /*
-+     * Let bizarre ELFs write the output image up to twice; this
-+     * calculation is just to ensure our copying loop is no worse than
-+     * O(domain_size).
-+     */
-+    uint64_t remain_allow_copy = (uint64_t)elf->dest_size * 2;
- 
-     count = elf_uval(elf, elf->ehdr, e_phnum);
-     for ( i = 0; i < count; i++ )
-     {
-         phdr = elf_phdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(phdr), 1) )
-+            /* input has an insane program header count field */
-+            break;
-         if ( !elf_phdr_is_loadable(elf, phdr) )
-             continue;
-         paddr = elf_uval(elf, phdr, p_paddr);
-@@ -290,6 +319,20 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
-         filesz = elf_uval(elf, phdr, p_filesz);
-         memsz = elf_uval(elf, phdr, p_memsz);
-         dest = elf_get_ptr(elf, paddr);
-+
-+        /*
-+         * We need to check that the input image doesn't have us copy
-+         * the whole image zillions of times, as that could lead to
-+         * O(n^2) time behaviour and possible DoS by a malicous ELF.
-+         */
-+        if ( remain_allow_copy < memsz )
-+        {
-+            elf_mark_broken(elf, "program segments total to more"
-+                            " than the input image size");
-+            break;
-+        }
-+        remain_allow_copy -= memsz;
-+
-         elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n",
-                 __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz));
-         if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 )
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 46d4ab1..4a83133 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -131,7 +131,16 @@ uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr)
- 
- unsigned elf_shdr_count(struct elf_binary *elf)
- {
--    return elf_uval(elf, elf->ehdr, e_shnum);
-+    unsigned count = elf_uval(elf, elf->ehdr, e_shnum);
-+    uint64_t max = elf->size / sizeof(Elf32_Shdr);
-+    if (max > ~(unsigned)0)
-+        max = ~(unsigned)0; /* Xen doesn't have limits.h :-/ */
-+    if (count > max)
-+    {
-+        elf_mark_broken(elf, "far too many section headers");
-+        count = max;
-+    }
-+    return count;
- }
- 
- unsigned elf_phdr_count(struct elf_binary *elf)
-@@ -149,6 +158,9 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n
-     for ( i = 0; i < count; i++ )
-     {
-         shdr = elf_shdr_by_index(elf, i);
-+        if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-+            /* input has an insane section header count field */
-+            break;
-         sname = elf_section_name(elf, shdr);
-         if ( sname && !strcmp(sname, name) )
-             return shdr;
-@@ -204,6 +216,11 @@ const char *elf_strval(struct elf_binary *elf, elf_ptrval start)
-         if ( !elf_access_unsigned(elf, start, length, 1) )
-             /* ok */
-             return ELF_UNSAFE_PTR(start);
-+        if ( length >= ELF_MAX_STRING_LENGTH )
-+        {
-+            elf_mark_broken(elf, "excessively long string");
-+            return NULL;
-+        }
-     }
- }
- 
-@@ -327,7 +344,14 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(
-     unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-     unsigned descsz = (elf_uval(elf, note, descsz) + 3) & ~3;
- 
--    return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz);
-+    elf_ptrval ptrval = ELF_HANDLE_PTRVAL(note)
-+        + elf_size(elf, note) + namesz + descsz;
-+
-+    if ( ( ptrval <= ELF_HANDLE_PTRVAL(note) || /* wrapped or stuck */
-+           !elf_access_ok(elf, ELF_HANDLE_PTRVAL(note), 1) ) )
-+        ptrval = ELF_MAX_PTRVAL; /* terminate caller's loop */
-+
-+    return ELF_MAKE_HANDLE(elf_note, ptrval);
- }
- 
- /* ------------------------------------------------------------------------ */
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index 87e126a..f95fe88 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -51,6 +51,9 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
- 
- #endif
- 
-+#define ELF_MAX_STRING_LENGTH 4096
-+#define ELF_MAX_TOTAL_NOTE_COUNT 65536
-+
- /* ------------------------------------------------------------------------ */
- 
- /* Macros for accessing the input image and output area. */
-@@ -353,6 +356,16 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_
- uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
-                                 unsigned int unitsz, unsigned int idx);
-+
-+/*
-+ * If you use elf_note_next in a loop, you must put a nontrivial upper
-+ * bound on the returned value as part of your loop condition.  In
-+ * some cases elf_note_next will substitute ELF_PTRVAL_MAX as return
-+ * value to indicate that the iteration isn't going well (for example,
-+ * the putative "next" value would be earlier in memory).  In this
-+ * case the caller's loop must terminate.  Checking against the
-+ * end of the notes segment with a strict inequality is sufficient.
-+ */
- ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- 
- /* (Only) checks that the image has the right magic number. */
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-17-XSA-55.patch

@@ -1,406 +0,0 @@
-From 3baaa4ffcd3e7dd6227f9bdf817f90e5b75aeda2 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:19 +0100
-Subject: [PATCH 17/23] libelf: abolish obsolete macros
-
-Abolish ELF_PTRVAL_[CONST_]{CHAR,VOID}; change uses to elf_ptrval.
-Abolish ELF_HANDLE_DECL_NONCONST; change uses to ELF_HANDLE_DECL.
-Abolish ELF_OBSOLETE_VOIDP_CAST; simply remove all uses.
-
-No functional change.  (Verified by diffing assembler output.)
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-
-v2: New patch.
----
- tools/libxc/xc_dom_elfloader.c     |    8 +++---
- tools/xcutils/readnotes.c          |    2 +-
- xen/common/libelf/libelf-dominfo.c |    6 ++--
- xen/common/libelf/libelf-loader.c  |   24 +++++++++---------
- xen/common/libelf/libelf-tools.c   |   24 +++++++++---------
- xen/include/xen/libelf.h           |   48 +++++++++---------------------------
- 6 files changed, 44 insertions(+), 68 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index c5014d2..9fc4b94 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -116,9 +116,9 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-                                   struct elf_binary *elf, bool load)
- {
-     struct elf_binary syms;
--    ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2;
-+    ELF_HANDLE_DECL(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2;
-     xen_vaddr_t symtab, maxaddr;
--    ELF_PTRVAL_CHAR hdr;
-+    elf_ptrval hdr;
-     size_t size;
-     unsigned h, count, type, i, tables = 0;
-     unsigned long *strtab_referenced = NULL;
-@@ -242,7 +242,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- 
-     for ( h = 0; h < count; h++ )
-     {
--        shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h);
-+        shdr = elf_shdr_by_index(&syms, h);
-         if ( !elf_access_ok(elf, ELF_HANDLE_PTRVAL(shdr), 1) )
-             /* input has an insane section header count field */
-             break;
-@@ -278,7 +278,7 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-             if ( load )
-             {
-                 shdr2 = elf_shdr_by_index(elf, h);
--                elf_memcpy_safe(elf, ELF_OBSOLETE_VOIDP_CAST elf_section_start(&syms, shdr),
-+                elf_memcpy_safe(elf, elf_section_start(&syms, shdr),
-                        elf_section_start(elf, shdr2),
-                        size);
-             }
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index 2ca7732..5fa445e 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -80,7 +80,7 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf,
- 				    ELF_HANDLE_DECL(elf_note) note)
- {
- 	unsigned descsz = elf_uval(elf, note, descsz);
--	ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-+	elf_ptrval desc = elf_note_desc(elf, note);
- 
- 	/* XXX should be able to cope with a list of values. */
- 	switch ( descsz / 2 )
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 25a10d7..412ea70 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -220,8 +220,8 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf,
- 
- static unsigned elf_xen_parse_notes(struct elf_binary *elf,
-                                struct elf_dom_parms *parms,
--                               ELF_PTRVAL_CONST_VOID start,
--                               ELF_PTRVAL_CONST_VOID end,
-+                               elf_ptrval start,
-+                               elf_ptrval end,
-                                unsigned *total_note_count)
- {
-     unsigned xen_elfnotes = 0;
-@@ -258,7 +258,7 @@ static unsigned elf_xen_parse_notes(struct elf_binary *elf,
- elf_errorstatus elf_xen_parse_guest_info(struct elf_binary *elf,
-                              struct elf_dom_parms *parms)
- {
--    ELF_PTRVAL_CONST_CHAR h;
-+    elf_ptrval h;
-     unsigned char name[32], value[128];
-     unsigned len;
- 
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index 06799af..e2e75af 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -118,7 +118,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
- }
- 
- static elf_errorstatus elf_load_image(struct elf_binary *elf,
--                          ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src,
-+                          elf_ptrval dst, elf_ptrval src,
-                           uint64_t filesz, uint64_t memsz)
- {
-     elf_memcpy_safe(elf, dst, src, filesz);
-@@ -132,7 +132,7 @@ void elf_set_verbose(struct elf_binary *elf)
-     elf->verbose = 1;
- }
- 
--static elf_errorstatus elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz)
-+static elf_errorstatus elf_load_image(struct elf_binary *elf, elf_ptrval dst, elf_ptrval src, uint64_t filesz, uint64_t memsz)
- {
-     elf_errorstatus rc;
-     if ( filesz > ULONG_MAX || memsz > ULONG_MAX )
-@@ -187,12 +187,12 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
- 
- static void elf_load_bsdsyms(struct elf_binary *elf)
- {
--    ELF_HANDLE_DECL_NONCONST(elf_ehdr) sym_ehdr;
-+    ELF_HANDLE_DECL(elf_ehdr) sym_ehdr;
-     unsigned long sz;
--    ELF_PTRVAL_VOID maxva;
--    ELF_PTRVAL_VOID symbase;
--    ELF_PTRVAL_VOID symtab_addr;
--    ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr;
-+    elf_ptrval maxva;
-+    elf_ptrval symbase;
-+    elf_ptrval symtab_addr;
-+    ELF_HANDLE_DECL(elf_shdr) shdr;
-     unsigned i, type;
- 
-     if ( !elf->bsd_symtab_pstart )
-@@ -226,7 +226,7 @@ do {                                            \
-     elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr),
-                     ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff),
-                     sz);
--    maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz);
-+    maxva = elf_round_up(elf, (unsigned long)maxva + sz);
- 
-     for ( i = 0; i < elf_shdr_count(elf); i++ )
-     {
-@@ -242,7 +242,7 @@ do {                                            \
-              elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz);
-              /* Mangled to be based on ELF header location. */
-              elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr);
--             maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz);
-+             maxva = elf_round_up(elf, (unsigned long)maxva + sz);
-         }
-         old_shdr_p = ELF_HANDLE_PTRVAL(shdr);
-         new_shdr_p = old_shdr_p + elf_uval(elf, elf->ehdr, e_shentsize);
-@@ -297,7 +297,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
- {
-     ELF_HANDLE_DECL(elf_phdr) phdr;
-     uint64_t i, count, paddr, offset, filesz, memsz;
--    ELF_PTRVAL_VOID dest;
-+    elf_ptrval dest;
-     /*
-      * Let bizarre ELFs write the output image up to twice; this
-      * calculation is just to ensure our copying loop is no worse than
-@@ -334,7 +334,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
-         remain_allow_copy -= memsz;
- 
-         elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n",
--                __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz));
-+                __func__, i, dest, (elf_ptrval)(dest + filesz));
-         if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 )
-             return -1;
-     }
-@@ -343,7 +343,7 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
-     return 0;
- }
- 
--ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr)
-+elf_ptrval elf_get_ptr(struct elf_binary *elf, unsigned long addr)
- {
-     return ELF_REALPTR2PTRVAL(elf->dest_base) + addr - elf->pstart;
- }
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 4a83133..e202249 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -171,7 +171,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n
- ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index)
- {
-     uint64_t count = elf_shdr_count(elf);
--    ELF_PTRVAL_CONST_VOID ptr;
-+    elf_ptrval ptr;
- 
-     if ( index >= count )
-         return ELF_INVALID_HANDLE(elf_shdr);
-@@ -185,7 +185,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned ind
- ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index)
- {
-     uint64_t count = elf_uval(elf, elf->ehdr, e_phnum);
--    ELF_PTRVAL_CONST_VOID ptr;
-+    elf_ptrval ptr;
- 
-     if ( index >= count )
-         return ELF_INVALID_HANDLE(elf_phdr);
-@@ -233,24 +233,24 @@ const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start)
-     return str;
- }
- 
--ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
-+elf_ptrval elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
- {
-     return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset);
- }
- 
--ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
-+elf_ptrval elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
- {
-     return ELF_IMAGE_BASE(elf)
-         + elf_uval(elf, shdr, sh_offset) + elf_uval(elf, shdr, sh_size);
- }
- 
--ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
-+elf_ptrval elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-     return ELF_IMAGE_BASE(elf)
-         + elf_uval(elf, phdr, p_offset);
- }
- 
--ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
-+elf_ptrval elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-     return ELF_IMAGE_BASE(elf)
-         + elf_uval(elf, phdr, p_offset) + elf_uval(elf, phdr, p_filesz);
-@@ -258,8 +258,8 @@ ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(el
- 
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol)
- {
--    ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab);
--    ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab);
-+    elf_ptrval ptr = elf_section_start(elf, elf->sym_tab);
-+    elf_ptrval end = elf_section_end(elf, elf->sym_tab);
-     ELF_HANDLE_DECL(elf_sym) sym;
-     uint64_t info, name;
-     const char *sym_name;
-@@ -283,7 +283,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym
- 
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index)
- {
--    ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab);
-+    elf_ptrval ptr = elf_section_start(elf, elf->sym_tab);
-     ELF_HANDLE_DECL(elf_sym) sym;
- 
-     sym = ELF_MAKE_HANDLE(elf_sym, ptr + index * elf_size(elf, sym));
-@@ -295,7 +295,7 @@ const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note
-     return elf_strval(elf, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note));
- }
- 
--ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
-+elf_ptrval elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
-     unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
- 
-@@ -304,7 +304,7 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_
- 
- uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
--    ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-+    elf_ptrval desc = elf_note_desc(elf, note);
-     unsigned descsz = elf_uval(elf, note, descsz);
- 
-     switch (descsz)
-@@ -322,7 +322,7 @@ uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note
- uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note,
-                                 unsigned int unitsz, unsigned int idx)
- {
--    ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-+    elf_ptrval desc = elf_note_desc(elf, note);
-     unsigned descsz = elf_uval(elf, note, descsz);
- 
-     if ( descsz % unitsz || idx >= descsz / unitsz )
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index f95fe88..174f8da 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -61,13 +61,8 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
- /*
-  * We abstract away the pointerness of these pointers, replacing
-  * various void*, char* and struct* with the following:
-- *   PTRVAL      A pointer to a byte; one can do pointer arithmetic
-+ *   elf_ptrval  A pointer to a byte; one can do pointer arithmetic
-  *               on this.
-- *               This replaces variables which were char*,void*
-- *               and their const versions, so we provide four
-- *               different obsolete declaration macros:
-- *                   ELF_PTRVAL_{,CONST}{VOID,CHAR}
-- *               New code can simply use the elf_ptrval typedef.
-  *   HANDLE      A pointer to a struct.  There is one of these types
-  *               for each pointer type - that is, for each "structname".
-  *               In the arguments to the various HANDLE macros, structname
-@@ -76,8 +71,6 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
-  *               pointers.  In the current code attempts to do so will
-  *               compile, but in the next patch this will become a
-  *               compile error.
-- *               We also provide a second declaration macro for
-- *               pointers which were to const; this is obsolete.
-  */
- 
- typedef uintptr_t elf_ptrval;
-@@ -85,15 +78,9 @@ typedef uintptr_t elf_ptrval;
- #define ELF_REALPTR2PTRVAL(realpointer) ((elf_ptrval)(realpointer))
-   /* Converts an actual C pointer into a PTRVAL */
- 
--#define ELF_HANDLE_DECL_NONCONST(structname) structname##_handle /*obsolete*/
- #define ELF_HANDLE_DECL(structname)          structname##_handle
-   /* Provides a type declaration for a HANDLE. */
- 
--#define ELF_PTRVAL_VOID              elf_ptrval /*obsolete*/
--#define ELF_PTRVAL_CHAR              elf_ptrval /*obsolete*/
--#define ELF_PTRVAL_CONST_VOID        elf_ptrval /*obsolete*/
--#define ELF_PTRVAL_CONST_CHAR        elf_ptrval /*obsolete*/
--
- #ifdef __XEN__
- # define ELF_PRPTRVAL "lu"
-   /*
-@@ -124,17 +111,6 @@ typedef uintptr_t elf_ptrval;
- #define ELF_HANDLE_PTRVAL(handleval)      ((handleval).ptrval)
-   /* Converts a HANDLE to a PTRVAL. */
- 
--#define ELF_OBSOLETE_VOIDP_CAST /*empty*/
--  /*
--   * In some places the old code used to need to
--   *  - cast away const (the existing code uses const a fair
--   *    bit but actually sometimes wants to write to its input)
--   *    from a PTRVAL.
--   *  - convert an integer representing a pointer to a PTRVAL
--   * Nowadays all of these re uintptr_ts so there is no const problem
--   * and no need for any casting.
--   */
--
- #define ELF_UNSAFE_PTR(ptrval) ((void*)(elf_ptrval)(ptrval))
-   /*
-    * Turns a PTRVAL into an actual C pointer.  Before this is done
-@@ -212,7 +188,7 @@ struct elf_binary {
-     char data;
- 
-     ELF_HANDLE_DECL(elf_ehdr) ehdr;
--    ELF_PTRVAL_CONST_CHAR sec_strtab;
-+    elf_ptrval sec_strtab;
-     ELF_HANDLE_DECL(elf_shdr) sym_tab;
-     uint64_t sym_strtab;
- 
-@@ -290,7 +266,7 @@ struct elf_binary {
-    * str should be a HANDLE.
-    */
- 
--uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr,
-+uint64_t elf_access_unsigned(struct elf_binary *elf, elf_ptrval ptr,
-                              uint64_t offset, size_t size);
-   /* Reads a field at arbitrary offset and alignemnt */
- 
-@@ -342,17 +318,17 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned ind
- ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index);
- 
- const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */
--ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
--ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-+elf_ptrval elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-+elf_ptrval elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
- 
--ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
--ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-+elf_ptrval elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-+elf_ptrval elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
- 
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol);
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index);
- 
- const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */
--ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-+elf_ptrval elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
-                                 unsigned int unitsz, unsigned int idx);
-@@ -391,7 +367,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*,
- void elf_parse_binary(struct elf_binary *elf);
- elf_errorstatus elf_load_binary(struct elf_binary *elf);
- 
--ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr);
-+elf_ptrval elf_get_ptr(struct elf_binary *elf, unsigned long addr);
- uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol);
- 
- void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */
-@@ -426,9 +402,9 @@ struct xen_elfnote {
- 
- struct elf_dom_parms {
-     /* raw */
--    ELF_PTRVAL_CONST_CHAR guest_info;
--    ELF_PTRVAL_CONST_VOID elf_note_start;
--    ELF_PTRVAL_CONST_VOID elf_note_end;
-+    elf_ptrval guest_info;
-+    elf_ptrval elf_note_start;
-+    elf_ptrval elf_note_end;
-     struct xen_elfnote elf_notes[XEN_ELFNOTE_MAX + 1];
- 
-     /* parsed */
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-18to19-XSA-55.patch

@@ -1,450 +0,0 @@
-From b06e277b1fc08c7da3befeb3ac3950e1d941585d Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:19 +0100
-Subject: [PATCH 18/23] libxc: Add range checking to xc_dom_binloader
-
-This is a simple binary image loader with its own metadata format.
-However, it is too careless with image-supplied values.
-
-Add the following checks:
-
- * That the image is bigger than the metadata table; otherwise the
-   pointer arithmetic to calculate the metadata table location may
-   yield undefined and dangerous values.
-
- * When clamping the end of the region to search, that we do not
-   calculate pointers beyond the end of the image.  The C
-   specification does not permit this and compilers are becoming ever
-   more determined to miscompile code when they can "prove" various
-   falsehoods based on assertions from the C spec.
-
- * That the supplied image is big enough for the text we are allegedly
-   copying from it.  Otherwise we might have a read overrun and copy
-   the results (perhaps a lot of secret data) into the guest.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/xc_dom_binloader.c |   15 +++++++++++++--
- 1 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c
-index bde93f7..8596a28 100644
---- a/tools/libxc/xc_dom_binloader.c
-+++ b/tools/libxc/xc_dom_binloader.c
-@@ -123,10 +123,13 @@ static struct xen_bin_image_table *find_table(struct xc_dom_image *dom)
-     uint32_t *probe_ptr;
-     uint32_t *probe_end;
- 
-+    if ( dom->kernel_size < sizeof(*table) )
-+        return NULL;
-     probe_ptr = dom->kernel_blob;
--    probe_end = dom->kernel_blob + dom->kernel_size - sizeof(*table);
--    if ( (void*)probe_end > (dom->kernel_blob + 8192) )
-+    if ( dom->kernel_size > (8192 + sizeof(*table)) )
-         probe_end = dom->kernel_blob + 8192;
-+    else
-+        probe_end = dom->kernel_blob + dom->kernel_size - sizeof(*table);
- 
-     for ( table = NULL; probe_ptr < probe_end; probe_ptr++ )
-     {
-@@ -282,6 +285,14 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom)
-         return -EINVAL;
-     }
- 
-+    if ( image_size < skip ||
-+         image_size - skip < text_size )
-+    {
-+        DOMPRINTF("%s: image is too small for declared text size",
-+                  __FUNCTION__);
-+        return -EINVAL;
-+    }
-+
-     memcpy(dest, image + skip, text_size);
-     memset(dest + text_size, 0, bss_size);
- 
--- 
-1.7.2.5
-#From 77c0829fa751f052f7b8ec08287aef6e7ba97bc5 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:19 +0100
-#Subject: [PATCH 19/23] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
-#
-#The return values from xc_dom_*_to_ptr and xc_map_foreign_range are
-#sometimes dereferenced, or subjected to pointer arithmetic, without
-#checking whether the relevant function failed and returned NULL.
-#
-#Add an appropriate error check at every call site.
-#
-#Changes in the 4.2 backport of this series:
-#* Fix tools/libxc/xc_dom_x86.c:setup_pgtables_x86_32.
-#* Fix tools/libxc/xc_dom_ia64.c:start_info_ia64.
-#* Fix tools/libxc/ia64/xc_ia64_dom_fwloader.c:xc_dom_load_fw_kernel.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#---
-# tools/libxc/ia64/xc_ia64_dom_fwloader.c |    2 +
-# tools/libxc/xc_dom_binloader.c          |    6 +++
-# tools/libxc/xc_dom_core.c               |    6 +++
-# tools/libxc/xc_dom_elfloader.c          |   13 +++++++
-# tools/libxc/xc_dom_ia64.c               |    6 +++
-# tools/libxc/xc_dom_x86.c                |   55 +++++++++++++++++++++++++++++++
-# tools/libxc/xc_domain_restore.c         |   27 +++++++++++++++
-# tools/libxc/xc_offline_page.c           |    5 +++
-# 8 files changed, 120 insertions(+), 0 deletions(-)
-#
-diff --git a/tools/libxc/ia64/xc_ia64_dom_fwloader.c b/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-index cdf3333..dbd3349 100644
---- a/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-+++ b/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-@@ -60,6 +60,8 @@ static int xc_dom_load_fw_kernel(struct xc_dom_image *dom)
-     unsigned long i;
- 
-     dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart);
-+    if ( dest == NULL )
-+        return -1;
-     memcpy(dest, dom->kernel_blob, FW_SIZE);
- 
-     /* Synchronize cache.  */
-diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c
-index 8596a28..553b366 100644
---- a/tools/libxc/xc_dom_binloader.c
-+++ b/tools/libxc/xc_dom_binloader.c
-@@ -277,6 +277,12 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom)
-     DOMPRINTF("  bss_size:  0x%" PRIx32 "", bss_size);
- 
-     dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size);
-+    if ( dest == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart)"
-+                  " => NULL", __FUNCTION__);
-+        return -EINVAL;
-+    }
- 
-     if ( dest_size < text_size ||
-          dest_size - text_size < bss_size )
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index 8913e41..a54ddae 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -868,6 +868,12 @@ int xc_dom_build_image(struct xc_dom_image *dom)
-                                   ramdisklen) != 0 )
-             goto err;
-         ramdiskmap = xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg);
-+        if ( ramdiskmap == NULL )
-+        {
-+            DOMPRINTF("%s: xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg) => NULL",
-+                      __FUNCTION__);
-+            goto err;
-+        }
-         if ( unziplen )
-         {
-             if ( xc_dom_do_gunzip(dom->xch,
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 9fc4b94..61b5798 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -139,6 +139,12 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-             return 0;
-         size = dom->kernel_seg.vend - dom->bsd_symtab_start;
-         hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size);
-+        if ( hdr_ptr == NULL )
-+        {
-+            DOMPRINTF("%s/load: xc_dom_vaddr_to_ptr(dom,dom->bsd_symtab_start"
-+                      " => NULL", __FUNCTION__);
-+            return -1;
-+        }
-         elf->caller_xdest_base = hdr_ptr;
-         elf->caller_xdest_size = allow_size;
-         hdr = ELF_REALPTR2PTRVAL(hdr_ptr);
-@@ -384,7 +390,14 @@ static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom)
-     xen_pfn_t pages;
- 
-     elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages);
-+    if ( elf->dest_base == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom,dom->kernel_seg)"
-+                  " => NULL", __FUNCTION__);
-+        return -1;
-+    }
-     elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom);
-+
-     rc = elf_load_binary(elf);
-     if ( rc < 0 )
-     {
-diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c
-index dcd1523..7c0eff1 100644
---- a/tools/libxc/xc_dom_ia64.c
-+++ b/tools/libxc/xc_dom_ia64.c
-@@ -60,6 +60,12 @@ int start_info_ia64(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     sprintf(start_info->magic, dom->guest_type);
-     start_info->flags = dom->flags;
-diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c
-index 0cf1687..75d6b83 100644
---- a/tools/libxc/xc_dom_x86.c
-+++ b/tools/libxc/xc_dom_x86.c
-@@ -144,6 +144,9 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-     xen_vaddr_t addr;
-     xen_pfn_t pgpfn;
- 
-+    if ( l2tab == NULL )
-+        goto pfn_error;
-+
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-     {
-@@ -151,6 +154,8 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_i386(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -169,6 +174,11 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-             l1tab = NULL;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- /*
-@@ -219,6 +229,12 @@ static xen_pfn_t move_l3_below_4G(struct xc_dom_image *dom,
-         goto out;
- 
-     l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+    if ( l3tab == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr(dom, l3pfn, 1) => NULL",
-+                  __FUNCTION__);
-+        return l3mfn; /* our one call site will call xc_dom_panic and fail */
-+    }
-     memset(l3tab, 0, XC_DOM_PAGE_SIZE(dom));
- 
-     DOMPRINTF("%s: successfully relocated L3 below 4G. "
-@@ -262,6 +278,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-     }
- 
-     l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+    if ( l3tab == NULL )
-+        goto pfn_error;
- 
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-@@ -270,6 +288,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         {
-             /* get L2 tab, make L3 entry */
-             l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1);
-+            if ( l2tab == NULL )
-+                goto pfn_error;
-             l3off = l3_table_offset_pae(addr);
-             l3tab[l3off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-@@ -280,6 +300,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_pae(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -306,6 +328,11 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         l3tab[3] = pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- #undef L1_PROT
-@@ -344,6 +371,9 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-     uint64_t addr;
-     xen_pfn_t pgpfn;
- 
-+    if ( l4tab == NULL )
-+        goto pfn_error;
-+
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-     {
-@@ -351,6 +381,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L3 tab, make L4 entry */
-             l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+            if ( l3tab == NULL )
-+                goto pfn_error;
-             l4off = l4_table_offset_x86_64(addr);
-             l4tab[l4off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l3pfn)) | L4_PROT;
-@@ -361,6 +393,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L2 tab, make L3 entry */
-             l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1);
-+            if ( l2tab == NULL )
-+                goto pfn_error;
-             l3off = l3_table_offset_x86_64(addr);
-             l3tab[l3off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-@@ -373,6 +407,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_x86_64(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -393,6 +429,11 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-             l1tab = NULL;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- #undef L1_PROT
-@@ -410,6 +451,8 @@ static int alloc_magic_pages(struct xc_dom_image *dom)
-     if ( xc_dom_alloc_segment(dom, &dom->p2m_seg, "phys2mach", 0, p2m_size) )
-         return -1;
-     dom->p2m_guest = xc_dom_seg_to_ptr(dom, &dom->p2m_seg);
-+    if ( dom->p2m_guest == NULL )
-+        return -1;
- 
-     /* allocate special pages */
-     dom->start_info_pfn = xc_dom_alloc_page(dom, "start info");
-@@ -434,6 +477,12 @@ static int start_info_x86_32(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic));
-     start_info->magic[sizeof(start_info->magic) - 1] = '\0';
-@@ -474,6 +523,12 @@ static int start_info_x86_64(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic));
-     start_info->magic[sizeof(start_info->magic) - 1] = '\0';
-diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c
-index b4c0b10..3994f8f 100644
---- a/tools/libxc/xc_domain_restore.c
-+++ b/tools/libxc/xc_domain_restore.c
-@@ -1556,6 +1556,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                     mfn = ctx->p2m[pfn];
-                     buf = xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                                PROT_READ | PROT_WRITE, mfn);
-+                    if ( buf == NULL )
-+                    {
-+                        ERROR("xc_map_foreign_range for generation id"
-+                              " buffer failed");
-+                        goto out;
-+                    }
- 
-                     generationid = *(unsigned long long *)(buf + offset);
-                     *(unsigned long long *)(buf + offset) = generationid + 1;
-@@ -1713,6 +1719,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                 l3tab = (uint64_t *)
-                     xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                          PROT_READ, ctx->p2m[i]);
-+                if ( l3tab == NULL )
-+                {
-+                    PERROR("xc_map_foreign_range failed (for l3tab)");
-+                    goto out;
-+                }
- 
-                 for ( j = 0; j < 4; j++ )
-                     l3ptes[j] = l3tab[j];
-@@ -1739,6 +1750,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                 l3tab = (uint64_t *)
-                     xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                          PROT_READ | PROT_WRITE, ctx->p2m[i]);
-+                if ( l3tab == NULL )
-+                {
-+                    PERROR("xc_map_foreign_range failed (for l3tab, 2nd)");
-+                    goto out;
-+                }
- 
-                 for ( j = 0; j < 4; j++ )
-                     l3tab[j] = l3ptes[j];
-@@ -1909,6 +1925,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-             SET_FIELD(ctxt, user_regs.edx, mfn);
-             start_info = xc_map_foreign_range(
-                 xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, mfn);
-+            if ( start_info == NULL )
-+            {
-+                PERROR("xc_map_foreign_range failed (for start_info)");
-+                goto out;
-+            }
-+
-             SET_FIELD(start_info, nr_pages, dinfo->p2m_size);
-             SET_FIELD(start_info, shared_info, shared_info_frame<<PAGE_SHIFT);
-             SET_FIELD(start_info, flags, 0);
-@@ -2056,6 +2078,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-     /* Restore contents of shared-info page. No checking needed. */
-     new_shared_info = xc_map_foreign_range(
-         xch, dom, PAGE_SIZE, PROT_WRITE, shared_info_frame);
-+    if ( new_shared_info == NULL )
-+    {
-+        PERROR("xc_map_foreign_range failed (for new_shared_info)");
-+        goto out;
-+    }
- 
-     /* restore saved vcpu_info and arch specific info */
-     MEMCPY_FIELD(new_shared_info, old_shared_info, vcpu_info);
-diff --git a/tools/libxc/xc_offline_page.c b/tools/libxc/xc_offline_page.c
-index 089a361..36b9812 100644
---- a/tools/libxc/xc_offline_page.c
-+++ b/tools/libxc/xc_offline_page.c
-@@ -714,6 +714,11 @@ int xc_exchange_page(xc_interface *xch, int domid, xen_pfn_t mfn)
- 
-         new_p = xc_map_foreign_range(xch, domid, PAGE_SIZE,
-                                      PROT_READ|PROT_WRITE, new_mfn);
-+        if ( new_p == NULL )
-+        {
-+            ERROR("failed to map new_p for copy, guest may be broken?");
-+            goto failed;
-+        }
-         memcpy(new_p, backup, PAGE_SIZE);
-         munmap(new_p, PAGE_SIZE);
-         mops.arg1.mfn = new_mfn;
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-2-XSA-55.patch

@@ -1,56 +0,0 @@
-From a672da4b2d58ef12be9d7407160e9fb43cac75d9 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:16 +0100
-Subject: [PATCH 02/23] libxc: introduce xc_dom_seg_to_ptr_pages
-
-Provide a version of xc_dom_seg_to_ptr which returns the number of
-guest pages it has actually mapped.  This is useful for callers who
-want to do range checking; we will use this later in this series.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
----
- tools/libxc/xc_dom.h |   19 ++++++++++++++++---
- 1 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
-index 6a72aa9..9af2195 100644
---- a/tools/libxc/xc_dom.h
-+++ b/tools/libxc/xc_dom.h
-@@ -278,14 +278,27 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t first,
- void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn);
- void xc_dom_unmap_all(struct xc_dom_image *dom);
- 
--static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
--                                      struct xc_dom_seg *seg)
-+static inline void *xc_dom_seg_to_ptr_pages(struct xc_dom_image *dom,
-+                                      struct xc_dom_seg *seg,
-+                                      xen_pfn_t *pages_out)
- {
-     xen_vaddr_t segsize = seg->vend - seg->vstart;
-     unsigned int page_size = XC_DOM_PAGE_SIZE(dom);
-     xen_pfn_t pages = (segsize + page_size - 1) / page_size;
-+    void *retval;
-+
-+    retval = xc_dom_pfn_to_ptr(dom, seg->pfn, pages);
-+
-+    *pages_out = retval ? pages : 0;
-+    return retval;
-+}
-+
-+static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
-+                                      struct xc_dom_seg *seg)
-+{
-+    xen_pfn_t dummy;
- 
--    return xc_dom_pfn_to_ptr(dom, seg->pfn, pages);
-+    return xc_dom_seg_to_ptr_pages(dom, seg, &dummy);
- }
- 
- static inline void *xc_dom_vaddr_to_ptr(struct xc_dom_image *dom,
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-20to23-XSA-55.patch

@@ -1,381 +0,0 @@
-From 8dc90d163650ce8aa36ae0b46debab83cc61edb6 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:19 +0100
-Subject: [PATCH 20/23] libxc: check return values from malloc
-
-A sufficiently malformed input to libxc (such as a malformed input ELF
-or other guest-controlled data) might cause one of libxc's malloc() to
-fail.  In this case we need to make sure we don't dereference or do
-pointer arithmetic on the result.
-
-Search for all occurrences of \b(m|c|re)alloc in libxc, and all
-functions which call them, and add appropriate error checking where
-missing.
-
-This includes the functions xc_dom_malloc*, which now print a message
-when they fail so that callers don't have to do so.
-
-The function xc_cpuid_to_str wasn't provided with a sane return value
-and has a pretty strange API, which now becomes a little stranger.
-There are no in-tree callers.
-
-Changes in the Xen 4.2 version of this series:
-* No need to fix code relating to ARM.
-* No need to fix code relating to superpage support.
-* Additionally fix `dom->p2m_host = xc_dom_malloc...' in xc_dom_ia64.c.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/xc_cpuid_x86.c      |   20 ++++++++++++++++++--
- tools/libxc/xc_dom_core.c       |   13 +++++++++++++
- tools/libxc/xc_dom_elfloader.c  |    2 ++
- tools/libxc/xc_dom_ia64.c       |    6 ++++++
- tools/libxc/xc_dom_x86.c        |    3 +++
- tools/libxc/xc_domain_restore.c |    5 +++++
- tools/libxc/xc_linux_osdep.c    |    4 ++++
- tools/libxc/xc_private.c        |    2 ++
- tools/libxc/xenctrl.h           |    2 +-
- 9 files changed, 54 insertions(+), 3 deletions(-)
-
-diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
-index 0882ce6..da435ce 100644
---- a/tools/libxc/xc_cpuid_x86.c
-+++ b/tools/libxc/xc_cpuid_x86.c
-@@ -589,6 +589,8 @@ static int xc_cpuid_do_domctl(
- static char *alloc_str(void)
- {
-     char *s = malloc(33);
-+    if ( s == NULL )
-+        return s;
-     memset(s, 0, 33);
-     return s;
- }
-@@ -600,6 +602,8 @@ void xc_cpuid_to_str(const unsigned int *regs, char **strs)
-     for ( i = 0; i < 4; i++ )
-     {
-         strs[i] = alloc_str();
-+        if ( strs[i] == NULL )
-+            continue;
-         for ( j = 0; j < 32; j++ )
-             strs[i][j] = !!((regs[i] & (1U << (31 - j)))) ? '1' : '0';
-     }
-@@ -680,7 +684,7 @@ int xc_cpuid_check(
-     const char **config,
-     char **config_transformed)
- {
--    int i, j;
-+    int i, j, rc;
-     unsigned int regs[4];
- 
-     memset(config_transformed, 0, 4 * sizeof(*config_transformed));
-@@ -692,6 +696,11 @@ int xc_cpuid_check(
-         if ( config[i] == NULL )
-             continue;
-         config_transformed[i] = alloc_str();
-+        if ( config_transformed[i] == NULL )
-+        {
-+            rc = -ENOMEM;
-+            goto fail_rc;
-+        }
-         for ( j = 0; j < 32; j++ )
-         {
-             unsigned char val = !!((regs[i] & (1U << (31 - j))));
-@@ -708,12 +717,14 @@ int xc_cpuid_check(
-     return 0;
- 
-  fail:
-+    rc = -EPERM;
-+ fail_rc:
-     for ( i = 0; i < 4; i++ )
-     {
-         free(config_transformed[i]);
-         config_transformed[i] = NULL;
-     }
--    return -EPERM;
-+    return rc;
- }
- 
- /*
-@@ -758,6 +769,11 @@ int xc_cpuid_set(
-         }
-         
-         config_transformed[i] = alloc_str();
-+        if ( config_transformed[i] == NULL )
-+        {
-+            rc = -ENOMEM;
-+            goto fail;
-+        }
- 
-         for ( j = 0; j < 32; j++ )
-         {
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index a54ddae..3cbf9f7 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -120,9 +120,17 @@ void *xc_dom_malloc(struct xc_dom_image *dom, size_t size)
- {
-     struct xc_dom_mem *block;
- 
-+    if ( size > SIZE_MAX - sizeof(*block) )
-+    {
-+        DOMPRINTF("%s: unreasonable allocation size", __FUNCTION__);
-+        return NULL;
-+    }
-     block = malloc(sizeof(*block) + size);
-     if ( block == NULL )
-+    {
-+        DOMPRINTF("%s: allocation failed", __FUNCTION__);
-         return NULL;
-+    }
-     memset(block, 0, sizeof(*block) + size);
-     block->next = dom->memblocks;
-     dom->memblocks = block;
-@@ -138,7 +146,10 @@ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size)
- 
-     block = malloc(sizeof(*block));
-     if ( block == NULL )
-+    {
-+        DOMPRINTF("%s: allocation failed", __FUNCTION__);
-         return NULL;
-+    }
-     memset(block, 0, sizeof(*block));
-     block->mmap_len = size;
-     block->mmap_ptr = mmap(NULL, block->mmap_len,
-@@ -146,6 +157,7 @@ void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size)
-                            -1, 0);
-     if ( block->mmap_ptr == MAP_FAILED )
-     {
-+        DOMPRINTF("%s: mmap failed", __FUNCTION__);
-         free(block);
-         return NULL;
-     }
-@@ -202,6 +214,7 @@ void *xc_dom_malloc_filemap(struct xc_dom_image *dom,
-         close(fd);
-     if ( block != NULL )
-         free(block);
-+    DOMPRINTF("%s: failed (on file `%s')", __FUNCTION__, filename);
-     return NULL;
- }
- 
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 61b5798..be58276 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -329,6 +329,8 @@ static elf_errorstatus xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
-         return rc;
- 
-     elf = xc_dom_malloc(dom, sizeof(*elf));
-+    if ( elf == NULL )
-+        return -1;
-     dom->private_loader = elf;
-     rc = elf_init(elf, dom->kernel_blob, dom->kernel_size);
-     xc_elf_set_logfile(dom->xch, elf, 1);
-diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c
-index 7c0eff1..076821c 100644
---- a/tools/libxc/xc_dom_ia64.c
-+++ b/tools/libxc/xc_dom_ia64.c
-@@ -188,6 +188,12 @@ int arch_setup_meminit(struct xc_dom_image *dom)
- 
-     /* setup initial p2m */
-     dom->p2m_host = xc_dom_malloc(dom, sizeof(xen_pfn_t) * nbr);
-+    if ( dom->p2m_host == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_malloc failed for p2m_host",
-+                  __FUNCTION__);
-+        return -1;
-+    }
-     for ( pfn = 0; pfn < nbr; pfn++ )
-         dom->p2m_host[pfn] = start + pfn;
- 
-diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c
-index 75d6b83..448d9a1 100644
---- a/tools/libxc/xc_dom_x86.c
-+++ b/tools/libxc/xc_dom_x86.c
-@@ -780,6 +780,9 @@ int arch_setup_meminit(struct xc_dom_image *dom)
-     }
- 
-     dom->p2m_host = xc_dom_malloc(dom, sizeof(xen_pfn_t) * dom->total_pages);
-+    if ( dom->p2m_host == NULL )
-+        return -EINVAL;
-+
-     if ( dom->superpages )
-     {
-         int count = dom->total_pages >> SUPERPAGE_PFN_SHIFT;
-diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c
-index 3994f8f..f9ed6b2 100644
---- a/tools/libxc/xc_domain_restore.c
-+++ b/tools/libxc/xc_domain_restore.c
-@@ -1180,6 +1180,11 @@ static int apply_batch(xc_interface *xch, uint32_t dom, struct restore_ctx *ctx,
- 
-     /* Map relevant mfns */
-     pfn_err = calloc(j, sizeof(*pfn_err));
-+    if ( pfn_err == NULL )
-+    {
-+        PERROR("allocation for pfn_err failed");
-+        return -1;
-+    }
-     region_base = xc_map_foreign_bulk(
-         xch, dom, PROT_WRITE, region_mfn, pfn_err, j);
- 
-diff --git a/tools/libxc/xc_linux_osdep.c b/tools/libxc/xc_linux_osdep.c
-index 787e742..98e041c 100644
---- a/tools/libxc/xc_linux_osdep.c
-+++ b/tools/libxc/xc_linux_osdep.c
-@@ -378,6 +378,8 @@ static void *linux_privcmd_map_foreign_range(xc_interface *xch, xc_osdep_handle
- 
-     num = (size + XC_PAGE_SIZE - 1) >> XC_PAGE_SHIFT;
-     arr = calloc(num, sizeof(xen_pfn_t));
-+    if ( arr == NULL )
-+        return NULL;
- 
-     for ( i = 0; i < num; i++ )
-         arr[i] = mfn + i;
-@@ -402,6 +404,8 @@ static void *linux_privcmd_map_foreign_ranges(xc_interface *xch, xc_osdep_handle
-     num_per_entry = chunksize >> XC_PAGE_SHIFT;
-     num = num_per_entry * nentries;
-     arr = calloc(num, sizeof(xen_pfn_t));
-+    if ( arr == NULL )
-+        return NULL;
- 
-     for ( i = 0; i < nentries; i++ )
-         for ( j = 0; j < num_per_entry; j++ )
-diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
-index 3e03a91..848ceed 100644
---- a/tools/libxc/xc_private.c
-+++ b/tools/libxc/xc_private.c
-@@ -771,6 +771,8 @@ const char *xc_strerror(xc_interface *xch, int errcode)
-         errbuf = pthread_getspecific(errbuf_pkey);
-         if (errbuf == NULL) {
-             errbuf = malloc(XS_BUFSIZE);
-+            if ( errbuf == NULL )
-+                return "(failed to allocate errbuf)";
-             pthread_setspecific(errbuf_pkey, errbuf);
-         }
- 
-diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h
-index b7741ca..8952048 100644
---- a/tools/libxc/xenctrl.h
-+++ b/tools/libxc/xenctrl.h
-@@ -1778,7 +1778,7 @@ int xc_cpuid_set(xc_interface *xch,
- int xc_cpuid_apply_policy(xc_interface *xch,
-                           domid_t domid);
- void xc_cpuid_to_str(const unsigned int *regs,
--                     char **strs);
-+                     char **strs); /* some strs[] may be NULL if ENOMEM */
- int xc_mca_op(xc_interface *xch, struct xen_mc *mc);
- #endif
- 
--- 
-1.7.2.5
-#From 052a689aa526ca51fd70528d4b0f83dfb2de99c1 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:19 +0100
-#Subject: [PATCH 21/23] libxc: range checks in xc_dom_p2m_host and _guest
-#
-#These functions take guest pfns and look them up in the p2m.  They did
-#no range checking.
-#
-#However, some callers, notably xc_dom_boot.c:setup_hypercall_page want
-#to pass untrusted guest-supplied value(s).  It is most convenient to
-#detect this here and return INVALID_MFN.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Changes from Xen 4.2 version of this patch:
-#* 4.2 lacks dom->rambase_pfn, so don't add/subtract/check it.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#---
-# tools/libxc/xc_dom.h |    4 ++++
-# 1 files changed, 4 insertions(+), 0 deletions(-)
-#
-diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
-index 0161459..d801f66 100644
---- a/tools/libxc/xc_dom.h
-+++ b/tools/libxc/xc_dom.h
-@@ -331,6 +331,8 @@ static inline xen_pfn_t xc_dom_p2m_host(struct xc_dom_image *dom, xen_pfn_t pfn)
- {
-     if (dom->shadow_enabled)
-         return pfn;
-+    if (pfn >= dom->total_pages)
-+        return INVALID_MFN;
-     return dom->p2m_host[pfn];
- }
- 
-@@ -339,6 +341,8 @@ static inline xen_pfn_t xc_dom_p2m_guest(struct xc_dom_image *dom,
- {
-     if (xc_dom_feature_translated(dom))
-         return pfn;
-+    if (pfn >= dom->total_pages)
-+        return INVALID_MFN;
-     return dom->p2m_host[pfn];
- }
- 
--- 
-1.7.2.5
-#From 2a548e22915535ac13694eb38222903bca7245e3 Mon Sep 17 00:00:00 2001
-#From: Matthew Daley <mattjd@gmail.com>
-#Date: Fri, 14 Jun 2013 16:43:19 +0100
-#Subject: [PATCH 22/23] libxc: check blob size before proceeding in xc_dom_check_gzip
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Matthew Daley <mattjd@gmail.com>
-#---
-# tools/libxc/xc_dom_core.c |    5 +++++
-# 1 files changed, 5 insertions(+), 0 deletions(-)
-#
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index 3cbf9f7..f8d1b08 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -284,6 +284,11 @@ size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen)
-     unsigned char *gzlen;
-     size_t unziplen;
- 
-+    if ( ziplen < 6 )
-+        /* Too small.  We need (i.e. the subsequent code relies on)
-+         * 2 bytes for the magic number plus 4 bytes length. */
-+        return 0;
-+
-     if ( strncmp(blob, "\037\213", 2) )
-         /* not gzipped */
-         return 0;
--- 
-1.7.2.5
-#From d21d36e84354c04638b60a739a5f7c3d9f8adaf8 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:19 +0100
-#Subject: [PATCH 23/23] libxc: Better range check in xc_dom_alloc_segment
-#
-#If seg->pfn is too large, the arithmetic in the range check might
-#overflow, defeating the range check.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-#---
-# tools/libxc/xc_dom_core.c |    3 ++-
-# 1 files changed, 2 insertions(+), 1 deletions(-)
-#
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index f8d1b08..e79e38d 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -509,7 +509,8 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom,
-     seg->vstart = start;
-     seg->pfn = (seg->vstart - dom->parms.virt_base) / page_size;
- 
--    if ( pages > dom->total_pages || /* double test avoids overflow probs */
-+    if ( pages > dom->total_pages || /* multiple test avoids overflow probs */
-+         seg->pfn > dom->total_pages ||
-          pages > dom->total_pages - seg->pfn)
-     {
-         xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY,
--- 
-1.7.2.5
-
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-3-XSA-55.patch

@@ -1,156 +0,0 @@
-From 8c738fa5c1f3cfcd935b6191b3526f7ac8b2a5bd Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:16 +0100
-Subject: [PATCH 03/23] libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
-
-* Ensure that xc_dom_pfn_to_ptr (when called with count==0) does not
-  return a previously-allocated block which is entirely before the
-  requested pfn (!)
-
-* Provide a version of xc_dom_pfn_to_ptr, xc_dom_pfn_to_ptr_retcount,
-  which provides the length of the mapped region via an out parameter.
-
-* Change xc_dom_vaddr_to_ptr to always provide the length of the
-  mapped region and change the call site in xc_dom_binloader.c to
-  check it.  The call site in xc_dom_load_elf_symtab will be corrected
-  in a forthcoming patch, and for now ignores the returned length.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/xc_dom.h           |   16 +++++++++++++---
- tools/libxc/xc_dom_binloader.c |   11 ++++++++++-
- tools/libxc/xc_dom_core.c      |   13 +++++++++++++
- tools/libxc/xc_dom_elfloader.c |    3 ++-
- 4 files changed, 38 insertions(+), 5 deletions(-)
-
-diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
-index 9af2195..9f8037e 100644
---- a/tools/libxc/xc_dom.h
-+++ b/tools/libxc/xc_dom.h
-@@ -275,6 +275,8 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom,
- 
- void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t first,
-                         xen_pfn_t count);
-+void *xc_dom_pfn_to_ptr_retcount(struct xc_dom_image *dom, xen_pfn_t first,
-+                                 xen_pfn_t count, xen_pfn_t *count_out);
- void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn);
- void xc_dom_unmap_all(struct xc_dom_image *dom);
- 
-@@ -302,13 +304,21 @@ static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
- }
- 
- static inline void *xc_dom_vaddr_to_ptr(struct xc_dom_image *dom,
--                                        xen_vaddr_t vaddr)
-+                                        xen_vaddr_t vaddr,
-+                                        size_t *safe_region_out)
- {
-     unsigned int page_size = XC_DOM_PAGE_SIZE(dom);
-     xen_pfn_t page = (vaddr - dom->parms.virt_base) / page_size;
-     unsigned int offset = (vaddr - dom->parms.virt_base) % page_size;
--    void *ptr = xc_dom_pfn_to_ptr(dom, page, 0);
--    return (ptr ? (ptr + offset) : NULL);
-+    xen_pfn_t safe_region_count;
-+    void *ptr;
-+
-+    *safe_region_out = 0;
-+    ptr = xc_dom_pfn_to_ptr_retcount(dom, page, 0, &safe_region_count);
-+    if ( ptr == NULL )
-+        return ptr;
-+    *safe_region_out = (safe_region_count << XC_DOM_PAGE_SHIFT(dom)) - offset;
-+    return ptr;
- }
- 
- static inline int xc_dom_feature_translated(struct xc_dom_image *dom)
-diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c
-index 769e97d..bde93f7 100644
---- a/tools/libxc/xc_dom_binloader.c
-+++ b/tools/libxc/xc_dom_binloader.c
-@@ -249,6 +249,7 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom)
-     char *image = dom->kernel_blob;
-     char *dest;
-     size_t image_size = dom->kernel_size;
-+    size_t dest_size;
-     uint32_t start_addr;
-     uint32_t load_end_addr;
-     uint32_t bss_end_addr;
-@@ -272,7 +273,15 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom)
-     DOMPRINTF("  text_size: 0x%" PRIx32 "", text_size);
-     DOMPRINTF("  bss_size:  0x%" PRIx32 "", bss_size);
- 
--    dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart);
-+    dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size);
-+
-+    if ( dest_size < text_size ||
-+         dest_size - text_size < bss_size )
-+    {
-+        DOMPRINTF("%s: mapped region is too small for image", __FUNCTION__);
-+        return -EINVAL;
-+    }
-+
-     memcpy(dest, image + skip, text_size);
-     memset(dest + text_size, 0, bss_size);
- 
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index 2a01d7c..8913e41 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -351,10 +351,19 @@ int xc_dom_try_gunzip(struct xc_dom_image *dom, void **blob, size_t * size)
- void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn,
-                         xen_pfn_t count)
- {
-+    xen_pfn_t count_out_dummy;
-+    return xc_dom_pfn_to_ptr_retcount(dom, pfn, count, &count_out_dummy);
-+}
-+
-+void *xc_dom_pfn_to_ptr_retcount(struct xc_dom_image *dom, xen_pfn_t pfn,
-+                                 xen_pfn_t count, xen_pfn_t *count_out)
-+{
-     struct xc_dom_phys *phys;
-     unsigned int page_shift = XC_DOM_PAGE_SHIFT(dom);
-     char *mode = "unset";
- 
-+    *count_out = 0;
-+
-     if ( pfn > dom->total_pages ||    /* multiple checks to avoid overflows */
-          count > dom->total_pages ||
-          pfn > dom->total_pages - count )
-@@ -384,6 +393,7 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn,
-                           phys->count);
-                 return NULL;
-             }
-+            *count_out = count;
-         }
-         else
-         {
-@@ -391,6 +401,9 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t pfn,
-                just hand out a pointer to it */
-             if ( pfn < phys->first )
-                 continue;
-+            if ( pfn >= phys->first + phys->count )
-+                continue;
-+            *count_out = phys->count - (pfn - phys->first);
-         }
-         return phys->ptr + ((pfn - phys->first) << page_shift);
-     }
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 2e69559..031b5b6 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -130,10 +130,11 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- 
-     if ( load )
-     {
-+        size_t allow_size; /* will be used in a forthcoming XSA-55 patch */
-         if ( !dom->bsd_symtab_start )
-             return 0;
-         size = dom->kernel_seg.vend - dom->bsd_symtab_start;
--        hdr  = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start);
-+        hdr  = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size);
-         *(int *)hdr = size - sizeof(int);
-     }
-     else
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-4-XSA-55.patch

@@ -1,55 +0,0 @@
-From 035634047d10c678cbb8801c4263747bdaf4e5b1 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:16 +0100
-Subject: [PATCH 04/23] libelf: add `struct elf_binary*' parameter to elf_load_image
-
-The meat of this function is going to need a copy of the elf pointer,
-in forthcoming patches.
-
-No functional change in this patch.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
----
- xen/common/libelf/libelf-loader.c |    8 +++++---
- 1 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index ab58b8b..0559d88 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -108,7 +108,8 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
-     elf->verbose = verbose;
- }
- 
--static int elf_load_image(void *dst, const void *src, uint64_t filesz, uint64_t memsz)
-+static int elf_load_image(struct elf_binary *elf,
-+                          void *dst, const void *src, uint64_t filesz, uint64_t memsz)
- {
-     memcpy(dst, src, filesz);
-     memset(dst + filesz, 0, memsz - filesz);
-@@ -122,7 +123,8 @@ void elf_set_verbose(struct elf_binary *elf)
-     elf->verbose = 1;
- }
- 
--static int elf_load_image(void *dst, const void *src, uint64_t filesz, uint64_t memsz)
-+static int elf_load_image(struct elf_binary *elf,
-+                          void *dst, const void *src, uint64_t filesz, uint64_t memsz)
- {
-     int rc;
-     if ( filesz > ULONG_MAX || memsz > ULONG_MAX )
-@@ -279,7 +281,7 @@ int elf_load_binary(struct elf_binary *elf)
-         dest = elf_get_ptr(elf, paddr);
-         elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%p -> 0x%p\n",
-                 __func__, i, dest, dest + filesz);
--        if ( elf_load_image(dest, elf->image + offset, filesz, memsz) != 0 )
-+        if ( elf_load_image(elf, dest, elf->image + offset, filesz, memsz) != 0 )
-             return -1;
-     }
- 
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-5to7-XSA-55.patch

@@ -1,174 +0,0 @@
-From 83ec905922b496e1a5756e3a88405eb6c2c6ba88 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:16 +0100
-Subject: [PATCH 05/23] libelf: abolish elf_sval and elf_access_signed
-
-These are not used anywhere.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
- xen/common/libelf/libelf-tools.c |   28 ----------------------------
- xen/include/xen/libelf.h         |   11 -----------
- 2 files changed, 0 insertions(+), 39 deletions(-)
-
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index cb97908..2f54142 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -48,34 +48,6 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, const void *ptr,
-     }
- }
- 
--int64_t elf_access_signed(struct elf_binary *elf, const void *ptr,
--                          uint64_t offset, size_t size)
--{
--    int need_swap = elf_swap(elf);
--    const int8_t *s8;
--    const int16_t *s16;
--    const int32_t *s32;
--    const int64_t *s64;
--
--    switch ( size )
--    {
--    case 1:
--        s8 = ptr + offset;
--        return *s8;
--    case 2:
--        s16 = ptr + offset;
--        return need_swap ? bswap_16(*s16) : *s16;
--    case 4:
--        s32 = ptr + offset;
--        return need_swap ? bswap_32(*s32) : *s32;
--    case 8:
--        s64 = ptr + offset;
--        return need_swap ? bswap_64(*s64) : *s64;
--    default:
--        return 0;
--    }
--}
--
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr)
- {
-     int elf_round = (elf_64bit(elf) ? 8 : 4) - 1;
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index e8f6508..38e490c 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -136,23 +136,12 @@ struct elf_binary {
-                            offsetof(typeof(*(str)),e32.elem),           \
-                            sizeof((str)->e32.elem)))
- 
--#define elf_sval(elf, str, elem)                                        \
--    ((ELFCLASS64 == (elf)->class)                                       \
--     ? elf_access_signed((elf), (str),                                  \
--                         offsetof(typeof(*(str)),e64.elem),             \
--                         sizeof((str)->e64.elem))                       \
--     : elf_access_signed((elf), (str),                                  \
--                         offsetof(typeof(*(str)),e32.elem),             \
--                         sizeof((str)->e32.elem)))
--
- #define elf_size(elf, str)                              \
-     ((ELFCLASS64 == (elf)->class)                       \
-      ? sizeof((str)->e64) : sizeof((str)->e32))
- 
- uint64_t elf_access_unsigned(struct elf_binary *elf, const void *ptr,
-                              uint64_t offset, size_t size);
--int64_t elf_access_signed(struct elf_binary *elf, const void *ptr,
--                          uint64_t offset, size_t size);
- 
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr);
- 
--- 
-1.7.2.5
-#From 682a04488e7b3bd6c3448ab60599566eb7c6177a Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:16 +0100
-#Subject: [PATCH 06/23] libelf: move include of <asm/guest_access.h> to top of file
-#
-#libelf-loader.c #includes <asm/guest_access.h>, when being compiled
-#for Xen.  Currently it does this in the middle of the file.
-#
-#Move this #include to the top of the file, before libelf-private.h.
-#This is necessary because in forthcoming patches we will introduce
-#private #defines of memcpy etc. which would interfere with definitions
-#in headers #included from guest_access.h.
-#
-#No semantic or functional change in this patch.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#Acked-by: Ian Campbell <ian.campbell@citrix.com>
-#Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-#---
-# xen/common/libelf/libelf-loader.c |    5 ++++-
-# 1 files changed, 4 insertions(+), 1 deletions(-)
-#
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index 0559d88..ec0706b 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -16,6 +16,10 @@
-  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-  */
- 
-+#ifdef __XEN__
-+#include <asm/guest_access.h>
-+#endif
-+
- #include "libelf-private.h"
- 
- /* ------------------------------------------------------------------------ */
-@@ -116,7 +120,6 @@ static int elf_load_image(struct elf_binary *elf,
-     return 0;
- }
- #else
--#include <asm/guest_access.h>
- 
- void elf_set_verbose(struct elf_binary *elf)
- {
--- 
-1.7.2.5
-#From de9089b449d2508b1ba05590905c7ebaee00c8c4 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:16 +0100
-#Subject: [PATCH 07/23] libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised
-#
-#xc_dom_load_elf_symtab (with load==0) calls elf_round_up, but it
-#mistakenly used the uninitialised variable "syms" when calculating
-#dom->bsd_symtab_start.  This should be a reference to "elf".
-#
-#This change might have the effect of rounding the value differently.
-#Previously if the uninitialised value (a single byte on the stack) was
-#ELFCLASS64 (ie, 2), the alignment would be to 8 bytes, otherwise to 4.
-#
-#However, the value is calculated from dom->kernel_seg.vend so this
-#could only make a difference if that value wasn't already aligned to 8
-#bytes.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#Acked-by: Ian Campbell <ian.campbell@citrix.com>
-#---
-# tools/libxc/xc_dom_elfloader.c |    2 +-
-# 1 files changed, 1 insertions(+), 1 deletions(-)
-#
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 031b5b6..e82f6e9 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -144,7 +144,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-         hdr = xc_dom_malloc(dom, size);
-         if ( hdr == NULL )
-             return 0;
--        dom->bsd_symtab_start = elf_round_up(&syms, dom->kernel_seg.vend);
-+        dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend);
-     }
- 
-     memcpy(hdr + sizeof(int),
--- 
-1.7.2.5

app-emulation/xen-tools/files/xen-4.2-CVE-2013-6-XSA-55.patch

@@ -1,252 +0,0 @@
-From 3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:18 +0100
-Subject: [PATCH 14/23] libelf: use C99 bool for booleans
-
-We want to remove uses of "int" because signed integers have
-undesirable undefined behaviours on overflow.  Malicious compilers can
-turn apparently-correct code into code with security vulnerabilities
-etc.
-
-In this patch we change all the booleans in libelf to C99 bool,
-from <stdbool.h>.
-
-For the one visible libelf boolean in libxc's public interface we
-retain the use of int to avoid changing the ABI; libxc converts it to
-a bool for consumption by libelf.
-
-It is OK to change all values only ever used as booleans to _Bool
-(bool) because conversion from any scalar type to a _Bool works the
-same as the boolean test in if() or ?: and is always defined (C99
-6.3.1.2).  But we do need to check that all these variables really are
-only ever used that way.  (It is theoretically possible that the old
-code truncated some 64-bit values to 32-bit ints which might become
-zero depending on the value, which would mean a behavioural change in
-this patch, but it seems implausible that treating 0x????????00000000
-as false could have been intended.)
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
----
- tools/libxc/xc_dom_elfloader.c     |    8 ++++----
- xen/common/libelf/libelf-dominfo.c |    2 +-
- xen/common/libelf/libelf-loader.c  |    4 ++--
- xen/common/libelf/libelf-private.h |    2 +-
- xen/common/libelf/libelf-tools.c   |   10 +++++-----
- xen/include/xen/libelf.h           |   18 ++++++++++--------
- 6 files changed, 23 insertions(+), 21 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 4fb4da2..9ba64ae 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -34,7 +34,7 @@
- /* ------------------------------------------------------------------------ */
- 
- static void log_callback(struct elf_binary *elf, void *caller_data,
--                         int iserr, const char *fmt, va_list al) {
-+                         bool iserr, const char *fmt, va_list al) {
-     xc_interface *xch = caller_data;
- 
-     xc_reportv(xch,
-@@ -46,7 +46,7 @@ static void log_callback(struct elf_binary *elf, void *caller_data,
- 
- void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf,
-                         int verbose) {
--    elf_set_log(elf, log_callback, xch, verbose);
-+    elf_set_log(elf, log_callback, xch, verbose /* convert to bool */);
- }
- 
- /* ------------------------------------------------------------------------ */
-@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom,
- /* ------------------------------------------------------------------------ */
- /* parse elf binary                                                         */
- 
--static int check_elf_kernel(struct xc_dom_image *dom, int verbose)
-+static int check_elf_kernel(struct xc_dom_image *dom, bool verbose)
- {
-     if ( dom->kernel_blob == NULL )
-     {
-@@ -112,7 +112,7 @@ static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom)
- }
- 
- static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
--                                  struct elf_binary *elf, int load)
-+                                  struct elf_binary *elf, bool load)
- {
-     struct elf_binary syms;
-     ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2;
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 98c80dc..12b6c2a 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -101,7 +101,7 @@ int elf_xen_parse_note(struct elf_binary *elf,
- /* *INDENT-OFF* */
-     static const struct {
-         char *name;
--        int str;
-+        bool str;
-     } note_desc[] = {
-         [XEN_ELFNOTE_ENTRY] = { "ENTRY", 0},
-         [XEN_ELFNOTE_HYPERCALL_PAGE] = { "HYPERCALL_PAGE", 0},
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index f8be635..0dccd4d 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -92,7 +92,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size)
- }
- 
- #ifndef __XEN__
--void elf_call_log_callback(struct elf_binary *elf, int iserr,
-+void elf_call_log_callback(struct elf_binary *elf, bool iserr,
-                            const char *fmt,...) {
-     va_list al;
- 
-@@ -107,7 +107,7 @@ void elf_call_log_callback(struct elf_binary *elf, int iserr,
- }
-     
- void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
--                 void *log_caller_data, int verbose)
-+                 void *log_caller_data, bool verbose)
- {
-     elf->log_callback = log_callback;
-     elf->log_caller_data = log_caller_data;
-diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h
-index 280dfd1..277be04 100644
---- a/xen/common/libelf/libelf-private.h
-+++ b/xen/common/libelf/libelf-private.h
-@@ -77,7 +77,7 @@
- #define elf_err(elf, fmt, args ... )                    \
-     elf_call_log_callback(elf, 1, fmt , ## args );
- 
--void elf_call_log_callback(struct elf_binary*, int iserr, const char *fmt,...);
-+void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...);
- 
- #define safe_strcpy(d,s)                        \
- do { strncpy((d),(s),sizeof((d))-1);            \
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 744027e..fa58f76 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -31,7 +31,7 @@ const char *elf_check_broken(const struct elf_binary *elf)
-     return elf->broken;
- }
- 
--static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-+static bool elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-                                const void *region, uint64_t regionsize)
-     /*
-      * Returns true if the putative memory area [ptrval,ptrval+size>
-@@ -53,7 +53,7 @@ static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-     return 1;
- }
- 
--int elf_access_ok(struct elf_binary * elf,
-+bool elf_access_ok(struct elf_binary * elf,
-                   uint64_t ptrval, size_t size)
- {
-     if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) )
-@@ -92,7 +92,7 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base,
-                              uint64_t moreoffset, size_t size)
- {
-     elf_ptrval ptrval = base + moreoffset;
--    int need_swap = elf_swap(elf);
-+    bool need_swap = elf_swap(elf);
-     const uint8_t *u8;
-     const uint16_t *u16;
-     const uint32_t *u32;
-@@ -332,7 +332,7 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(
- 
- /* ------------------------------------------------------------------------ */
- 
--int elf_is_elfbinary(const void *image_start, size_t image_size)
-+bool elf_is_elfbinary(const void *image_start, size_t image_size)
- {
-     const Elf32_Ehdr *ehdr = image_start;
- 
-@@ -342,7 +342,7 @@ int elf_is_elfbinary(const void *image_start, size_t image_size)
-     return IS_ELF(*ehdr);
- }
- 
--int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
-+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-     uint64_t p_type = elf_uval(elf, phdr, p_type);
-     uint64_t p_flags = elf_uval(elf, phdr, p_flags);
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index ac93858..951430f 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -29,6 +29,8 @@
- #error define architectural endianness
- #endif
- 
-+#include <stdbool.h>
-+
- #undef ELFSIZE
- #include "elfstructs.h"
- #ifdef __XEN__
-@@ -42,7 +44,7 @@
- 
- struct elf_binary;
- typedef void elf_log_callback(struct elf_binary*, void *caller_data,
--                              int iserr, const char *fmt, va_list al);
-+                              bool iserr, const char *fmt, va_list al);
- 
- #endif
- 
-@@ -237,7 +239,7 @@ struct elf_binary {
-     elf_log_callback *log_callback;
-     void *log_caller_data;
- #endif
--    int verbose;
-+    bool verbose;
-     const char *broken;
- };
- 
-@@ -301,8 +303,8 @@ void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t);
-    * outside permitted areas.
-    */
- 
--int elf_access_ok(struct elf_binary * elf,
--                  uint64_t ptrval, size_t size);
-+bool elf_access_ok(struct elf_binary * elf,
-+                   uint64_t ptrval, size_t size);
- 
- #define elf_store_val(elf, type, ptr, val)                              \
-     ({                                                                  \
-@@ -351,9 +353,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
- ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- 
- /* (Only) checks that the image has the right magic number. */
--int elf_is_elfbinary(const void *image_start, size_t image_size);
-+bool elf_is_elfbinary(const void *image_start, size_t image_size);
- 
--int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
- 
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_loader.c                                                       */
-@@ -367,7 +369,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size);
- void elf_set_verbose(struct elf_binary *elf);
- #else
- void elf_set_log(struct elf_binary *elf, elf_log_callback*,
--                 void *log_caller_pointer, int verbose);
-+                 void *log_caller_pointer, bool verbose);
- #endif
- 
- void elf_parse_binary(struct elf_binary *elf);
-@@ -419,7 +421,7 @@ struct elf_dom_parms {
-     char xen_ver[16];
-     char loader[16];
-     int pae;
--    int bsd_symtab;
-+    bool bsd_symtab;
-     uint64_t virt_base;
-     uint64_t virt_entry;
-     uint64_t virt_hypercall;
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-7-XSA-55.patch

@@ -1,382 +0,0 @@
-From 77c0829fa751f052f7b8ec08287aef6e7ba97bc5 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:19 +0100
-Subject: [PATCH 19/23] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
-
-The return values from xc_dom_*_to_ptr and xc_map_foreign_range are
-sometimes dereferenced, or subjected to pointer arithmetic, without
-checking whether the relevant function failed and returned NULL.
-
-Add an appropriate error check at every call site.
-
-Changes in the 4.2 backport of this series:
-* Fix tools/libxc/xc_dom_x86.c:setup_pgtables_x86_32.
-* Fix tools/libxc/xc_dom_ia64.c:start_info_ia64.
-* Fix tools/libxc/ia64/xc_ia64_dom_fwloader.c:xc_dom_load_fw_kernel.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/ia64/xc_ia64_dom_fwloader.c |    2 +
- tools/libxc/xc_dom_binloader.c          |    6 +++
- tools/libxc/xc_dom_core.c               |    6 +++
- tools/libxc/xc_dom_elfloader.c          |   13 +++++++
- tools/libxc/xc_dom_ia64.c               |    6 +++
- tools/libxc/xc_dom_x86.c                |   55 +++++++++++++++++++++++++++++++
- tools/libxc/xc_domain_restore.c         |   27 +++++++++++++++
- tools/libxc/xc_offline_page.c           |    5 +++
- 8 files changed, 120 insertions(+), 0 deletions(-)
-
-diff --git a/tools/libxc/ia64/xc_ia64_dom_fwloader.c b/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-index cdf3333..dbd3349 100644
---- a/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-+++ b/tools/libxc/ia64/xc_ia64_dom_fwloader.c
-@@ -60,6 +60,8 @@ static int xc_dom_load_fw_kernel(struct xc_dom_image *dom)
-     unsigned long i;
- 
-     dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart);
-+    if ( dest == NULL )
-+        return -1;
-     memcpy(dest, dom->kernel_blob, FW_SIZE);
- 
-     /* Synchronize cache.  */
-diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c
-index 8596a28..553b366 100644
---- a/tools/libxc/xc_dom_binloader.c
-+++ b/tools/libxc/xc_dom_binloader.c
-@@ -277,6 +277,12 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom)
-     DOMPRINTF("  bss_size:  0x%" PRIx32 "", bss_size);
- 
-     dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size);
-+    if ( dest == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart)"
-+                  " => NULL", __FUNCTION__);
-+        return -EINVAL;
-+    }
- 
-     if ( dest_size < text_size ||
-          dest_size - text_size < bss_size )
-diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
-index 8913e41..a54ddae 100644
---- a/tools/libxc/xc_dom_core.c
-+++ b/tools/libxc/xc_dom_core.c
-@@ -868,6 +868,12 @@ int xc_dom_build_image(struct xc_dom_image *dom)
-                                   ramdisklen) != 0 )
-             goto err;
-         ramdiskmap = xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg);
-+        if ( ramdiskmap == NULL )
-+        {
-+            DOMPRINTF("%s: xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg) => NULL",
-+                      __FUNCTION__);
-+            goto err;
-+        }
-         if ( unziplen )
-         {
-             if ( xc_dom_do_gunzip(dom->xch,
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 9fc4b94..61b5798 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -139,6 +139,12 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-             return 0;
-         size = dom->kernel_seg.vend - dom->bsd_symtab_start;
-         hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size);
-+        if ( hdr_ptr == NULL )
-+        {
-+            DOMPRINTF("%s/load: xc_dom_vaddr_to_ptr(dom,dom->bsd_symtab_start"
-+                      " => NULL", __FUNCTION__);
-+            return -1;
-+        }
-         elf->caller_xdest_base = hdr_ptr;
-         elf->caller_xdest_size = allow_size;
-         hdr = ELF_REALPTR2PTRVAL(hdr_ptr);
-@@ -384,7 +390,14 @@ static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom)
-     xen_pfn_t pages;
- 
-     elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages);
-+    if ( elf->dest_base == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom,dom->kernel_seg)"
-+                  " => NULL", __FUNCTION__);
-+        return -1;
-+    }
-     elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom);
-+
-     rc = elf_load_binary(elf);
-     if ( rc < 0 )
-     {
-diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c
-index dcd1523..7c0eff1 100644
---- a/tools/libxc/xc_dom_ia64.c
-+++ b/tools/libxc/xc_dom_ia64.c
-@@ -60,6 +60,12 @@ int start_info_ia64(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     sprintf(start_info->magic, dom->guest_type);
-     start_info->flags = dom->flags;
-diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c
-index 0cf1687..75d6b83 100644
---- a/tools/libxc/xc_dom_x86.c
-+++ b/tools/libxc/xc_dom_x86.c
-@@ -144,6 +144,9 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-     xen_vaddr_t addr;
-     xen_pfn_t pgpfn;
- 
-+    if ( l2tab == NULL )
-+        goto pfn_error;
-+
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-     {
-@@ -151,6 +154,8 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_i386(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -169,6 +174,11 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom)
-             l1tab = NULL;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- /*
-@@ -219,6 +229,12 @@ static xen_pfn_t move_l3_below_4G(struct xc_dom_image *dom,
-         goto out;
- 
-     l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+    if ( l3tab == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr(dom, l3pfn, 1) => NULL",
-+                  __FUNCTION__);
-+        return l3mfn; /* our one call site will call xc_dom_panic and fail */
-+    }
-     memset(l3tab, 0, XC_DOM_PAGE_SIZE(dom));
- 
-     DOMPRINTF("%s: successfully relocated L3 below 4G. "
-@@ -262,6 +278,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-     }
- 
-     l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+    if ( l3tab == NULL )
-+        goto pfn_error;
- 
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-@@ -270,6 +288,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         {
-             /* get L2 tab, make L3 entry */
-             l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1);
-+            if ( l2tab == NULL )
-+                goto pfn_error;
-             l3off = l3_table_offset_pae(addr);
-             l3tab[l3off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-@@ -280,6 +300,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_pae(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -306,6 +328,11 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom)
-         l3tab[3] = pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- #undef L1_PROT
-@@ -344,6 +371,9 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-     uint64_t addr;
-     xen_pfn_t pgpfn;
- 
-+    if ( l4tab == NULL )
-+        goto pfn_error;
-+
-     for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end;
-           addr += PAGE_SIZE_X86 )
-     {
-@@ -351,6 +381,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L3 tab, make L4 entry */
-             l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1);
-+            if ( l3tab == NULL )
-+                goto pfn_error;
-             l4off = l4_table_offset_x86_64(addr);
-             l4tab[l4off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l3pfn)) | L4_PROT;
-@@ -361,6 +393,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L2 tab, make L3 entry */
-             l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1);
-+            if ( l2tab == NULL )
-+                goto pfn_error;
-             l3off = l3_table_offset_x86_64(addr);
-             l3tab[l3off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT;
-@@ -373,6 +407,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-         {
-             /* get L1 tab, make L2 entry */
-             l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1);
-+            if ( l1tab == NULL )
-+                goto pfn_error;
-             l2off = l2_table_offset_x86_64(addr);
-             l2tab[l2off] =
-                 pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT;
-@@ -393,6 +429,11 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom)
-             l1tab = NULL;
-     }
-     return 0;
-+
-+pfn_error:
-+    xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
-+                 "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__);
-+    return -EINVAL;
- }
- 
- #undef L1_PROT
-@@ -410,6 +451,8 @@ static int alloc_magic_pages(struct xc_dom_image *dom)
-     if ( xc_dom_alloc_segment(dom, &dom->p2m_seg, "phys2mach", 0, p2m_size) )
-         return -1;
-     dom->p2m_guest = xc_dom_seg_to_ptr(dom, &dom->p2m_seg);
-+    if ( dom->p2m_guest == NULL )
-+        return -1;
- 
-     /* allocate special pages */
-     dom->start_info_pfn = xc_dom_alloc_page(dom, "start info");
-@@ -434,6 +477,12 @@ static int start_info_x86_32(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic));
-     start_info->magic[sizeof(start_info->magic) - 1] = '\0';
-@@ -474,6 +523,12 @@ static int start_info_x86_64(struct xc_dom_image *dom)
- 
-     DOMPRINTF_CALLED(dom->xch);
- 
-+    if ( start_info == NULL )
-+    {
-+        DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__);
-+        return -1; /* our caller throws away our return value :-/ */
-+    }
-+
-     memset(start_info, 0, sizeof(*start_info));
-     strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic));
-     start_info->magic[sizeof(start_info->magic) - 1] = '\0';
-diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c
-index b4c0b10..3994f8f 100644
---- a/tools/libxc/xc_domain_restore.c
-+++ b/tools/libxc/xc_domain_restore.c
-@@ -1556,6 +1556,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                     mfn = ctx->p2m[pfn];
-                     buf = xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                                PROT_READ | PROT_WRITE, mfn);
-+                    if ( buf == NULL )
-+                    {
-+                        ERROR("xc_map_foreign_range for generation id"
-+                              " buffer failed");
-+                        goto out;
-+                    }
- 
-                     generationid = *(unsigned long long *)(buf + offset);
-                     *(unsigned long long *)(buf + offset) = generationid + 1;
-@@ -1713,6 +1719,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                 l3tab = (uint64_t *)
-                     xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                          PROT_READ, ctx->p2m[i]);
-+                if ( l3tab == NULL )
-+                {
-+                    PERROR("xc_map_foreign_range failed (for l3tab)");
-+                    goto out;
-+                }
- 
-                 for ( j = 0; j < 4; j++ )
-                     l3ptes[j] = l3tab[j];
-@@ -1739,6 +1750,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-                 l3tab = (uint64_t *)
-                     xc_map_foreign_range(xch, dom, PAGE_SIZE,
-                                          PROT_READ | PROT_WRITE, ctx->p2m[i]);
-+                if ( l3tab == NULL )
-+                {
-+                    PERROR("xc_map_foreign_range failed (for l3tab, 2nd)");
-+                    goto out;
-+                }
- 
-                 for ( j = 0; j < 4; j++ )
-                     l3tab[j] = l3ptes[j];
-@@ -1909,6 +1925,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-             SET_FIELD(ctxt, user_regs.edx, mfn);
-             start_info = xc_map_foreign_range(
-                 xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, mfn);
-+            if ( start_info == NULL )
-+            {
-+                PERROR("xc_map_foreign_range failed (for start_info)");
-+                goto out;
-+            }
-+
-             SET_FIELD(start_info, nr_pages, dinfo->p2m_size);
-             SET_FIELD(start_info, shared_info, shared_info_frame<<PAGE_SHIFT);
-             SET_FIELD(start_info, flags, 0);
-@@ -2056,6 +2078,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom,
-     /* Restore contents of shared-info page. No checking needed. */
-     new_shared_info = xc_map_foreign_range(
-         xch, dom, PAGE_SIZE, PROT_WRITE, shared_info_frame);
-+    if ( new_shared_info == NULL )
-+    {
-+        PERROR("xc_map_foreign_range failed (for new_shared_info)");
-+        goto out;
-+    }
- 
-     /* restore saved vcpu_info and arch specific info */
-     MEMCPY_FIELD(new_shared_info, old_shared_info, vcpu_info);
-diff --git a/tools/libxc/xc_offline_page.c b/tools/libxc/xc_offline_page.c
-index 089a361..36b9812 100644
---- a/tools/libxc/xc_offline_page.c
-+++ b/tools/libxc/xc_offline_page.c
-@@ -714,6 +714,11 @@ int xc_exchange_page(xc_interface *xch, int domid, xen_pfn_t mfn)
- 
-         new_p = xc_map_foreign_range(xch, domid, PAGE_SIZE,
-                                      PROT_READ|PROT_WRITE, new_mfn);
-+        if ( new_p == NULL )
-+        {
-+            ERROR("failed to map new_p for copy, guest may be broken?");
-+            goto failed;
-+        }
-         memcpy(new_p, backup, PAGE_SIZE);
-         munmap(new_p, PAGE_SIZE);
-         mops.arg1.mfn = new_mfn;
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-2013-9to10-XSA-55.patch

@@ -1,261 +0,0 @@
-From 59f66d58180832af6b99a9e4489031b5c2f627ab Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:17 +0100
-Subject: [PATCH 09/23] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note
-
-Use the new PTRVAL macros and elf_access_unsigned in
-print_l1_mfn_valid_note.
-
-No functional change unless the input is wrong, or we are reading a
-file for a different endianness.
-
-Separated out from the previous patch because this change does produce
-a difference in the generated code.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
- tools/xcutils/readnotes.c |   11 ++++++-----
- 1 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index 2af047d..7ff2530 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -77,22 +77,23 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf,
- }
- 
- static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf,
--				    const elf_note *note)
-+				    ELF_HANDLE_DECL(elf_note) note)
- {
- 	int descsz = elf_uval(elf, note, descsz);
--	const uint32_t *desc32 = elf_note_desc(elf, note);
--	const uint64_t *desc64 = elf_note_desc(elf, note);
-+	ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
- 
- 	/* XXX should be able to cope with a list of values. */
- 	switch ( descsz / 2 )
- 	{
- 	case 8:
- 		printf("%s: mask=%#"PRIx64" value=%#"PRIx64"\n", prefix,
--		       desc64[0], desc64[1]);
-+		       elf_access_unsigned(elf, desc, 0, 8),
-+		       elf_access_unsigned(elf, desc, 8, 8));
- 		break;
- 	case 4:
- 		printf("%s: mask=%#"PRIx32" value=%#"PRIx32"\n", prefix,
--		       desc32[0],desc32[1]);
-+		       (uint32_t)elf_access_unsigned(elf, desc, 0, 4),
-+		       (uint32_t)elf_access_unsigned(elf, desc, 4, 4));
- 		break;
- 	}
- 
--- 
-1.7.2.5
-#From db14d5bd9b6508adfcd2b910f454fae12fa4ba00 Mon Sep 17 00:00:00 2001
-#From: Ian Jackson <ian.jackson@eu.citrix.com>
-#Date: Fri, 14 Jun 2013 16:43:17 +0100
-#Subject: [PATCH 10/23] libelf: check nul-terminated strings properly
-#
-#It is not safe to simply take pointers into the ELF and use them as C
-#pointers.  They might not be properly nul-terminated (and the pointers
-#might be wild).
-#
-#So we are going to introduce a new function elf_strval for safely
-#getting strings.  This will check that the addresses are in range and
-#that there is a proper nul-terminated string.  Of course it might
-#discover that there isn't.  In that case, it will be made to fail.
-#This means that elf_note_name might fail, too.
-#
-#For the benefit of call sites which are just going to pass the value
-#to a printf-like function, we provide elf_strfmt which returns
-#"(invalid)" on failure rather than NULL.
-#
-#In this patch we introduce dummy definitions of these functions.  We
-#introduce calls to elf_strval and elf_strfmt everywhere, and update
-#all the call sites with appropriate error checking.
-#
-#There is not yet any semantic change, since before this patch all the
-#places where we introduce elf_strval dereferenced the value anyway, so
-#it mustn't have been NULL.
-#
-#In future patches, when elf_strval is made able return NULL, when it
-#does so it will mark the elf "broken" so that an appropriate
-#diagnostic can be printed.
-#
-#This is part of the fix to a security issue, XSA-55.
-#
-#Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-#Acked-by: Ian Campbell <ian.campbell@citrix.com>
-#Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-#---
-# tools/xcutils/readnotes.c          |   11 ++++++++---
-# xen/common/libelf/libelf-dominfo.c |   13 ++++++++++---
-# xen/common/libelf/libelf-tools.c   |   10 +++++++---
-# xen/include/xen/libelf.h           |    7 +++++--
-# 4 files changed, 30 insertions(+), 11 deletions(-)
-#
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index 7ff2530..cfae994 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -63,7 +63,7 @@ struct setup_header {
- static void print_string_note(const char *prefix, struct elf_binary *elf,
- 			      ELF_HANDLE_DECL(elf_note) note)
- {
--	printf("%s: %s\n", prefix, (char*)elf_note_desc(elf, note));
-+	printf("%s: %s\n", prefix, elf_strfmt(elf, elf_note_desc(elf, note)));
- }
- 
- static void print_numeric_note(const char *prefix, struct elf_binary *elf,
-@@ -103,10 +103,14 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start,
- {
- 	ELF_HANDLE_DECL(elf_note) note;
- 	int notes_found = 0;
-+	const char *this_note_name;
- 
- 	for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) )
- 	{
--		if (0 != strcmp(elf_note_name(elf, note), "Xen"))
-+		this_note_name = elf_note_name(elf, note);
-+		if (NULL == this_note_name)
-+			continue;
-+		if (0 != strcmp(this_note_name, "Xen"))
- 			continue;
- 
- 		notes_found++;
-@@ -294,7 +298,8 @@ int main(int argc, char **argv)
- 
- 	shdr = elf_shdr_by_name(&elf, "__xen_guest");
- 	if (ELF_HANDLE_VALID(shdr))
--		printf("__xen_guest: %s\n", (char*)elf_section_start(&elf, shdr));
-+		printf("__xen_guest: %s\n",
-+                       elf_strfmt(&elf, elf_section_start(&elf, shdr)));
- 
- 	return 0;
- }
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 7140d59..b217f8f 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -137,7 +137,10 @@ int elf_xen_parse_note(struct elf_binary *elf,
- 
-     if ( note_desc[type].str )
-     {
--        str = elf_note_desc(elf, note);
-+        str = elf_strval(elf, elf_note_desc(elf, note));
-+        if (str == NULL)
-+            /* elf_strval will mark elf broken if it fails so no need to log */
-+            return 0;
-         elf_msg(elf, "%s: %s = \"%s\"\n", __FUNCTION__,
-                 note_desc[type].name, str);
-         parms->elf_notes[type].type = XEN_ENT_STR;
-@@ -220,6 +223,7 @@ static int elf_xen_parse_notes(struct elf_binary *elf,
- {
-     int xen_elfnotes = 0;
-     ELF_HANDLE_DECL(elf_note) note;
-+    const char *note_name;
- 
-     parms->elf_note_start = start;
-     parms->elf_note_end   = end;
-@@ -227,7 +231,10 @@ static int elf_xen_parse_notes(struct elf_binary *elf,
-           ELF_HANDLE_PTRVAL(note) < parms->elf_note_end;
-           note = elf_note_next(elf, note) )
-     {
--        if ( strcmp(elf_note_name(elf, note), "Xen") )
-+        note_name = elf_note_name(elf, note);
-+        if ( note_name == NULL )
-+            continue;
-+        if ( strcmp(note_name, "Xen") )
-             continue;
-         if ( elf_xen_parse_note(elf, parms, note) )
-             return -1;
-@@ -541,7 +548,7 @@ int elf_xen_parse(struct elf_binary *elf,
-                 parms->elf_note_start = ELF_INVALID_PTRVAL;
-                 parms->elf_note_end   = ELF_INVALID_PTRVAL;
-                 elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__,
--                        parms->guest_info);
-+                        elf_strfmt(elf, parms->guest_info));
-                 elf_xen_parse_guest_info(elf, parms);
-                 break;
-             }
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index f1fd886..3a0cde1 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -119,7 +119,7 @@ const char *elf_section_name(struct elf_binary *elf,
-     if ( ELF_PTRVAL_INVALID(elf->sec_strtab) )
-         return "unknown";
- 
--    return elf->sec_strtab + elf_uval(elf, shdr, sh_name);
-+    return elf_strval(elf, elf->sec_strtab + elf_uval(elf, shdr, sh_name));
- }
- 
- ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
-@@ -151,6 +151,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym
-     ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab);
-     ELF_HANDLE_DECL(elf_sym) sym;
-     uint64_t info, name;
-+    const char *sym_name;
- 
-     for ( ; ptr < end; ptr += elf_size(elf, sym) )
-     {
-@@ -159,7 +160,10 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym
-         name = elf_uval(elf, sym, st_name);
-         if ( ELF32_ST_BIND(info) != STB_GLOBAL )
-             continue;
--        if ( strcmp(elf->sym_strtab + name, symbol) )
-+        sym_name = elf_strval(elf, elf->sym_strtab + name);
-+        if ( sym_name == NULL ) /* out of range, oops */
-+            return ELF_INVALID_HANDLE(elf_sym);
-+        if ( strcmp(sym_name, symbol) )
-             continue;
-         return sym;
-     }
-@@ -177,7 +181,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index)
- 
- const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
--    return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note);
-+    return elf_strval(elf, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note));
- }
- 
- ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index cefd3d3..af5b5c5 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -252,6 +252,9 @@ uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr,
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr);
- 
- 
-+#define elf_strval(elf,x) ((const char*)(x)) /* may return NULL in the future */
-+#define elf_strfmt(elf,x) ((const char*)(x)) /* will return (invalid) instead */
-+
- #define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz))
- #define elf_memset_safe(elf, dst, c, sz)   memset((dst),(c),(sz))
-   /*
-@@ -279,7 +282,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n
- ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index);
- ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index);
- 
--const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-+const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */
- ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
- ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
- 
-@@ -289,7 +292,7 @@ ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(el
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol);
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index);
- 
--const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */
- ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
- uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
--- 
-1.7.2.5
-

app-emulation/xen-tools/files/xen-4.2-CVE-XSA-57.patch

@@ -1,334 +0,0 @@
-libxl: Restrict permissions on PV console device xenstore nodes
-
-Matthew Daley has observed that the PV console protocol places sensitive host
-state into a guest writeable xenstore locations, this includes:
-
- - The pty used to communicate between the console backend daemon and its
-   client, allowing the guest administrator to read and write arbitrary host
-   files.
- - The output file, allowing the guest administrator to write arbitrary host
-   files or to target arbitrary qemu chardevs which include sockets, udp, ptr,
-   pipes etc (see -chardev in qemu(1) for a more complete list).
- - The maximum buffer size, allowing the guest administrator to consume more
-   resources than the host administrator has configured.
- - The backend to use (qemu vs xenconsoled), potentially allowing the guest
-   administrator to confuse host software.
-
-So we arrange to make the sensitive keys in the xenstore frontend directory
-read only for the guest. This is safe since the xenstore permissions model,
-unlike POSIX directory permissions, does not allow the guest to remove and
-recreate a node if it has write access to the containing directory.
-
-There are a few associated wrinkles:
-
- - The primary PV console is "special". It's xenstore node is not under the
-   usual /devices/ subtree and it does not use the customary xenstore state
-   machine protocol. Unfortunately its directory is used for other things,
-   including the vnc-port node, which we do not want the guest to be able to
-   write to. Rather than trying to track down all the possible secondary uses
-   of this directory just make it r/o to the guest. All newly created
-   subdirectories inherit these permissions and so are now safe by default.
-
- - The other serial consoles do use the customary xenstore state machine and
-   therefore need write access to at least the "protocol" and "state" nodes,
-   however they may also want to use arbitrary "feature-foo" nodes (although
-   I'm not aware of any) and therefore we cannot simply lock down the entire
-   frontend directory. Instead we add support to libxl__device_generic_add for
-   frontend keys which are explicitly read only and use that to lock down the
-   sensitive keys.
-
- - Minios' console frontend wants to write the "type" node, which it has no
-   business doing since this is a host/toolstack level decision. This fails
-   now that the node has become read only to the PV guest. Since the toolstack
-   already writes this node just remove the attempt to set it.
-
-This is CVE-XXXX-XXX / XSA-57
-
-Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
-
-Conflicts:
-	tools/libxl/libxl.c (no vtpm, free front_ro on error in
-	                     libxl__device_console_add)
-
-diff --git a/extras/mini-os/console/xenbus.c b/extras/mini-os/console/xenbus.c
-index 77de82a..e65baf7 100644
---- a/extras/mini-os/console/xenbus.c
-+++ b/extras/mini-os/console/xenbus.c
-@@ -122,12 +122,6 @@ again:
-         goto abort_transaction;
-     }
- 
--    err = xenbus_printf(xbt, nodename, "type", "%s", "ioemu");
--    if (err) {
--        message = "writing type";
--        goto abort_transaction;
--    }
--
-     snprintf(path, sizeof(path), "%s/state", nodename);
-     err = xenbus_switch_state(xbt, path, XenbusStateConnected);
-     if (err) {
-diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
-index a6e9601..32d788a 100644
---- a/tools/libxl/libxl.c
-+++ b/tools/libxl/libxl.c
-@@ -1920,8 +1920,9 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid,
-         flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk");
- 
-         libxl__device_generic_add(gc, t, device,
--                            libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                            libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                                  libxl__xs_kvs_of_flexarray(gc, back, back->count),
-+                                  libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                                  NULL);
- 
-         rc = libxl__xs_transaction_commit(gc, &t);
-         if (!rc) break;
-@@ -2633,8 +2634,9 @@ void libxl__device_nic_add(libxl__egc *egc, uint32_t domid,
-     flexarray_append(front, libxl__sprintf(gc,
-                                     LIBXL_MAC_FMT, LIBXL_MAC_BYTES(nic->mac)));
-     libxl__device_generic_add(gc, XBT_NULL, device,
--                             libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                             libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                              libxl__xs_kvs_of_flexarray(gc, back, back->count),
-+                              libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                              NULL);
- 
-     aodev->dev = device;
-     aodev->action = DEVICE_CONNECT;
-@@ -2830,7 +2832,7 @@ int libxl__device_console_add(libxl__gc *gc, uint32_t domid,
-                               libxl__device_console *console,
-                               libxl__domain_build_state *state)
- {
--    flexarray_t *front;
-+    flexarray_t *front, *ro_front;
-     flexarray_t *back;
-     libxl__device device;
-     int rc;
-@@ -2845,6 +2847,11 @@ int libxl__device_console_add(libxl__gc *gc, uint32_t domid,
-         rc = ERROR_NOMEM;
-         goto out;
-     }
-+    ro_front = flexarray_make(16, 1);
-+    if (!ro_front) {
-+        rc = ERROR_NOMEM;
-+        goto out;
-+    }
-     back = flexarray_make(16, 1);
-     if (!back) {
-         rc = ERROR_NOMEM;
-@@ -2871,21 +2878,24 @@ int libxl__device_console_add(libxl__gc *gc, uint32_t domid,
- 
-     flexarray_append(front, "backend-id");
-     flexarray_append(front, libxl__sprintf(gc, "%d", console->backend_domid));
--    flexarray_append(front, "limit");
--    flexarray_append(front, libxl__sprintf(gc, "%d", LIBXL_XENCONSOLE_LIMIT));
--    flexarray_append(front, "type");
-+
-+    flexarray_append(ro_front, "limit");
-+    flexarray_append(ro_front, libxl__sprintf(gc, "%d", LIBXL_XENCONSOLE_LIMIT));
-+    flexarray_append(ro_front, "type");
-     if (console->consback == LIBXL__CONSOLE_BACKEND_XENCONSOLED)
--        flexarray_append(front, "xenconsoled");
-+        flexarray_append(ro_front, "xenconsoled");
-     else
--        flexarray_append(front, "ioemu");
--    flexarray_append(front, "output");
--    flexarray_append(front, console->output);
-+        flexarray_append(ro_front, "ioemu");
-+    flexarray_append(ro_front, "output");
-+    flexarray_append(ro_front, console->output);
-+    flexarray_append(ro_front, "tty");
-+    flexarray_append(ro_front, "");
- 
-     if (state) {
--        flexarray_append(front, "port");
--        flexarray_append(front, libxl__sprintf(gc, "%"PRIu32, state->console_port));
--        flexarray_append(front, "ring-ref");
--        flexarray_append(front, libxl__sprintf(gc, "%lu", state->console_mfn));
-+        flexarray_append(ro_front, "port");
-+        flexarray_append(ro_front, libxl__sprintf(gc, "%"PRIu32, state->console_port));
-+        flexarray_append(ro_front, "ring-ref");
-+        flexarray_append(ro_front, libxl__sprintf(gc, "%lu", state->console_mfn));
-     } else {
-         flexarray_append(front, "state");
-         flexarray_append(front, libxl__sprintf(gc, "%d", 1));
-@@ -2894,11 +2904,13 @@ int libxl__device_console_add(libxl__gc *gc, uint32_t domid,
-     }
- 
-     libxl__device_generic_add(gc, XBT_NULL, &device,
--                             libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                             libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                              libxl__xs_kvs_of_flexarray(gc, back, back->count),
-+                              libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                              libxl__xs_kvs_of_flexarray(gc, ro_front, ro_front->count));
-     rc = 0;
- out_free:
-     flexarray_free(back);
-+    flexarray_free(ro_front);
-     flexarray_free(front);
- out:
-     return rc;
-@@ -2982,8 +2994,9 @@ int libxl__device_vkb_add(libxl__gc *gc, uint32_t domid,
-     flexarray_append(front, libxl__sprintf(gc, "%d", 1));
- 
-     libxl__device_generic_add(gc, XBT_NULL, &device,
--                             libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                             libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                              libxl__xs_kvs_of_flexarray(gc, back, back->count),
-+                              libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                              NULL);
-     rc = 0;
- out_free:
-     flexarray_free(back);
-@@ -3096,8 +3109,9 @@ int libxl__device_vfb_add(libxl__gc *gc, uint32_t domid, libxl_device_vfb *vfb)
-     flexarray_append_pair(front, "state", libxl__sprintf(gc, "%d", 1));
- 
-     libxl__device_generic_add(gc, XBT_NULL, &device,
--                             libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                             libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                              libxl__xs_kvs_of_flexarray(gc, back, back->count),
-+                              libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                              NULL);
-     rc = 0;
- out_free:
-     flexarray_free(front);
-diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
-index c3283f1..1c04a21 100644
---- a/tools/libxl/libxl_device.c
-+++ b/tools/libxl/libxl_device.c
-@@ -84,11 +84,12 @@ out:
- }
- 
- int libxl__device_generic_add(libxl__gc *gc, xs_transaction_t t,
--        libxl__device *device, char **bents, char **fents)
-+        libxl__device *device, char **bents, char **fents, char **ro_fents)
- {
-     libxl_ctx *ctx = libxl__gc_owner(gc);
-     char *frontend_path, *backend_path;
-     struct xs_permissions frontend_perms[2];
-+    struct xs_permissions ro_frontend_perms[2];
-     struct xs_permissions backend_perms[2];
-     int create_transaction = t == XBT_NULL;
- 
-@@ -100,22 +101,37 @@ int libxl__device_generic_add(libxl__gc *gc, xs_transaction_t t,
-     frontend_perms[1].id = device->backend_domid;
-     frontend_perms[1].perms = XS_PERM_READ;
- 
--    backend_perms[0].id = device->backend_domid;
--    backend_perms[0].perms = XS_PERM_NONE;
--    backend_perms[1].id = device->domid;
--    backend_perms[1].perms = XS_PERM_READ;
-+    ro_frontend_perms[0].id = backend_perms[0].id = device->backend_domid;
-+    ro_frontend_perms[0].perms = backend_perms[0].perms = XS_PERM_NONE;
-+    ro_frontend_perms[1].id = backend_perms[1].id = device->domid;
-+    ro_frontend_perms[1].perms = backend_perms[1].perms = XS_PERM_READ;
- 
- retry_transaction:
-     if (create_transaction)
-         t = xs_transaction_start(ctx->xsh);
-     /* FIXME: read frontend_path and check state before removing stuff */
- 
--    if (fents) {
-+    if (fents || ro_fents) {
-         xs_rm(ctx->xsh, t, frontend_path);
-         xs_mkdir(ctx->xsh, t, frontend_path);
--        xs_set_permissions(ctx->xsh, t, frontend_path, frontend_perms, ARRAY_SIZE(frontend_perms));
-+        /* Console 0 is a special case. It doesn't use the regular PV
-+         * state machine but also the frontend directory has
-+         * historically contained other information, such as the
-+         * vnc-port, which we don't want the guest fiddling with.
-+         */
-+        if (device->kind == LIBXL__DEVICE_KIND_CONSOLE && device->devid == 0)
-+            xs_set_permissions(ctx->xsh, t, frontend_path,
-+                               ro_frontend_perms, ARRAY_SIZE(ro_frontend_perms));
-+        else
-+            xs_set_permissions(ctx->xsh, t, frontend_path,
-+                               frontend_perms, ARRAY_SIZE(frontend_perms));
-         xs_write(ctx->xsh, t, libxl__sprintf(gc, "%s/backend", frontend_path), backend_path, strlen(backend_path));
--        libxl__xs_writev(gc, t, frontend_path, fents);
-+        if (fents)
-+            libxl__xs_writev_perms(gc, t, frontend_path, fents,
-+                                   frontend_perms, ARRAY_SIZE(frontend_perms));
-+        if (ro_fents)
-+            libxl__xs_writev_perms(gc, t, frontend_path, ro_fents,
-+                                   ro_frontend_perms, ARRAY_SIZE(ro_frontend_perms));
-     }
- 
-     if (bents) {
-diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
-index 13fa509..ae96a74 100644
---- a/tools/libxl/libxl_internal.h
-+++ b/tools/libxl/libxl_internal.h
-@@ -516,6 +516,11 @@ _hidden char **libxl__xs_kvs_of_flexarray(libxl__gc *gc, flexarray_t *array, int
- /* treats kvs as pairs of keys and values and writes each to dir. */
- _hidden int libxl__xs_writev(libxl__gc *gc, xs_transaction_t t,
-                              const char *dir, char **kvs);
-+/* as writev but also sets the permissions on each path */
-+_hidden int libxl__xs_writev_perms(libxl__gc *gc, xs_transaction_t t,
-+                                   const char *dir, char *kvs[],
-+                                   struct xs_permissions *perms,
-+                                   unsigned int num_perms);
- /* _atonce creates a transaction and writes all keys at once */
- _hidden int libxl__xs_writev_atonce(libxl__gc *gc,
-                              const char *dir, char **kvs);
-@@ -930,7 +935,7 @@ _hidden int libxl__device_console_add(libxl__gc *gc, uint32_t domid,
-                                       libxl__domain_build_state *state);
- 
- _hidden int libxl__device_generic_add(libxl__gc *gc, xs_transaction_t t,
--        libxl__device *device, char **bents, char **fents);
-+        libxl__device *device, char **bents, char **fents, char **ro_fents);
- _hidden char *libxl__device_backend_path(libxl__gc *gc, libxl__device *device);
- _hidden char *libxl__device_frontend_path(libxl__gc *gc, libxl__device *device);
- _hidden int libxl__parse_backend_path(libxl__gc *gc, const char *path,
-diff --git a/tools/libxl/libxl_pci.c b/tools/libxl/libxl_pci.c
-index 48986f3..d373b4d 100644
---- a/tools/libxl/libxl_pci.c
-+++ b/tools/libxl/libxl_pci.c
-@@ -106,7 +106,8 @@ int libxl__create_pci_backend(libxl__gc *gc, uint32_t domid,
- 
-     libxl__device_generic_add(gc, XBT_NULL, &device,
-                               libxl__xs_kvs_of_flexarray(gc, back, back->count),
--                              libxl__xs_kvs_of_flexarray(gc, front, front->count));
-+                              libxl__xs_kvs_of_flexarray(gc, front, front->count),
-+                              NULL);
- 
- out:
-     if (back)
-diff --git a/tools/libxl/libxl_xshelp.c b/tools/libxl/libxl_xshelp.c
-index 52af484..d7eaa66 100644
---- a/tools/libxl/libxl_xshelp.c
-+++ b/tools/libxl/libxl_xshelp.c
-@@ -41,8 +41,10 @@ char **libxl__xs_kvs_of_flexarray(libxl__gc *gc, flexarray_t *array, int length)
-     return kvs;
- }
- 
--int libxl__xs_writev(libxl__gc *gc, xs_transaction_t t,
--                     const char *dir, char *kvs[])
-+int libxl__xs_writev_perms(libxl__gc *gc, xs_transaction_t t,
-+                           const char *dir, char *kvs[],
-+                           struct xs_permissions *perms,
-+                           unsigned int num_perms)
- {
-     libxl_ctx *ctx = libxl__gc_owner(gc);
-     char *path;
-@@ -56,11 +58,19 @@ int libxl__xs_writev(libxl__gc *gc, xs_transaction_t t,
-         if (path && kvs[i + 1]) {
-             int length = strlen(kvs[i + 1]);
-             xs_write(ctx->xsh, t, path, kvs[i + 1], length);
-+            if (perms)
-+                xs_set_permissions(ctx->xsh, t, path, perms, num_perms);
-         }
-     }
-     return 0;
- }
- 
-+int libxl__xs_writev(libxl__gc *gc, xs_transaction_t t,
-+                     const char *dir, char *kvs[])
-+{
-+    return libxl__xs_writev_perms(gc, t, dir, kvs, NULL, 0);
-+}
-+
- int libxl__xs_writev_atonce(libxl__gc *gc,
-                             const char *dir, char *kvs[])
- {
-

app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4369-XSA-68.patch

@@ -1,69 +0,0 @@
-libxl: fix vif rate parsing
-
-strtok can return NULL here. We don't need to use strtok anyway, so just
-use a simple strchr method.
-
-Coverity-ID: 1055642
-
-This is CVE-2013-4369 / XSA-68
-
-Signed-off-by: Matthew Daley <mattjd@gmail.com>
-
-Fix type. Add test case
-
-Signed-off-by: Ian Campbell <Ian.campbell@citrix.com>
-
-diff --git a/tools/libxl/check-xl-vif-parse b/tools/libxl/check-xl-vif-parse
-index 0473182..02c6dba 100755
---- a/tools/libxl/check-xl-vif-parse
-+++ b/tools/libxl/check-xl-vif-parse
-@@ -206,4 +206,8 @@ expected </dev/null
- one $e rate=4294967295GB/s@5us
- one $e rate=4296MB/s@4294s
- 
-+# test include of single '@'
-+expected </dev/null
-+one $e rate=@
-+
- complete
-diff --git a/tools/libxl/libxlu_vif.c b/tools/libxl/libxlu_vif.c
-index 3b3de0f..0665e62 100644
---- a/tools/libxl/libxlu_vif.c
-+++ b/tools/libxl/libxlu_vif.c
-@@ -95,23 +95,30 @@ int xlu_vif_parse_rate(XLU_Config *cfg, const char *rate, libxl_device_nic *nic)
-     uint64_t bytes_per_sec = 0;
-     uint64_t bytes_per_interval = 0;
-     uint32_t interval_usecs = 50000UL; /* Default to 50ms */
--    char *ratetok, *tmprate;
-+    char *p, *tmprate;
-     int rc = 0;
- 
-     tmprate = strdup(rate);
-+    if (tmprate == NULL) {
-+        rc = ENOMEM;
-+        goto out;
-+    }
-+
-+    p = strchr(tmprate, '@');
-+    if (p != NULL)
-+        *p++ = 0;
-+
-     if (!strcmp(tmprate,"")) {
-         xlu__vif_err(cfg, "no rate specified", rate);
-         rc = EINVAL;
-         goto out;
-     }
- 
--    ratetok = strtok(tmprate, "@");
--    rc = vif_parse_rate_bytes_per_sec(cfg, ratetok, &bytes_per_sec);
-+    rc = vif_parse_rate_bytes_per_sec(cfg, tmprate, &bytes_per_sec);
-     if (rc) goto out;
- 
--    ratetok = strtok(NULL, "@");
--    if (ratetok != NULL) {
--        rc = vif_parse_rate_interval_usecs(cfg, ratetok, &interval_usecs);
-+    if (p != NULL) {
-+        rc = vif_parse_rate_interval_usecs(cfg, p, &interval_usecs);
-         if (rc) goto out;
-     }
- 

app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4370-XSA-69.patch

@@ -1,34 +0,0 @@
-From 067c122873c67bd1d9620f8340f9c9c209135388 Mon Sep 17 00:00:00 2001
-From: Matthew Daley <mattjd@gmail.com>
-Date: Tue, 10 Sep 2013 23:12:45 +1200
-Subject: [PATCH] tools/ocaml: fix erroneous free of cpumap in
- stub_xc_vcpu_getaffinity
-
-Not sure how it got there...
-
-Coverity-ID: 1056196
-
-This is CVE-2013-4370 / XSA-69
-
-Signed-off-by: Matthew Daley <mattjd@gmail.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
- tools/ocaml/libs/xc/xenctrl_stubs.c |    2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c
-index df756ad..f5cf0ed 100644
---- a/tools/ocaml/libs/xc/xenctrl_stubs.c
-+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
-@@ -461,8 +461,6 @@ CAMLprim value stub_xc_vcpu_getaffinity(value xch, value domid,
- 
- 	retval = xc_vcpu_getaffinity(_H(xch), _D(domid),
- 	                             Int_val(vcpu), c_cpumap);
--	free(c_cpumap);
--
- 	if (retval < 0) {
- 		free(c_cpumap);
- 		failwith_xc(_H(xch));
--- 
-1.7.10.4
-

app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4371-XSA-70.patch

@@ -1,34 +0,0 @@
-From 94db3e1cb356a0d2de1753888ceb0eb767404ec4 Mon Sep 17 00:00:00 2001
-From: Matthew Daley <mattjd@gmail.com>
-Date: Tue, 10 Sep 2013 22:18:46 +1200
-Subject: [PATCH] libxl: fix out-of-memory error handling in
- libxl_list_cpupool
-
-...otherwise it will return freed memory. All the current users of this
-function check already for a NULL return, so use that.
-
-Coverity-ID: 1056194
-
-This is CVE-2013-4371 / XSA-70
-
-Signed-off-by: Matthew Daley <mattjd@gmail.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
- tools/libxl/libxl.c |    1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
-index 0879f23..17653ef 100644
---- a/tools/libxl/libxl.c
-+++ b/tools/libxl/libxl.c
-@@ -651,6 +651,7 @@ libxl_cpupoolinfo * libxl_list_cpupool(libxl_ctx *ctx, int *nb_pool_out)
-         if (!tmp) {
-             LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "allocating cpupool info");
-             libxl_cpupoolinfo_list_free(ptr, i);
-+            ptr = NULL;
-             goto out;
-         }
-         ptr = tmp;
--- 
-1.7.10.4
-

app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4416-XSA-72.patch

@@ -1,74 +0,0 @@
-tools: xenstored: if the reply is too big then send E2BIG error
-
-This fixes the issue for both C and ocaml xenstored, however only the ocaml
-xenstored is vulnerable in its default configuration.
-
-Adding a new error appears to be safe, since bit libxenstore and the Linux
-driver at least treat an unknown error code as EINVAL.
-
-This is XSA-72
-
-Original ocaml patch by Jerome Maloberti <jerome.maloberti@citrix.com>
-Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
-Signed-off-by: Thomas Sanders <thomas.sanders@citrix.com>
-
-diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml
-index 273fe4d..47695f8 100644
---- a/tools/ocaml/xenstored/connection.ml
-+++ b/tools/ocaml/xenstored/connection.ml
-@@ -18,6 +18,8 @@ exception End_of_file
- 
- open Stdext
- 
-+let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
-+
- type watch = {
- 	con: t;
- 	token: string;
-@@ -112,8 +114,15 @@ let restrict con domid =
- let set_target con target_domid =
- 	con.perm <- Perms.Connection.set_target (get_perm con) ~perms:[Perms.READ; Perms.WRITE] target_domid
- 
-+let is_backend_mmap con = match con.xb.Xenbus.Xb.backend with
-+	| Xenbus.Xb.Xenmmap _ -> true
-+	| _ -> false
-+
- let send_reply con tid rid ty data =
--	Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid ty data)
-+	if (String.length data) > xenstore_payload_max && (is_backend_mmap con) then
-+		Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid Xenbus.Xb.Op.Error "E2BIG\000")
-+	else
-+		Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid ty data)
- 
- let send_error con tid rid err = send_reply con tid rid Xenbus.Xb.Op.Error (err ^ "\000")
- let send_ack con tid rid ty = send_reply con tid rid ty "OK\000"
-diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
-index 0f8ba64..ccfdaa3 100644
---- a/tools/xenstore/xenstored_core.c
-+++ b/tools/xenstore/xenstored_core.c
-@@ -629,6 +629,11 @@ void send_reply(struct connection *conn, enum xsd_sockmsg_type type,
- {
- 	struct buffered_data *bdata;
- 
-+	if ( len > XENSTORE_PAYLOAD_MAX ) {
-+		send_error(conn, E2BIG);
-+		return;
-+	}
-+
- 	/* Message is a child of the connection context for auto-cleanup. */
- 	bdata = new_buffer(conn);
- 	bdata->buffer = talloc_array(bdata, char, len);
-diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h
-index 99d24e3..585f0c8 100644
---- a/xen/include/public/io/xs_wire.h
-+++ b/xen/include/public/io/xs_wire.h
-@@ -83,7 +83,8 @@ __attribute__((unused))
-     XSD_ERROR(EROFS),
-     XSD_ERROR(EBUSY),
-     XSD_ERROR(EAGAIN),
--    XSD_ERROR(EISCONN)
-+    XSD_ERROR(EISCONN),
-+    XSD_ERROR(E2BIG)
- };
- #endif
- 

app-emulation/xen-tools/xen-tools-4.2.2-r3.ebuild

@@ -1,373 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r3.ebuild,v 1.8 2013/11/09 08:14:57 mgorny Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-PYTHON_REQ_USE='xml,threads'
-
-IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
-XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
-XSAPATCHES="http://dev.gentoo.org/~idella4/"
-if [[ $PV == *9999 ]]; then
-	KEYWORDS=""
-	REPO="xen-unstable.hg"
-	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
-	S="${WORKDIR}/${REPO}"
-	live_eclass="mercurial"
-else
-	KEYWORDS="amd64 x86"
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	$IPXE_TARBALL_URL
-	$XEN_SEABIOS_URL
-	$XSAPATCHES/patches/XSA-55patches.tar.gz"
-	S="${WORKDIR}/xen-${PV}"
-fi
-
-inherit bash-completion-r1 eutils flag-o-matic multilib python-single-r1 toolchain-funcs udev ${live_eclass}
-
-DESCRIPTION="Xend daemon and tools"
-HOMEPAGE="http://xen.org/"
-DOCS=( README docs/README.xen-bugtool )
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen static-libs xend"
-
-REQUIRED_USE="hvm? ( qemu )
-	${PYTHON_REQUIRED_USE}"
-
-DEPEND="dev-libs/lzo:2
-	dev-libs/yajl
-	dev-libs/libgcrypt
-	dev-python/lxml[${PYTHON_USEDEP}]
-	dev-python/pypam[${PYTHON_USEDEP}]
-	sys-libs/zlib
-	sys-power/iasl
-	dev-ml/findlib
-	hvm? ( media-libs/libsdl )
-	api? ( dev-libs/libxml2
-		net-misc/curl )
-	${PYTHON_DEPS}
-	pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )
-	sys-devel/bin86
-	sys-devel/dev86
-	dev-lang/perl
-	app-misc/pax-utils
-	doc? (
-		app-doc/doxygen
-		dev-tex/latex2html[png,gif]
-		media-gfx/transfig
-		media-gfx/graphviz
-		dev-tex/xcolor
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-		dev-tex/latexmk
-		dev-texlive/texlive-latex
-		dev-texlive/texlive-pictures
-		dev-texlive/texlive-latexrecommended
-	)
-	hvm? (  x11-proto/xproto )"
-RDEPEND="sys-apps/iproute2
-	net-misc/bridge-utils
-	screen? (
-		app-misc/screen
-		app-admin/logrotate
-	)
-	virtual/udev"
-
-# hvmloader is used to bootstrap a fully virtualized kernel
-# Approved by QA team in bug #144032
-QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
-
-RESTRICT="test"
-
-pkg_setup() {
-	python-single-r1_pkg_setup
-	export "CONFIG_LOMOUNT=y"
-
-	if has_version dev-libs/libgcrypt; then
-		export "CONFIG_GCRYPT=y"
-	fi
-
-	if use qemu; then
-		export "CONFIG_IOEMU=y"
-	else
-		export "CONFIG_IOEMU=n"
-	fi
-
-	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
-		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
-		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
-		eerror "to build xen-tools on your current profile."
-		die "USE=hvm is unsupported on this system."
-	fi
-
-	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
-		if use x86 && use amd64; then
-			die "Confusion! Both x86 and amd64 are set in your use flags!"
-		elif use x86; then
-			export XEN_TARGET_ARCH="x86_32"
-		elif use amd64 ; then
-			export XEN_TARGET_ARCH="x86_64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	use api     && export "LIBXENAPI_BINDINGS=y"
-	use flask   && export "FLASK_ENABLE=y"
-}
-
-src_prepare() {
-	# Drop .config, fixes to gcc-4.6
-	epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
-
-	# Xend
-	if ! use xend; then
-		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
-			-i tools/misc/Makefile || die "Disabling xend failed"
-		sed -e 's:^XEND_INITD:#XEND_INITD:' \
-			-i tools/examples/Makefile || die "Disabling xend failed"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-
-		# try and remove all the default cflags
-		find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
-			-exec sed \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-				-i {} + || die "failed to re-set custom-cflags"
-	fi
-
-	if ! use pygrub; then
-		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
-	fi
-
-	# Disable hvm support on systems that don't support x86_32 binaries.
-	if ! use hvm; then
-		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
-		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
-	fi
-
-	# Don't bother with qemu, only needed for fully virtualised guests
-	if ! use qemu; then
-		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
-		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
-	fi
-
-	# Fix texi2html build error with new texi2html, qemu.doc.html
-	epatch "${FILESDIR}"/${PN}-4-docfix.patch \
-		"${FILESDIR}"/${PN}-4-qemu-xen-doc.patch
-
-	# Fix network broadcast on bridged networks
-	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
-
-	# Prevent the downloading of ipxe, seabios
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
-	cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
-	mv ../seabios-dir-remote tools/firmware/ || die
-	pushd tools/firmware/ > /dev/null
-	ln -s seabios-dir-remote seabios-dir || die
-	popd > /dev/null
-
-	# Fix bridge by idella4, bug #362575
-	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
-
-	# Don't build ipxe with pie on hardened, Bug #360805
-	if gcc-specs-pie; then
-		epatch "${FILESDIR}"/ipxe-nopie.patch
-	fi
-
-	# Prevent double stripping of files at install
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
-
-	# fix jobserver in Makefile
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
-
-	# add missing header
-	epatch "${FILESDIR}"/xen-4-ulong.patch \
-		"${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch
-
-	# Set dom0-min-mem to kb; Bug #472982
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2-configsxp.patch
-
-	#Security patches, currently valid
-	epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
-		"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
-		"${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \
-		"${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \
-		"${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \
-		"${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \
-		"${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch \
-		"${FILESDIR}"/xen-4-CVE-2013-2072-XSA-56.patch \
-		"${FILESDIR}"/xen-4.2-CVE-XSA-57.patch
-
-	# Bug 472438
-	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \
-		-i Config.mk || die
-
-	epatch_user
-}
-
-src_compile() {
-	export VARTEXFONTS="${T}/fonts"
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	use custom-cflags || unset CFLAGS
-	if test-flag-CC -fno-strict-overflow; then
-		append-flags -fno-strict-overflow
-	fi
-
-	unset LDFLAGS
-	unset CFLAGS
-	emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt}
-
-	use doc && emake -C docs txt html
-	emake -C docs man-pages
-}
-
-src_install() {
-	# Override auto-detection in the build system, bug #382573
-	export INITD_DIR=/tmp/init.d
-	export CONFIG_LEAF_DIR=../tmp/default
-
-	# Let the build system compile installed Python modules.
-	local PYTHONDONTWRITEBYTECODE
-	export PYTHONDONTWRITEBYTECODE
-
-	emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \
-		XEN_PYTHON_NATIVE_INSTALL=y install-tools
-	# Fix the remaining Python shebangs.
-	python_fix_shebang "${ED}"
-
-	# Remove RedHat-specific stuff
-	rm -rf "${ED}"tmp || die
-
-	# uncomment lines in xl.conf
-	sed -e 's:^#autoballoon=1:autoballoon=1:' \
-		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
-		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
-		-i tools/examples/xl.conf  || die
-
-	# Reset bash completion dir; Bug 472438
-	mv "${D}"bash-completion "${D}"usr/share/ || die
-
-	if use doc; then
-		emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs
-
-		dohtml -r docs/
-		docinto pdf
-		dodoc ${DOCS[@]}
-		[ -d "${D}"/usr/share/doc/xen ] && mv "${D}"/usr/share/doc/xen/* "${D}"/usr/share/doc/${PF}/html
-	fi
-
-	rm -rf "${D}"/usr/share/doc/xen/
-	doman docs/man?/*
-
-	if use xend; then
-		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
-	fi
-	newconfd "${FILESDIR}"/xendomains.confd xendomains
-	newconfd "${FILESDIR}"/xenstored.confd xenstored
-	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
-	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
-	newinitd "${FILESDIR}"/xenstored.initd xenstored
-	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
-
-	if use screen; then
-		cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
-		cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
-		keepdir /var/log/xen-consoles
-	fi
-
-	if [[ "${ARCH}" == 'amd64' ]] && use qemu; then
-		mkdir -p "${D}"usr/$(get_libdir)/xen/bin || die
-		mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/$(get_libdir)/xen/bin/ || die
-	fi
-
-	# For -static-libs wrt Bug 384355
-	if ! use static-libs; then
-		rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a
-	fi
-
-	# xend expects these to exist
-	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
-
-	# for xendomains
-	keepdir /etc/xen/auto
-
-	# Temp QA workaround
-	dodir "$(udev_get_udevdir)"
-	mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)"
-	rm -rf "${ED}"/etc/udev
-
-	# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
-	find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
-		-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the offical wiki page:"
-	elog "http://www.gentoo.org/doc/en/xen-guide.xml"
-	elog "http://wiki.xen.org/wiki/Main_Page"
-
-	if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
-		echo
-		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
-		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
-		ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
-	fi
-
-	# TODO: we need to have the current Python slot here.
-	if ! has_version "dev-lang/python[ncurses]"; then
-		echo
-		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
-		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
-	fi
-
-	if has_version "sys-apps/iproute2[minimal]"; then
-		echo
-		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
-		ewarn "will not work until you rebuild iproute2 without USE=minimal."
-	fi
-
-	if ! use hvm; then
-		echo
-		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
-		elog "support enable the hvm use flag."
-		elog "An x86 or amd64 multilib system is required to build HVM support."
-		echo
-		elog "The qemu use flag has been removed and replaced with hvm."
-	fi
-
-	if use xend; then
-		echo
-		elog "xend capability has been enabled and installed"
-	fi
-
-	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
-		echo
-		elog "xensv is broken upstream (Gentoo bug #142011)."
-		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
-	fi
-}

app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild

@@ -1,414 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild,v 1.1 2014/02/13 07:59:09 dlan Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-PYTHON_REQ_USE='xml,threads'
-
-IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
-XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
-XSAPATCHES="http://dev.gentoo.org/~idella4/"
-if [[ $PV == *9999 ]]; then
-	KEYWORDS=""
-	REPO="xen-unstable.hg"
-	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
-	S="${WORKDIR}/${REPO}"
-	live_eclass="mercurial"
-else
-	KEYWORDS="~amd64 ~x86"
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	$IPXE_TARBALL_URL
-	$XEN_SEABIOS_URL
-	$XSAPATCHES/patches/XSA-55patches.tar.gz"
-	S="${WORKDIR}/xen-${PV}"
-fi
-
-inherit bash-completion-r1 eutils flag-o-matic multilib python-single-r1 toolchain-funcs udev ${live_eclass}
-
-DESCRIPTION="Xend daemon and tools"
-HOMEPAGE="http://xen.org/"
-DOCS=( README docs/README.xen-bugtool )
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="api custom-cflags debug doc flask hvm qemu ocaml pygrub screen static-libs xend"
-
-REQUIRED_USE="hvm? ( qemu )
-	${PYTHON_REQUIRED_USE}"
-
-DEPEND="dev-libs/lzo:2
-	dev-libs/glib:2
-	dev-libs/yajl
-	dev-libs/libgcrypt
-	dev-python/lxml[${PYTHON_USEDEP}]
-	dev-python/pypam[${PYTHON_USEDEP}]
-	sys-libs/zlib
-	sys-power/iasl
-	dev-ml/findlib
-	hvm? ( media-libs/libsdl )
-	${PYTHON_DEPS}
-	api? ( dev-libs/libxml2
-		net-misc/curl )
-	${PYTHON_DEPS}
-	pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )
-	sys-devel/bin86
-	sys-devel/dev86
-	dev-lang/perl
-	app-misc/pax-utils
-	doc? (
-		app-doc/doxygen
-		dev-tex/latex2html[png,gif]
-		media-gfx/transfig
-		media-gfx/graphviz
-		dev-tex/xcolor
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-		dev-tex/latexmk
-		dev-texlive/texlive-latex
-		dev-texlive/texlive-pictures
-		dev-texlive/texlive-latexrecommended
-	)
-	hvm? (  x11-proto/xproto
-		!net-libs/libiscsi )"
-RDEPEND="sys-apps/iproute2
-	net-misc/bridge-utils
-	ocaml? ( >=dev-lang/ocaml-4 )
-	screen? (
-		app-misc/screen
-		app-admin/logrotate
-	)
-	virtual/udev"
-
-# hvmloader is used to bootstrap a fully virtualized kernel
-# Approved by QA team in bug #144032
-QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
-
-RESTRICT="test"
-
-XSA_PATCHES=(
-	"${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch
-	"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch
-	"${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch
-	"${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch
-	"${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch
-	"${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch
-	"${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch
-	"${FILESDIR}"/xen-4-CVE-2013-2072-XSA-56.patch
-	"${FILESDIR}"/xen-4.2-CVE-XSA-57.patch
-	"${FILESDIR}"/${PN}-4-CVE-2013-4369-XSA-68.patch
-	"${FILESDIR}"/${PN}-4-CVE-2013-4370-XSA-69.patch
-	"${FILESDIR}"/${PN}-4-CVE-2013-4371-XSA-70.patch
-	"${FILESDIR}"/${PN}-4-CVE-2013-4416-XSA-72.patch
-	"${FILESDIR}"/${PN/-tools/}-4-CVE-XSA-86.patch		#bug #500530
-	"${FILESDIR}"/${PN}-4-CVE-2014-1950-XSA-88.patch	#bug #501080
-)
-
-pkg_setup() {
-	python-single-r1_pkg_setup
-	export "CONFIG_LOMOUNT=y"
-
-	if has_version dev-libs/libgcrypt; then
-		export "CONFIG_GCRYPT=y"
-	fi
-
-	if use qemu; then
-		export "CONFIG_IOEMU=y"
-	else
-		export "CONFIG_IOEMU=n"
-	fi
-
-	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
-		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
-		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
-		eerror "to build xen-tools on your current profile."
-		die "USE=hvm is unsupported on this system."
-	fi
-
-	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
-		if use x86 && use amd64; then
-			die "Confusion! Both x86 and amd64 are set in your use flags!"
-		elif use x86; then
-			export XEN_TARGET_ARCH="x86_32"
-		elif use amd64 ; then
-			export XEN_TARGET_ARCH="x86_64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	use api     && export "LIBXENAPI_BINDINGS=y"
-	use flask   && export "FLASK_ENABLE=y"
-}
-
-src_prepare() {
-	# Drop .config, fixes to gcc-4.6
-	epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
-
-	# Xend
-	if ! use xend; then
-		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
-			-i tools/misc/Makefile || die "Disabling xend failed"
-		sed -e 's:^XEND_INITD:#XEND_INITD:' \
-			-i tools/examples/Makefile || die "Disabling xend failed"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-
-		# try and remove all the default cflags
-		find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
-			-exec sed \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-				-i {} + || die "failed to re-set custom-cflags"
-	fi
-
-	if ! use pygrub; then
-		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
-	fi
-
-	# Disable hvm support on systems that don't support x86_32 binaries.
-	if ! use hvm; then
-		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
-		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
-	fi
-
-	# Don't bother with qemu, only needed for fully virtualised guests
-	if ! use qemu; then
-		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
-		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
-	fi
-
-	# Fix texi2html build error with new texi2html, qemu.doc.html
-	epatch "${FILESDIR}"/${PN}-4-docfix.patch \
-		"${FILESDIR}"/${PN}-4-qemu-xen-doc.patch
-
-	# Fix network broadcast on bridged networks
-	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
-
-	# Prevent the downloading of ipxe, seabios
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
-	cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
-	mv ../seabios-dir-remote tools/firmware/ || die
-	pushd tools/firmware/ > /dev/null
-	ln -s seabios-dir-remote seabios-dir || die
-	popd > /dev/null
-
-	# Fix bridge by idella4, bug #362575
-	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
-
-	# Don't build ipxe with pie on hardened, Bug #360805
-	if gcc-specs-pie; then
-		epatch "${FILESDIR}"/ipxe-nopie.patch
-	fi
-
-	# Prevent double stripping of files at install
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
-
-	# fix jobserver in Makefile
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
-
-	# add missing header
-	epatch "${FILESDIR}"/xen-4-ulong.patch \
-		"${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch
-
-	# Set dom0-min-mem to kb; Bug #472982
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2-configsxp.patch
-
-	# Bug 463840
-	epatch "${FILESDIR}"/${P}-install.patch
-	epatch "${FILESDIR}"/${P}-rt-link.patch
-
-	[[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}"
-
-	# Bug 472438
-	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \
-		-i Config.mk || die
-
-	# Bug 445986
-	sed -e 's:$(MAKE) PYTHON=$(PYTHON) subdirs-$@:LC_ALL=C "$(MAKE)" PYTHON=$(PYTHON) subdirs-$@:' -i tools/firmware/Makefile || die
-
-	# Bug 379537
-	epatch "${FILESDIR}"/fix-gold-ld.patch
-
-	# fix QA warning, create /var/run/, /var/lock dynamically
-	sed -i -e "/\$(INSTALL_DIR) \$(DESTDIR)\$(XEN_RUN_DIR)/d" \
-		tools/libxl/Makefile || die
-
-	sed -i -e "/\/var\/run\//d" \
-		tools/xenstore/Makefile \
-		tools/pygrub/Makefile || die
-
-	sed -i -e "/\/var\/lock\/subsys/d" \
-		tools/Makefile || die
-
-	# xencommons, Bug #492332, sed lighter weight than patching
-	sed -e 's:\$QEMU_XEN -xen-domid:test -e "\$QEMU_XEN" \&\& &:' \
-		-i tools/hotplug/Linux/init.d/xencommons || die
-
-	epatch_user
-}
-
-src_compile() {
-	export VARTEXFONTS="${T}/fonts"
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	use custom-cflags || unset CFLAGS
-	if test-flag-CC -fno-strict-overflow; then
-		append-flags -fno-strict-overflow
-	fi
-
-	unset LDFLAGS
-	unset CFLAGS
-	emake V=1 CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" -C tools ${myopt}
-
-	use doc && emake -C docs txt html
-	emake -C docs man-pages
-}
-
-src_install() {
-	# Override auto-detection in the build system, bug #382573
-	export INITD_DIR=/tmp/init.d
-	export CONFIG_LEAF_DIR=../tmp/default
-
-	# Let the build system compile installed Python modules.
-	local PYTHONDONTWRITEBYTECODE
-	export PYTHONDONTWRITEBYTECODE
-
-	emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-tools \
-		XEN_PYTHON_NATIVE_INSTALL=y install-tools
-	# Fix the remaining Python shebangs.
-	python_fix_shebang "${ED}"
-
-	# Remove RedHat-specific stuff
-	rm -rf "${D}"tmp || die
-
-	# uncomment lines in xl.conf
-	sed -e 's:^#autoballoon=1:autoballoon=1:' \
-		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
-		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
-		-i tools/examples/xl.conf  || die
-
-	# Reset bash completion dir; Bug 472438
-	mv "${D}"bash-completion "${D}"usr/share/ || die
-
-	if use doc; then
-		emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs
-
-		dohtml -r docs/
-		docinto pdf
-		dodoc ${DOCS[@]}
-		[ -d "${D}"/usr/share/doc/xen ] && mv "${D}"/usr/share/doc/xen/* "${D}"/usr/share/doc/${PF}/html
-	fi
-
-	rm -rf "${D}"/usr/share/doc/xen/
-	doman docs/man?/*
-
-	if use xend; then
-		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
-	fi
-	newconfd "${FILESDIR}"/xendomains.confd xendomains
-	newconfd "${FILESDIR}"/xenstored.confd xenstored
-	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
-	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
-	newinitd "${FILESDIR}"/xenstored.initd xenstored
-	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
-	newinitd "${FILESDIR}"/xencommons.initd xencommons
-	newconfd "${FILESDIR}"/xencommons.confd xencommons
-
-	if use screen; then
-		cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
-		cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
-		keepdir /var/log/xen-consoles
-	fi
-
-	if [[ "${ARCH}" == 'amd64' ]] && use qemu; then
-		mkdir -p "${D}"usr/$(get_libdir)/xen/bin || die
-		mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/$(get_libdir)/xen/bin/ || die
-	fi
-
-	# For -static-libs wrt Bug 384355
-	if ! use static-libs; then
-		rm -f "${D}"usr/$(get_libdir)/*.a "${D}"usr/$(get_libdir)/ocaml/*/*.a
-	fi
-
-	# xend expects these to exist
-	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
-
-	# for xendomains
-	keepdir /etc/xen/auto
-
-	# Temp QA workaround
-	dodir "$(udev_get_udevdir)"
-	mv "${D}"/etc/udev/* "${D}/$(udev_get_udevdir)"
-	rm -rf "${D}"/etc/udev
-
-	# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
-	find "${D}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
-		-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the offical wiki page:"
-	elog "http://www.gentoo.org/doc/en/xen-gu"${D}"usr/ide.xml"
-	elog "http://wiki.xen.org/wiki/Main_Page"
-	elog ""
-	elog "Recommended to utilise the xencommons script to config sytem at boot."
-	elog "Add by use of rc-update on completion of the install"
-
-	if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
-		echo
-		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
-		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
-		ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
-	fi
-
-	# TODO: we need to have the current Python slot here.
-	if ! has_version "dev-lang/python[ncurses]"; then
-		echo
-		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
-		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
-	fi
-
-	if has_version "sys-apps/iproute2[minimal]"; then
-		echo
-		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
-		ewarn "will not work until you rebuild iproute2 without USE=minimal."
-	fi
-
-	if ! use hvm; then
-		echo
-		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
-		elog "support enable the hvm use flag."
-		elog "An x86 or amd64 multilib system is required to build HVM support."
-	fi
-
-	if use xend; then
-		echo
-		elog "xend capability has been enabled and installed"
-	fi
-
-	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
-		echo
-		elog "xensv is broken upstream (Gentoo bug #142011)."
-		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
-	fi
-}

app-emulation/xen-tools/xen-tools-4.2.3-r1.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.3-r1.ebuild,v 1.3 2014/02/20 10:24:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.3-r1.ebuild,v 1.5 2014/02/21 04:49:13 idella4 Exp $
 
 EAPI=5
 
@@ -19,12 +19,12 @@ else
 	GENTOO_VER=
 
 	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTRAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+		UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
 	[[ -n ${GENTOO_VER} ]] && \
 		GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-gentoo-patches-${GENTOO_VER}.tar.xz"
 
 	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	${UPSTRAM_PATCHSET_URI}
+	${UPSTREAM_PATCHSET_URI}
 	${GENTOO_PATCHSET_URI}"
 	S="${WORKDIR}/xen-${PV}"
 fi
@@ -233,7 +233,6 @@ src_prepare() {
 	# Bug 445986
 	sed -e 's:$(MAKE) PYTHON=$(PYTHON) subdirs-$@:LC_ALL=C "$(MAKE)" PYTHON=$(PYTHON) subdirs-$@:' -i tools/firmware/Makefile || die
 
-
 	# fix QA warning, create /var/run/, /var/lock dynamically
 	sed -i -e "/\$(INSTALL_DIR) \$(DESTDIR)\$(XEN_RUN_DIR)/d" \
 		tools/libxl/Makefile || die

app-emulation/xen-tools/xen-tools-4.2.3.ebuild

@@ -1,406 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.3.ebuild,v 1.1 2014/02/14 10:17:46 dlan Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-PYTHON_REQ_USE='xml,threads'
-
-IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
-XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
-XSAPATCHES="http://dev.gentoo.org/~idella4/"
-if [[ $PV == *9999 ]]; then
-	KEYWORDS=""
-	REPO="xen-unstable.hg"
-	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
-	S="${WORKDIR}/${REPO}"
-	live_eclass="mercurial"
-else
-	KEYWORDS="~amd64 ~x86"
-	UPSTREAM_VER=0
-	GENTOO_VER=
-
-	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTRAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
-	[[ -n ${GENTOO_VER} ]] && \
-		GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-gentoo-patches-${GENTOO_VER}.tar.xz"
-
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	$IPXE_TARBALL_URL
-	$XEN_SEABIOS_URL
-	${UPSTRAM_PATCHSET_URI}
-	${GENTOO_PATCHSET_URI}"
-	S="${WORKDIR}/xen-${PV}"
-fi
-
-inherit bash-completion-r1 eutils flag-o-matic multilib python-single-r1 toolchain-funcs udev ${live_eclass}
-
-DESCRIPTION="Xend daemon and tools"
-HOMEPAGE="http://xen.org/"
-DOCS=( README docs/README.xen-bugtool )
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="api custom-cflags debug doc flask hvm qemu ocaml pygrub screen static-libs xend"
-
-REQUIRED_USE="hvm? ( qemu )
-	${PYTHON_REQUIRED_USE}"
-
-DEPEND="dev-libs/lzo:2
-	dev-libs/glib:2
-	dev-libs/yajl
-	dev-libs/libgcrypt
-	dev-python/lxml[${PYTHON_USEDEP}]
-	dev-python/pypam[${PYTHON_USEDEP}]
-	sys-libs/zlib
-	sys-power/iasl
-	dev-ml/findlib
-	hvm? ( media-libs/libsdl )
-	${PYTHON_DEPS}
-	api? ( dev-libs/libxml2
-		net-misc/curl )
-	${PYTHON_DEPS}
-	pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )
-	sys-devel/bin86
-	sys-devel/dev86
-	dev-lang/perl
-	app-misc/pax-utils
-	doc? (
-		app-doc/doxygen
-		dev-tex/latex2html[png,gif]
-		media-gfx/transfig
-		media-gfx/graphviz
-		dev-tex/xcolor
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-		dev-tex/latexmk
-		dev-texlive/texlive-latex
-		dev-texlive/texlive-pictures
-		dev-texlive/texlive-latexrecommended
-	)
-	hvm? (  x11-proto/xproto
-		!net-libs/libiscsi )"
-RDEPEND="sys-apps/iproute2
-	net-misc/bridge-utils
-	ocaml? ( >=dev-lang/ocaml-4 )
-	screen? (
-		app-misc/screen
-		app-admin/logrotate
-	)
-	virtual/udev"
-
-# hvmloader is used to bootstrap a fully virtualized kernel
-# Approved by QA team in bug #144032
-QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
-
-RESTRICT="test"
-
-pkg_setup() {
-	python-single-r1_pkg_setup
-	export "CONFIG_LOMOUNT=y"
-
-	if has_version dev-libs/libgcrypt; then
-		export "CONFIG_GCRYPT=y"
-	fi
-
-	if use qemu; then
-		export "CONFIG_IOEMU=y"
-	else
-		export "CONFIG_IOEMU=n"
-	fi
-
-	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
-		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
-		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
-		eerror "to build xen-tools on your current profile."
-		die "USE=hvm is unsupported on this system."
-	fi
-
-	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
-		if use x86 && use amd64; then
-			die "Confusion! Both x86 and amd64 are set in your use flags!"
-		elif use x86; then
-			export XEN_TARGET_ARCH="x86_32"
-		elif use amd64 ; then
-			export XEN_TARGET_ARCH="x86_64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	use api     && export "LIBXENAPI_BINDINGS=y"
-	use flask   && export "FLASK_ENABLE=y"
-}
-
-src_prepare() {
-	# Upstream's patchset
-	if [[ -n ${UPSTREAM_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-			epatch "${WORKDIR}"/patches-upstream
-	fi
-
-	# Gentoo's patchset
-	if [[ -n ${GENTOO_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-			epatch "${WORKDIR}"/patches-gentoo
-	fi
-
-	# Drop .config, fixes to gcc-4.6
-	epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
-
-	# Xend
-	if ! use xend; then
-		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
-			-i tools/misc/Makefile || die "Disabling xend failed"
-		sed -e 's:^XEND_INITD:#XEND_INITD:' \
-			-i tools/examples/Makefile || die "Disabling xend failed"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-
-		# try and remove all the default cflags
-		find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
-			-exec sed \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-				-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-				-i {} + || die "failed to re-set custom-cflags"
-	fi
-
-	if ! use pygrub; then
-		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
-	fi
-
-	# Disable hvm support on systems that don't support x86_32 binaries.
-	if ! use hvm; then
-		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
-		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
-	fi
-
-	# Don't bother with qemu, only needed for fully virtualised guests
-	if ! use qemu; then
-		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
-		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
-	fi
-
-	# Fix texi2html build error with new texi2html, qemu.doc.html
-	epatch "${FILESDIR}"/${PN}-4-docfix.patch \
-		"${FILESDIR}"/${PN}-4-qemu-xen-doc.patch
-
-	# Fix network broadcast on bridged networks
-	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
-
-	# Prevent the downloading of ipxe, seabios
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
-	cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
-	mv ../seabios-dir-remote tools/firmware/ || die
-	pushd tools/firmware/ > /dev/null
-	ln -s seabios-dir-remote seabios-dir || die
-	popd > /dev/null
-
-	# Fix bridge by idella4, bug #362575
-	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
-
-	# Don't build ipxe with pie on hardened, Bug #360805
-	if gcc-specs-pie; then
-		epatch "${FILESDIR}"/ipxe-nopie.patch
-	fi
-
-	# Prevent double stripping of files at install
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
-
-	# fix jobserver in Makefile
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
-
-	# add missing header, Bug #467200
-	epatch "${FILESDIR}"/xen-4-ulong.patch \
-		"${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch
-
-	# Set dom0-min-mem to kb; Bug #472982
-	epatch "${FILESDIR}"/${PN/-tools/}-4.2-configsxp.patch
-
-	# Bug 463840
-	epatch "${FILESDIR}"/${PN}-4.2.2-install.patch
-	epatch "${FILESDIR}"/${PN}-4.2.2-rt-link.patch
-
-	# Bug 472438
-	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \
-		-i Config.mk || die
-
-	# Bug 445986
-	sed -e 's:$(MAKE) PYTHON=$(PYTHON) subdirs-$@:LC_ALL=C "$(MAKE)" PYTHON=$(PYTHON) subdirs-$@:' -i tools/firmware/Makefile || die
-
-	# Bug 379537
-	epatch "${FILESDIR}"/fix-gold-ld.patch
-
-	# fix QA warning, create /var/run/, /var/lock dynamically
-	sed -i -e "/\$(INSTALL_DIR) \$(DESTDIR)\$(XEN_RUN_DIR)/d" \
-		tools/libxl/Makefile || die
-
-	sed -i -e "/\/var\/run\//d" \
-		tools/xenstore/Makefile \
-		tools/pygrub/Makefile || die
-
-	sed -i -e "/\/var\/lock\/subsys/d" \
-		tools/Makefile || die
-
-	# xencommons, Bug #492332, sed lighter weight than patching
-	sed -e 's:\$QEMU_XEN -xen-domid:test -e "\$QEMU_XEN" \&\& &:' \
-		-i tools/hotplug/Linux/init.d/xencommons || die
-
-	epatch_user
-}
-
-src_compile() {
-	export VARTEXFONTS="${T}/fonts"
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	use custom-cflags || unset CFLAGS
-	if test-flag-CC -fno-strict-overflow; then
-		append-flags -fno-strict-overflow
-	fi
-
-	unset LDFLAGS
-	unset CFLAGS
-	emake V=1 CC="$(tc-getCC)" LD="$(tc-getLD)" AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" -C tools ${myopt}
-
-	use doc && emake -C docs txt html
-	emake -C docs man-pages
-}
-
-src_install() {
-	# Override auto-detection in the build system, bug #382573
-	export INITD_DIR=/tmp/init.d
-	export CONFIG_LEAF_DIR=../tmp/default
-
-	# Let the build system compile installed Python modules.
-	local PYTHONDONTWRITEBYTECODE
-	export PYTHONDONTWRITEBYTECODE
-
-	emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-tools \
-		XEN_PYTHON_NATIVE_INSTALL=y install-tools
-	# Fix the remaining Python shebangs.
-	python_fix_shebang "${ED}"
-
-	# Remove RedHat-specific stuff
-	rm -rf "${D}"tmp || die
-
-	# uncomment lines in xl.conf
-	sed -e 's:^#autoballoon=1:autoballoon=1:' \
-		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
-		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
-		-i tools/examples/xl.conf  || die
-
-	# Reset bash completion dir; Bug 472438
-	mv "${D}"bash-completion "${D}"usr/share/ || die
-
-	if use doc; then
-		emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" install-docs
-
-		dohtml -r docs/
-		docinto pdf
-		dodoc ${DOCS[@]}
-		[ -d "${D}"/usr/share/doc/xen ] && mv "${D}"/usr/share/doc/xen/* "${D}"/usr/share/doc/${PF}/html
-	fi
-
-	rm -rf "${D}"/usr/share/doc/xen/
-	doman docs/man?/*
-
-	if use xend; then
-		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
-	fi
-	newconfd "${FILESDIR}"/xendomains.confd xendomains
-	newconfd "${FILESDIR}"/xenstored.confd xenstored
-	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
-	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
-	newinitd "${FILESDIR}"/xenstored.initd xenstored
-	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
-	newinitd "${FILESDIR}"/xencommons.initd xencommons
-	newconfd "${FILESDIR}"/xencommons.confd xencommons
-
-	if use screen; then
-		cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
-		cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
-		keepdir /var/log/xen-consoles
-	fi
-
-	if [[ "${ARCH}" == 'amd64' ]] && use qemu; then
-		mkdir -p "${D}"usr/$(get_libdir)/xen/bin || die
-		mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/$(get_libdir)/xen/bin/ || die
-	fi
-
-	# For -static-libs wrt Bug 384355
-	if ! use static-libs; then
-		rm -f "${D}"usr/$(get_libdir)/*.a "${D}"usr/$(get_libdir)/ocaml/*/*.a
-	fi
-
-	# xend expects these to exist
-	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
-
-	# for xendomains
-	keepdir /etc/xen/auto
-
-	# Temp QA workaround
-	dodir "$(udev_get_udevdir)"
-	mv "${D}"/etc/udev/* "${D}/$(udev_get_udevdir)"
-	rm -rf "${D}"/etc/udev
-
-	# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
-	find "${D}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
-		-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the offical wiki page:"
-	elog "http://www.gentoo.org/doc/en/xen-gu"${D}"usr/ide.xml"
-	elog "http://wiki.xen.org/wiki/Main_Page"
-	elog ""
-	elog "Recommended to utilise the xencommons script to config sytem at boot."
-	elog "Add by use of rc-update on completion of the install"
-
-	if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
-		echo
-		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
-		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
-		ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
-	fi
-
-	# TODO: we need to have the current Python slot here.
-	if ! has_version "dev-lang/python[ncurses]"; then
-		echo
-		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
-		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
-	fi
-
-	if has_version "sys-apps/iproute2[minimal]"; then
-		echo
-		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
-		ewarn "will not work until you rebuild iproute2 without USE=minimal."
-	fi
-
-	if ! use hvm; then
-		echo
-		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
-		elog "support enable the hvm use flag."
-		elog "An x86 or amd64 multilib system is required to build HVM support."
-	fi
-
-	if use xend; then
-		echo
-		elog "xend capability has been enabled and installed"
-	fi
-
-	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
-		echo
-		elog "xensv is broken upstream (Gentoo bug #142011)."
-		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
-	fi
-}

app-emulation/xen-tools/xen-tools-4.2.4.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.4.ebuild,v 1.1 2014/02/19 06:54:00 dlan Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.4.ebuild,v 1.3 2014/02/21 04:49:13 idella4 Exp $
 
 EAPI=5
 
@@ -19,12 +19,12 @@ else
 	GENTOO_VER=
 
 	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTRAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+		UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
 	[[ -n ${GENTOO_VER} ]] && \
 		GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-gentoo-patches-${GENTOO_VER}.tar.xz"
 
 	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	${UPSTRAM_PATCHSET_URI}
+	${UPSTREAM_PATCHSET_URI}
 	${GENTOO_PATCHSET_URI}"
 	S="${WORKDIR}/xen-${PV}"
 fi
@@ -233,7 +233,6 @@ src_prepare() {
 	# Bug 445986
 	sed -e 's:$(MAKE) PYTHON=$(PYTHON) subdirs-$@:LC_ALL=C "$(MAKE)" PYTHON=$(PYTHON) subdirs-$@:' -i tools/firmware/Makefile || die
 
-
 	# fix QA warning, create /var/run/, /var/lock dynamically
 	sed -i -e "/\$(INSTALL_DIR) \$(DESTDIR)\$(XEN_RUN_DIR)/d" \
 		tools/libxl/Makefile || die

app-emulation/xen-tools/xen-tools-4.3.2.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.2.ebuild,v 1.1 2014/02/19 06:54:00 dlan Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.2.ebuild,v 1.3 2014/02/21 04:49:13 idella4 Exp $
 
 EAPI=5
 
@@ -19,12 +19,12 @@ else
 	GENTOO_VER=
 
 	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTRAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+		UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-upstream-patches-${UPSTREAM_VER}.tar.xz"
 	[[ -n ${GENTOO_VER} ]] && \
 		GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P/-tools/}-gentoo-patches-${GENTOO_VER}.tar.xz"
 
 	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
-	${UPSTRAM_PATCHSET_URI}
+	${UPSTREAM_PATCHSET_URI}
 	${GENTOO_PATCHSET_URI}"
 	S="${WORKDIR}/xen-${PV}"
 fi
@@ -229,7 +229,6 @@ src_prepare() {
 		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
 	fi
 
-
 	# Bug 472438
 	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \
 		-i Config.mk || die

app-emulation/xen/ChangeLog

@@ -1,6 +1,14 @@
 # ChangeLog for app-emulation/xen
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.153 2014/02/20 10:25:22 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.155 2014/02/21 04:53:41 idella4 Exp $
+
+  21 Feb 2014; Ian Delaney <idella4@gentoo.org> xen-4.2.3.ebuild,
+  xen-4.2.4.ebuild, xen-4.3.2.ebuild:
+  correct typos, tidy
+
+  20 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-4.2.2-r1.ebuild,
+  -xen-4.2.2-r4.ebuild, -xen-4.3.1-r1.ebuild, -xen-4.3.1-r4.ebuild:
+  clean old versions
 
   20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> xen-4.2.3.ebuild:
   Stable for x86, wrt bug #500528

app-emulation/xen/Manifest

@@ -1,68 +1,35 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-AUX xen-4-CVE-2013-1918-XSA-45_1.patch 7179 SHA256 760d8502747f2c03fb3bf6b683994860ae99b66a2fb6bbedebcc5b440404c404 SHA512 b2c8a5fde13b00734d67ac2da7ce09020d3e21f5d6d7ce7eb65f542324f42819704bbbcb784cf064b5640a18eebab8e85d51ccc1030d7325cf42e482114ba776 WHIRLPOOL 0637bbfa579b77ab6a1b1ce15417ca0740950cb1ff4bbe9ae851c8f143e4755450cd785ede5758d45b785265e53afe81ea3705813f1fd96d79affd40cc08dffe
-AUX xen-4-CVE-2013-1918-XSA-45_2.patch 4941 SHA256 e8e20bc35017bbfa350c29cef848e294acc782c3eae8082e629b020563b3a2c1 SHA512 6f05628667c56c583abd345d59371a5da94f862744a41a49f2be0764e36878e276d79e58a20046ce303e57594984ea7551bd5c11cc55b386bb0e5f28b41ad76f WHIRLPOOL f8100dd80c9354e44c119a57eb5db0df0f81997bbe3823066bc7c31be211f083260a73402dc110f02e18855b4a9196efaa78d81dcd601e761d200ff113628090
-AUX xen-4-CVE-2013-1918-XSA-45_3.patch 2621 SHA256 8f2efcd018179ff8abdd54164980fdb0d25968017aaf91947ff0a326a132cd90 SHA512 1dc3222675380a278de67c7c8ce27df61f5376cb5ea3b0cb4965cff20ec236dbc21b1717da778a1eb366f27229d4765b209a6593ec8c2ae79b9dddab0b615246 WHIRLPOOL 1019d125c7e2a762754519472498c13ed7987cbfd0709bfe7ac5dccec7f6b6b68f86f137f5f7727e187e17fb764be532011a96eb39d0efa8b08baa945bb0c306
-AUX xen-4-CVE-2013-1918-XSA-45_4.patch 5813 SHA256 6eaefb1987f1ccf891cd68c03e9966bc7ccc6fd894ed2c366aa4a0d1f3a15459 SHA512 723478cfd9f067ba6134fabe480dd9e1d11321f9c7b62f94cf572010d35ac5ef412ee885a020f2b03e7c2baff2fbafcdc48c8ac0426331c508197c4c8c536f8f WHIRLPOOL 48fe9fdfcc93644554066053b72be390f41f4f63be845a8e2b0ed379a33ae489c97ec12063ff7aeb8600dd348850d87efc372e5be709be2d045302ea144b0785
-AUX xen-4-CVE-2013-1918-XSA-45_5.patch 6257 SHA256 406e3bd7147fea805bdf6f201bc17322cd2cd662ede094b1a039ba71b095bb3e SHA512 976e5f72380921e89feb16c5aa5209a56a4b61f76676bca9ed15d7af787df5901a77f35e5d3506087ff9be259170636872218b7a755add938bb8b36b0a976203 WHIRLPOOL 71e3df3b62c6a007aebc3a0c732653bee22ecda4cb3cc6ff041a4db2de9ff16cbb8648389f645846d29cb6405c54e6f85db5334624ef764c925482a74a276179
-AUX xen-4-CVE-2013-1918-XSA-45_6.patch 4291 SHA256 6e4344e3dcb544537bbef869a34cff38a4611cddc34d18469633d3b3d35db78b SHA512 a2da3415c07c77b8c38d52bc32b04ced955f272f4294572375ba16465aaed8a4a66ea0dd8034ef67e1f6e293b82f58988ec306908b7df6a86ee1c52890f47ca4 WHIRLPOOL 12c736899b40f7cad75fac5ab575b759160dcc0bf1ba9ca766c50258072bf20324f3663f60e3c7ed75323fdb91fab12390373d749d451ee68cfe72bb2ca70a93
-AUX xen-4-CVE-2013-1918-XSA-45_7.patch 8129 SHA256 7fca1b6025d6ac1a444333b2fe1381af093ca601ac8045f68a29c2a83d520e48 SHA512 7f8fab52ca4aa361729eeb21f977fe1237f6b94b8f35e5d37ea783c60d7053da9a975af20c07c2cd1d21d52880121a5ea83ed0abd3ec2a38a75caee797489096 WHIRLPOOL 567cfd129d6347c95cd08d296053d043430b0c2ff157991a899b205c68b421614d4a8829eed8ff2748fb107b485db11b5d04599cd2a4c4bd5e225fe9821919a4
 AUX xen-4-XSA-83.patch 598 SHA256 71ba62c024ed867f99f335ed63d7e04a7981d348cc29a3718e5c48f15a1e0fb1 SHA512 8ca0f9e896da10ad32b93e7dfa908550180912b0f1eeb8be214f54fb6cc6c7a925df26db6521a37430e5e66c31e3eafb8a7169ff92097adaff7227cb95759c14 WHIRLPOOL b7369455f0dbcb37c3a3b7afe8de1e47e3303ead0a37c7e2ae13c5ebd66031bbfca21b6f4fb8a1191e32ef17a5fe74564c93ec7861f4a8d7dbc815fecfb6e068
 AUX xen-4-fix_dotconfig-gcc.patch 1525 SHA256 943119cde08d16d05a927a85fb54ee4cee323cb4870dd0d90a552051fedc9907 SHA512 aa507594d96159c4e01ccfc4781f9afe7b6fe125c9df5925128c002f28fdf04999954b523cc53c6d7eaa49cb6e05120605f4e7d6f8bab6d5718d73a60b5accea WHIRLPOOL 6f4395203199b8037363ed56256e12f426f0c26f449c5e4a001c5454370a0e412f18cd03099866c30592ee0413556b85b3c374efb7172212db37ff3891c004af
-AUX xen-4.2-2013-2076-XSA-52to54.patch 5214 SHA256 47c6609b32e6cebb73070a8b5767dc3bf44f2a73c8a5a1bfe41bbc9ac86981c1 SHA512 9f1a7fec53bf2d07667f0cb9a209cf3013e75b2881c5cae78ec5c3584994bb674034c77b9acbf5947c9d798276d50f2a5c09683afcae27741227abfb819e5ca9 WHIRLPOOL 53a62257456f8cdf8363dfafec0321c02547d04d1e084dc9c57307afc152765f3ec20de3cdc74e62eda88932e6e1ae647c8d3820f9214d2630aba6d7c22d9416
-AUX xen-4.2-CVE-2013-1432-XSA-58.patch 4630 SHA256 974d6495089b0168ff528d89009ddb5856dbeab5a2b366a412a58d8de574377c SHA512 d082d96adf31bf2507e96425081baeeb5ed7b639e4c41c295ec7e7d7a7617214883999a81890add93c7c833665ed1e3aa8fbce63b14260c00ddb41ffd37d00c4 WHIRLPOOL e2c744548500fe481094aad40c16c85477edef17610ac15849ee0a70c9577802000b31b7353b71b91434818477c20f2835a7072f73e5c5c98a12112e87c3aa59
-AUX xen-4.2-CVE-2013-4553-XSA-74.patch 1499 SHA256 0f7d0bbfbd7f3f1b6f6005321fa45081524dad438587f691e6892cc393327f89 SHA512 cbcc6e8dd5cb9b1b699e5acd17ece100739e37d3c752f54320fda4526a79bd8280e24a1c7bd6fec32756d3602b5efdcdf274f9608b9850bbd0afe324c9152be1 WHIRLPOOL 5a4b34c7ebedb0f6e2114cfaddafa38cd160d43f9e0037387871c013ec9574d9a9c4541027e64f8cfb90a370879a7f7553bc5813f7252179fe065236aec80fda
-AUX xen-4.2-XSA-84.patch 4943 SHA256 433f3c8a202482c51a48dc0e9e47ac8751d1c0d0759b7bcd22804e1856279a89 SHA512 b22b6d35b32384b49121958cab5b85bce7f46d4d00f238d0142a09e4844f24c837a86ae8673c703d44146458902bbe6e1608829099b216c48a80e5d2a368e3d4 WHIRLPOOL 51bbe7fa567040fbea228040fe8ec1638e5edb542d849f0051c114a14b61a296a19c6d09c31a1dae9fd502903484a1f7333cc5821a1f61f983443c5401b7032a
-AUX xen-4.2-XSA-85.patch 948 SHA256 20571024e6815eeb40d2f92a3d70ae699047cffafb5431ec74b652e0843a5315 SHA512 43312c06ebba91a6ec1b343072c159cb1d488cc3cd2b5104b4ab210b9d157cf56f06d95514eef17433ea38c65d42fb3ebda16f8c6a6ca94b57ecbba001a6294b WHIRLPOOL 3854c41ef9f1e21d723d13f94cfd3d7f236c3348c49cf0affe162664d94c3e6bb9a6befc2f9e0959b0033af0a06cd1461474fdf10018b8a267c05a059f52c531
-AUX xen-4.2-XSA-87.patch 616 SHA256 df9c1507d7bb0e5266a2fadd992d1e6ed0f7bf5be7466b8a93ed3bd8e3ab8e8d SHA512 819afdaefbf9d9033df6ffb0b0bc2e556e583fe64152f280d7cb9a7e4735239eb90eaec0b1d3a798ccb2c8f72c23ef4e8e04eb8ff5892be1e8128094370e0427 WHIRLPOOL b797fdb7844da641913414815716173c0d60e48b4304df5231ad5958c1d1690fbe04ea45158e380afbc2767303649551ff0dbec03142a8d95bdab5da60320dc4
 AUX xen-4.2-efi.patch 2216 SHA256 0886961e2656fe7e140dd0ac0e6620d4c14ef0796b8f8889bda163e2a9f8db8b SHA512 ecaa4f1f1c3ca737931fe5343529708dfb7ec7040dbf2acf2b155e7c7f019ce3e2630ddb302213570a2647fe220dbf23eb6c28618d6b1be9161e25fcadd71cb4 WHIRLPOOL 63b56e22683b2755ae17e7871c1b535d750f655ff8c003979d039654f5ef3303457b5d4469f216c1744202d4d1f4561f7498c1d93171ab1110a93e3a2fa8db8d
 AUX xen-4.3-CVE-2013-4553-XSA-74.patch 1389 SHA256 b505cdba662b1b1cd91d5611fac998c6b4e89e366780c6b9864b6965075afb38 SHA512 fc0c1a1777a751096bc5990eee04e754deed2f18b8c8a5d65bf19c71ba9788599369f51e2d518f613e8cea8cb0d2d22ad60cec4d1b8805d7bd8e0818a54afb2b WHIRLPOOL e324f4922f61a22840ac0268fe2643a0fe496409d12a5797d7ba057ecd4982f8a9224e20615721c34680d45145d3933090ca1a11644cd2ca8f312995c3cba96f
 AUX xen-4.3-CVE-2013-6375-XSA-75.patch 1748 SHA256 039a74a4ccd1f17a5fd5341d160af87b14875dc1b2e46d8e4d337581031228d8 SHA512 195d147643b626ab9265d83ba2d7fbdef7b5716533682b723f32cbbbde6089fafb49e11c68ba6d323bb120fb0d34d85caf5ec5759048f60ba9096e479729c32b WHIRLPOOL eb52b7334ead997fea54810498be22bf47bcd2230a2ea2552b6125f3f78b5f9f9df49a7625c43ed700b3e56c6ea8979171e6be2e6d54d53c706517fc901d4702
 AUX xen-4.3-CVE-2014-263-XSA-84-85.patch 6086 SHA256 91725c156bae4209f1401b38a37c1a38941ef6e9370ac3425523555fde81d835 SHA512 c26f9b3ecdb2894a72033850a532e0d9b735ba8e73c3cfc379171ec17c8f82e07596e6bd9824242702645d77e37054c0668279ad55effe10461d70e0831c39e8 WHIRLPOOL 94d0bf7fdc5064b0463344e1a09c81d9a41ab5c565c88accc511c547ed4ab3c0c7ac76443eab02c4b0153552ec2dc139da10960c5a8944aa9b49cee03160a911
 AUX xen-4.3-XSA-87.patch 916 SHA256 a13ce270b177d33537d627b85471abaa01215cd458541f4c6524914d7c81eb38 SHA512 a1ad45f8311787ac0e1ed1a186f9c4e9aea924398ec7bbbc5b1e4b2d3b4617e113b385ff2aee854458270b0d73ed11defac5dfe603b1fd7b97f4c951def559b3 WHIRLPOOL b3a36c01d4e0bca3c5df42488f9bfc91e756af8c899d7414b81b7dac2bb60733555321b607ed229817ac546ebce65fddce0f8781909d7021d19b44a931fb85bf
 AUX xen-4.3-fix_dotconfig-gcc.patch 8854 SHA256 4e0d22acdb4ecc4a1d418ec91bc6ddb9ef1c283ee3ca1f67bac85d3116d76ccc SHA512 b4c969b0cf166862ea5c5cb0912d7dae8c5bf7befd6dd6bdf4e56df8a4daf85c0a36c94247053f74edc0f24b1c15a18e7ddae9d24ad28d54b726a1fbbab442be WHIRLPOOL de7b614ae486fd2cc591b405b475745b003c638c9be4c8153b61a368802af36d2a2974d1e022eb14fb58ad9260f9f82c438c84cb65c3499076c579f7e1c3e6ad
-AUX xen-CVE-2013-1442-XSA-62.patch 1350 SHA256 364577f317a714099c068eb1ab771643ada99b5067fdd1eb5149fa5db649b856 SHA512 4738a229a6f18d670da07b3acbaf6e227af5fb3e7b0b414dc98671be02208aefc66ebe07f7396d9158d0fa15993b9d418fd65747880c64694b1a06b8be961419 WHIRLPOOL 758aed345d0c5792a5d5a53200ef5094e662be507823010bb7dcfcccd07bc38b897d67295abf2d5d5b3f1b93efc9c684af78da6e3e3d77ecb65ef69fe2f5fa6d
-AUX xen-CVE-2013-4355-XSA-63.patch 5872 SHA256 32fa93d8ebdfbe85931c52010bf9e561fdae8846462c5b1f2fbc217ca36f3005 SHA512 f972de0910dff2109fc18911eeaf789963ec457d2a21029abc9615088d2c8446028effec6c1c01e080ae3479e704175e19040c09053c8ad60c0b38c7d2ec3859 WHIRLPOOL 186fcc663d6025164fc38d9aa5faf2272aaf6d3a7f2f8ba831fac28e672958776ae80cf3e92a9d6c99230bc80c6a4c83d5fa313225d4ba5594e06e1ad55e732f
-AUX xen-CVE-2013-4356-XSA-64.patch 2401 SHA256 551c5b7afabc1ce10fcb2138a1d7f272dbf5482e339b005b18d9a2ca38b045b0 SHA512 d5da58e37ab6fae508b95cc3798f7d679ed3b9b58c28b453d6ff31716e75e31c186fcfb21f88e6981daef718f67e24a9a2a3eea6a9945d24e84332d8ce4e68ef WHIRLPOOL 9e3c3d9d86a1e334591351002b79557005ca3e5dea75610b64d19e741f74cf7f75184b062df7d174000b0f38c98fe7a62d99cdebe94ebbc949902e55fcecaa04
-AUX xen-CVE-2013-4361-XSA-66.patch 839 SHA256 3a9b6bf114eb19d708b68dd5973763ac83b57840bc0f6fbd1fe487797eaffed4 SHA512 5abc6cb7685a9053e67c1646c6d9e06c25da6d6c7004e63e346e7b082270e1319fcc8a194a8db4e9c9cb903fe5dc29ae17169cda6fea94913fa9e0ff5aa9b451 WHIRLPOOL b98cf8aa37d259d8c5ec5cffd22ba78b5674948268e75349b3e867589052409c1872f0aa72f5cd9a1d8c44fdb74d3bfb97596bfa6ac2d201565275b6203f5095
-AUX xen-CVE-2013-4368-XSA-67.patch 1307 SHA256 7de3ac9baa6cd9fead46e68912dfa0189e900095317645d0e33d85346fc8a028 SHA512 959e4760210ceb480da53c709fcdeed4bd9cec27eefbcdb7dfcf6d764184e5ecf4c225f817d8a46ff0bb74baa8d14d90c9ce39bb51c9a781cbc524227b02e153 WHIRLPOOL ee7dad69b15ecfc8636e56b2373660777ce594fcef6ee2b863b9cf3a4badf269d3214f193374addbee678a80f3bbbfb416189d78edb426baa6d25ac5df748637
 AUX xen-CVE-2013-4375-XSA-71.patch 1628 SHA256 f1ef802098be2220ec1c0e0d20ff5385d34036b8cd312001dcc0e17fbe25f8d1 SHA512 9d057827933decc046506c46e1a482424169cc8d525ac49a39b296181615a4525383851e990fd3d46995db2f8261d92dc7955354cdf6ca15db8cbb89def17c6d WHIRLPOOL d1749db3dcceb5221dad395e2caede633456a304d922070096889b4b7d8e79bcda5fe4f7c8cb3e5f1e6c9dae349ef744d98290f286cbfc3737b0ff62f198e2a8
 AUX xen-CVE-2013-4494-XSA-73.patch 3723 SHA256 1c070e66d1bea3c109f22ea4db2e8828f0f4b016d51d6d88667b775eec340514 SHA512 d14be9077685aec682f2cfa23886bc430fe55d985650e5392da0988f69f242ac0fa242c84448e8203ab6dd1b44904a2f38ad9e8976a829100193a1c06efb8417 WHIRLPOOL 96a15f94eed123a5ff53193c8dcf708aa17d21b3ebe23b5fc50b7ecbdf64ed4f827252389cc15249d05041d036853053f3846b3fea3538fc8724fe828ca57bde
 AUX xen-CVE-2013-4554-XSA-76.patch 556 SHA256 8c4d460c71e8e8dffa32ce24f57ce872ccd8623ab72fd38be432f0a2b097e7c1 SHA512 4bfd4dfc560629968a81b4f9b7509d8366208ca6d7987f27da44a41caa840437f623ed5ab489c9a1623c99ba9e702a5d647aa833961ed7d4ab72d0141258d6a4 WHIRLPOOL 6a7020ff3df9020a716b3ecdd3dd11869025e7205c17a9314a8f2705812b1a9e6fd4a19d891d00ca5c750456f4c871317c0ec451ab84db3c985c57e92ecb47d4
 AUX xen-CVE-2013-6375-XSA-78.patch 926 SHA256 63aeab44272c17d079c9b8e22732c8c31e767236bb0ceb73d9f6226c5ae31d35 SHA512 d6aa117c570881015bdb93efaaf386fc4f141ef012017ab0a51bd63a024f5e9eef3856243235533d46ac7b67bffd10e0913a06f65e194581a6a70cbd6a6bf5ca WHIRLPOOL 16b04f8191b2243c05541742a98dface491ebe8db47e050eb14e74352182bfd02a86867c1ad644b3cef209008cfbb5d0499073447fbef49c5de129e1bdf519d6
 AUX xen-CVE-2013-6400-XSA-80.patch 2072 SHA256 d15e627c59dd48e1cacb2fbcd5e2148975daa426df1f693b991d69201c048e77 SHA512 119d4a183c8a56496b337bb5c797e63df99ac88f879d0700e6ed4573a21901dd45fbc997cbaa8d4d635da574eb46ceb6d91a846cfb20b6d0a0b42381cfb9144c WHIRLPOOL 217c68bbe0b179a0f81fd591b546389a21f82acc3d60b5bdf1d6323263ce4a6ceb18d45dc0089c3758f179937b50816f1d53287f9b9b6486b4303e92df6d9cb3
 AUX xen-CVE-2013-6885-XSA-82.patch 1447 SHA256 db47b9dcb2124995754e7b43d7eedb5aae5c6d2dda6d43d313751b419ffd12e7 SHA512 f62b9bf0aae1eb22a551fc98d74f5baec391589be5252d472aa9b30012f426a7302063b02ceb3bc9b3fe88c67033eb771a4112727052ed3f9b5dc9d39f47f39d WHIRLPOOL 38678c9c32bc172a675bd0351a81743b92bbf72cbd14a29cc1a7ef15b8149bd4841816425142defdebc233a2dc58281e893533053e6310173ad3a5573233d1f5
-DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea
 DIST xen-4.2.3-upstream-patches-0.tar.xz 84436 SHA256 7c2477b9b29c9d84bb26ed60bfc2700f2a614ed8040b93906e801831f3498b41 SHA512 a4e8b53a0efb9d64d4dc65ee3107422c8007537e03f9c8e6f1b2c838cf62e6819d447c1ed44aacb5c4e9979f0dad7ed313d2db61df6e6ad2d7708a81964a7e12 WHIRLPOOL cc3c2224bba3b2e5f057ec95f9e85e58b17bc0dce338da429c7970877967cddf69228258ff491be9c1d022169a90fcde34ef1bcb0c198c9123ca219707a5a99f
 DIST xen-4.2.3.tar.gz 15613235 SHA256 69b6a73701383d609ad094a38925004e8595755fb39a6fafd579ba754e8667db SHA512 01521c8724354f92a2555683a8b103e5e16aedeb2c6166cc3ce40a0cc6cd9e07a601aa24930bb7391e00eb97f04003e6523dead09382cf86eb56f5b886509b9a WHIRLPOOL e7f7848ad632e5e77db95b2eb37c82f31a73021af4b6bb44091cc14103faa193bc2d6deb089e2a196daab5a08dbc08f135a8937a25a4ff5d31fe37c789bae1e9
 DIST xen-4.2.4.tar.gz 15663999 SHA256 e23e6292affd7a6d82da99527e8bf3964e57eb7322144c67c2025692b1a21550 SHA512 3e5263511e7c40899f580f3384bd987f9c875b8e6816202fd1a5a64fe7e336803d09e58148af074938ef261f0ceeafad121ac541ddd2bf66b76c5aa4ad07c357 WHIRLPOOL 25d23f5d921139ba0f853fcd76ae998647d32292bccfd4e7c4f3b12f860a38fbb33ebda67c839657bf3a25d837c9c02b80d663362263d16d42284ffde09f0bc2
 DIST xen-4.3.1.tar.gz 16429423 SHA256 3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd SHA512 f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275 WHIRLPOOL 087390786cea9aee273a5d81988436303991aa5ea92faf111d3b619517368f8c8feef84f4f8c602cac723980a344eb90414887db4ca88a2ee14bc6b0253e36ca
 DIST xen-4.3.2.tar.gz 16472188 SHA256 17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 SHA512 ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 WHIRLPOOL 72250369fb2c90ba608e1da018cb6417b3089642c8ba59af9f2825ec5ba7c4e6c5d6f86140b20825817e4625727c6d58c5d38b00863c994e31c8a04927997bd3
-EBUILD xen-4.2.2-r1.ebuild 3756 SHA256 2ad7f2faed080ea2e4d991d7dd902826059e4a22b444e2f1b74b5bc1e54d50a2 SHA512 c6041bf852ffa425d93134e9c08334c71e96dc9cb795c8bc7a5eb485fa46d55f5de61ff9db55d484cbe0b641d9e850e4eb7c0eefd1b021ed21a050e1e78c4177 WHIRLPOOL 86e7873cc84b01064c1e7cd46003a43104257a3f7330a1433d85ce841b658a0a35e18f9284b8520a497b408d4b5ab6ce76cb1af67fb42019b86517f4b51f2d61
-EBUILD xen-4.2.2-r4.ebuild 4188 SHA256 b141799dd9644b3db75f52b849a1610c0a68db78a9188a6df7700ccdb90e4404 SHA512 26d6201b9fedafa9219bdccad75e8e0985d5dcfa2c4b5e133c2861848725f06784e3ac57cc6ea524c2b4697281cbe288fc8fcfd4357948e73b57d5f4dcbd8337 WHIRLPOOL 6d7c030927b19c99904b59f4d1f0796b2fcfa3857a0217959c718c5c45b7b2f467905f6bb425095a686b87d7c52d635886ff322c861301e509a4f54cb7c724ec
-EBUILD xen-4.2.3.ebuild 4206 SHA256 3f512a5c18718406642045b29ddbc48fb4335c58b597685ca5c0b874d7b8e7c7 SHA512 8db1157adb3a1eb266678c8afcb7c5d9bcf2a11afb06997797011e274918f51bda20c1f1bd7cd43cfa71b4843041823e04e29a679f7c9b420f0363877ce538f9 WHIRLPOOL 66e68c39479600b986496d5bb6c98602a8ecdde02266b4673ee66b84e160eb3c70ffec07224c7415f610c974331c85e87c145a7e4300537baa5aff7f81c15720
-EBUILD xen-4.2.4.ebuild 4208 SHA256 d833fce1323c30ff8799c3edcb69a5ac3e55622f6db058dd127ce62490e469b3 SHA512 e839e36c15d94408d111b01b8e6003c4107a196b564c89f6bc694751a84ea32d6f1f561c2c1da9111d804be8ec236ec5bccaf4ac25f5f3c1f510392861cf4f0a WHIRLPOOL cf3d54a317c2ddc84264e3b1a017834c2f149d9888a94ca6696fd9743e007f252d79233e14a0c1aa69f36269a65473fa86b23c5c884d30ee08839d6364b1c939
-EBUILD xen-4.3.1-r1.ebuild 3901 SHA256 a94af83d0bb8ffcebd66223309818da75c60507ae2c9e803eac7488fd3970de9 SHA512 12ea99f6475d9c40c00b3aae81ba620a28fd65f72e93c93c5cd516e61966a6fc3d7a5b17919cb2704e08c9ff354b9d7fa610c461ff71ec99e11eed82ad7735f5 WHIRLPOOL 0c8ba609acb43bdc3df00b1298519b1bbabb941f032f43a6b386b5570da83767d929fbd1ef07e2b5a80b538544fcd2ec1cd0807f4f58840b6f7d7e25205fafc4
-EBUILD xen-4.3.1-r4.ebuild 4046 SHA256 ca2891ecaba07397c621ac68746be1d40159cdd5f1b57d38a1db28d9fdeff1ca SHA512 d9af0ff66b69e43b5853ebe389a86beb02950a4c7be7d083c2dacda4ff2f05bc502e5a665304430659bc64b88057ec3d550688a43474b05e4d01fad8763df213 WHIRLPOOL ed60050e57c54a43094a33bb3f9bb6a9b7ca5d8df88e1c4ef0b474ec6fb3834b55488a1a1ce1a8c2058dcc1226eca6660bc8ca7aafc74b20cd9d786883deb5aa
+EBUILD xen-4.2.3.ebuild 4212 SHA256 f09e7ea233bef41c17089ca7a046c6944f214e81907fb09ee0940e3735bed992 SHA512 d9d42dabf5114fb259c22eb6cd2b1a956cabbaf18131dcb562c23dcd55698607ae5049667c954f4454bb6adb0cfc46054bb23215cf5bf29ec16aeb13b85d46f2 WHIRLPOOL 935e22e705fc0364c41bb18b4780a435de2e8c48bb1fb8f6ebfa501f486f03f03c064bfc77d045afb961d4bfc2db1e12b276bbbbfece359cd54885df822016be
+EBUILD xen-4.2.4.ebuild 4213 SHA256 99be813c840774024cff83f02b0d2bb7d9e479882d60d48aa114ea302e576379 SHA512 e5ed5103ac91a0fd1acb1209db063c2b145e45f5e171f235499acad5faaf571e4b06c80113fa0f4e7d891df31c331159403b28a8c470122d27f1246bf2920f9b WHIRLPOOL 43b307924681ffaf7f31647b490091e6ec25909fe73548e3b215b2457706a407050bdf1684ce13f825a58272e37a977b6dc202083567329c80b487941e691dd5
 EBUILD xen-4.3.1-r5.ebuild 4118 SHA256 acac2edea0a26f1025254f754e864e386e70488d9d0d7d9a5743552c61022b9b SHA512 c75f3cee4665776b2f350101f7cde6efa916c45976ee1f690a4d0ed07cffd051d0bfdc0cc006b7f0a463e747a5cc7b41900ecbaa1ab32505f0fefd68811c610f WHIRLPOOL e6a4eda3889fbb94430ddc50be50cb71a3a292595dd19399d14d1bcdd06f19ea40bdc3c0a926cd8791c3af9cb883bb3564a35acd1ca647aed2b4cd179261871a
-EBUILD xen-4.3.2.ebuild 4102 SHA256 b731dc04d1cfb6d354420388dc79ae166b6f707fca840e49ba28579c8d06963e SHA512 f38bd957b3fe0d0ec1567f47d0388f8ad878072df8d8b49d892ad0cc928553b33fc724f5e1f42f42155e9b4518a98442308930f69350b1519aa863ac0309419d WHIRLPOOL ba361cc30d89c2d2df6cbe8e1f127bab3c4584fdc6a22ae756b46f9b757f6cb950551e2ed5a221146ad7ca84aee18a4a77ccbfddde6ba6151312e578db260ab7
-MISC ChangeLog 28046 SHA256 0731acd2e896315c5df2df0610d64fc5734210e3f196c16fb2b46e878bad1c3b SHA512 6e47348d60ea818691bd5fc335b8cdf3977f38cab419a20034d532da072d277277e6ddbf5927421ee0e7ea8d7b2b0580411ba1101515e338f02ebdf5b52cc666 WHIRLPOOL be9a311d5718626fc979ff6f94ebb57fa6dd3912dca2efe54341e626a6e967f62f69335dcade637aaab491869e71f7883c972b34e7b9210fca2043c293c6844c
+EBUILD xen-4.3.2.ebuild 4107 SHA256 ffd84a6285e31ab05435e2143522c00ddd71683e9199a82189db406be8b0703f SHA512 2ece621e74731ae5a41b4de59b0a68be449941a12e0464cca4c5664e14f9f75cce3f109829c4d3c0adb3558c5b39a5f73b6b924c2e32e348b885258def75aa1f WHIRLPOOL bc4da56fdd53440a1a85ce1a872d39a30ec460e0ce0b8726cfc54c6aea42854b8e2691d53d49abc3140526d9a1884d113fa7e0ca40022f04c63c756a4face81a
+MISC ChangeLog 28332 SHA256 35fe6917922426c6cd99c498ab7805b7e21c6beb36ea2731ea065028d1a0d19c SHA512 bb20d1c890fa3a1102b181c0c70affa0f0f73797718b842b3945a7de7f56ff9aec4842656b8b51a51cc2c921401b7bb4adc44dd6abe783d6363be5bb9ca2447f WHIRLPOOL 93a57b93e1459802c779aa507b7ba9e4307fd50ccc9e229390ddeb990a5f62d206a5b784c82d272c712e114e8fc713dfb99f6d2ecc7f821dd4d1d49dd6eafc4f
 MISC metadata.xml 480 SHA256 c6d867148db1480748552aea9692bdee95fb98a94fcfadab0d128cbf1102b0d5 SHA512 888aa860cbb74d79c76f096107d8b22975470373ab11249da2c4ae9c4e172bc52fee73fdfaf07c19e977cabbbdf35ea5b3c6508d4a6f555b771ab6729806fe5c WHIRLPOOL c4d10589ca2c8b4e8bbd877dfc8f4f3b66ce8ae7bece71617e9571f07a39270f54c41f5fbbb2b29020ffc6473e2341064bd708813af3e20a31d5b9bd0510ebe2
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTBdgUAAoJELp701BxlEWf20kP/RpDUqVoVz8E/PG6zs/4YnJV
-su2ATULXinmj4li/S6wD40z0AmNEx7JjRukxAx1pxZchIor1jmof8x77+vQGkfO/
-DvuGSSGfq0QsnSVlJ3RvnaWIuhbHkCucL6hW3psQqow0FmvkeCYW1ZAMOkzeD3gv
-JJF0cBc+pXCywDEkY5ludJirTtvEAMgyNw7/2qxvgsrWRBPivO0xbWS7LKe2Hbbn
-7EqCrOZyH/4dRh1Q69iKgZ4EH4FHul2LVYgtesdpX3t9siJzs0Y4UMwnFpddz0n+
-bew7LXOSa7g96LlRRA2MHGaHLrr4P110R4Bhcqd3V850dydtmxOuZmYozLr22C9A
-z/rCKuct0HAb8ssFandgAwSmW44VRhJ7oVciXXjtmYyMYVBSdIG2+qcjXTmizSDD
-Yf6c+/CsACVT+SXb8YAhozWCfaFwd78bwAIFvjH605e6i9M3gt4eoo1nbH/Ms+hf
-fMDHRaw0r3yGLQGu92GZUEhhLbJD0O9Zju3D4ez3LIHo4qXahhLcFT3LyVOsLIhH
-BkFJBM1wzUwFGf6i1ZIg0jXfuTa5A5Mh7+peeWstWyxiXSOL/U1cIrQ9qMGkM6kC
-4Q7wzM+O2T2OiKOOuU/D+TpiTOUwAi0urrUUOR13/PJzxbg0rI1tPXPiwe7LvCTs
-zQcbf7jFUGU1qMWtG3Dr
-=OqGr
+iEYEAREIAAYFAlMG2lQACgkQso7CE7gHKw2p+wCgqZQsXHchIF6ig+5NmkoN1kGk
+nDwAoIU+UsF0GspoUcZwk9qbyQoQC/7j
+=ZcWd
 -----END PGP SIGNATURE-----

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch

@@ -1,252 +0,0 @@
-x86: make vcpu_destroy_pagetables() preemptible
-
-... as it may take significant amounts of time.
-
-The function, being moved to mm.c as the better home for it anyway, and
-to avoid having to make a new helper function there non-static, is
-given a "preemptible" parameter temporarily (until, in a subsequent
-patch, its other caller is also being made capable of dealing with
-preemption).
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly =
- static void paravirt_ctxt_switch_from(struct vcpu *v);
- static void paravirt_ctxt_switch_to(struct vcpu *v);
- 
--static void vcpu_destroy_pagetables(struct vcpu *v);
--
- static void default_idle(void)
- {
-     local_irq_disable();
-@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v)
-     if ( !is_hvm_vcpu(v) )
-     {
-         destroy_gdt(v);
--        vcpu_destroy_pagetables(v);
-+        vcpu_destroy_pagetables(v, 0);
-     }
-     else
-     {
-@@ -2069,63 +2067,6 @@ static int relinquish_memory(
-     return ret;
- }
- 
--static void vcpu_destroy_pagetables(struct vcpu *v)
--{
--    struct domain *d = v->domain;
--    unsigned long pfn;
--
--#ifdef __x86_64__
--    if ( is_pv_32on64_vcpu(v) )
--    {
--        pfn = l4e_get_pfn(*(l4_pgentry_t *)
--                          __va(pagetable_get_paddr(v->arch.guest_table)));
--
--        if ( pfn != 0 )
--        {
--            if ( paging_mode_refcounts(d) )
--                put_page(mfn_to_page(pfn));
--            else
--                put_page_and_type(mfn_to_page(pfn));
--        }
--
--        l4e_write(
--            (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
--            l4e_empty());
--
--        v->arch.cr3 = 0;
--        return;
--    }
--#endif
--
--    pfn = pagetable_get_pfn(v->arch.guest_table);
--    if ( pfn != 0 )
--    {
--        if ( paging_mode_refcounts(d) )
--            put_page(mfn_to_page(pfn));
--        else
--            put_page_and_type(mfn_to_page(pfn));
--        v->arch.guest_table = pagetable_null();
--    }
--
--#ifdef __x86_64__
--    /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
--    pfn = pagetable_get_pfn(v->arch.guest_table_user);
--    if ( pfn != 0 )
--    {
--        if ( !is_pv_32bit_vcpu(v) )
--        {
--            if ( paging_mode_refcounts(d) )
--                put_page(mfn_to_page(pfn));
--            else
--                put_page_and_type(mfn_to_page(pfn));
--        }
--        v->arch.guest_table_user = pagetable_null();
--    }
--#endif
--
--    v->arch.cr3 = 0;
--}
--
- int domain_relinquish_resources(struct domain *d)
- {
-     int ret;
-@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d
- 
-         /* Drop the in-use references to page-table bases. */
-         for_each_vcpu ( d, v )
--            vcpu_destroy_pagetables(v);
-+        {
-+            ret = vcpu_destroy_pagetables(v, 1);
-+            if ( ret )
-+                return ret;
-+        }
- 
-         if ( !is_hvm_domain(d) )
-         {
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2808,6 +2808,82 @@ static void put_superpage(unsigned long 
- 
- #endif
- 
-+static int put_old_guest_table(struct vcpu *v)
-+{
-+    int rc;
-+
-+    if ( !v->arch.old_guest_table )
-+        return 0;
-+
-+    switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) )
-+    {
-+    case -EINTR:
-+    case -EAGAIN:
-+        return -EAGAIN;
-+    }
-+
-+    v->arch.old_guest_table = NULL;
-+
-+    return rc;
-+}
-+
-+int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
-+{
-+    unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
-+    struct page_info *page;
-+    int rc = put_old_guest_table(v);
-+
-+    if ( rc )
-+        return rc;
-+
-+#ifdef __x86_64__
-+    if ( is_pv_32on64_vcpu(v) )
-+        mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn));
-+#endif
-+
-+    if ( mfn )
-+    {
-+        page = mfn_to_page(mfn);
-+        if ( paging_mode_refcounts(v->domain) )
-+            put_page(page);
-+        else
-+            rc = put_page_and_type_preemptible(page, preemptible);
-+    }
-+
-+#ifdef __x86_64__
-+    if ( is_pv_32on64_vcpu(v) )
-+    {
-+        if ( !rc )
-+            l4e_write(
-+                (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
-+                l4e_empty());
-+    }
-+    else
-+#endif
-+    if ( !rc )
-+    {
-+        v->arch.guest_table = pagetable_null();
-+
-+#ifdef __x86_64__
-+        /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
-+        mfn = pagetable_get_pfn(v->arch.guest_table_user);
-+        if ( mfn )
-+        {
-+            page = mfn_to_page(mfn);
-+            if ( paging_mode_refcounts(v->domain) )
-+                put_page(page);
-+            else
-+                rc = put_page_and_type_preemptible(page, preemptible);
-+        }
-+        if ( !rc )
-+            v->arch.guest_table_user = pagetable_null();
-+#endif
-+    }
-+
-+    v->arch.cr3 = 0;
-+
-+    return rc;
-+}
- 
- int new_guest_cr3(unsigned long mfn)
- {
-@@ -2994,12 +3070,21 @@ long do_mmuext_op(
-     unsigned int foreigndom)
- {
-     struct mmuext_op op;
--    int rc = 0, i = 0, okay;
-     unsigned long type;
--    unsigned int done = 0;
-+    unsigned int i = 0, done = 0;
-     struct vcpu *curr = current;
-     struct domain *d = curr->domain;
-     struct domain *pg_owner;
-+    int okay, rc = put_old_guest_table(curr);
-+
-+    if ( unlikely(rc) )
-+    {
-+        if ( likely(rc == -EAGAIN) )
-+            rc = hypercall_create_continuation(
-+                     __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone,
-+                     foreigndom);
-+        return rc;
-+    }
- 
-     if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
-     {
---- a/xen/arch/x86/x86_64/compat/mm.c
-+++ b/xen/arch/x86/x86_64/compat/mm.c
-@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
-                                     : mcs->call.args[1];
-                 unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED;
- 
--                BUG_ON(left == arg1);
-+                BUG_ON(left == arg1 && left != i);
-                 BUG_ON(left > count);
-                 guest_handle_add_offset(nat_ops, i - left);
-                 guest_handle_subtract_offset(cmp_uops, left);
---- a/xen/include/asm-x86/domain.h
-+++ b/xen/include/asm-x86/domain.h
-@@ -464,6 +464,7 @@ struct arch_vcpu
-     pagetable_t guest_table_user;       /* (MFN) x86/64 user-space pagetable */
- #endif
-     pagetable_t guest_table;            /* (MFN) guest notion of cr3 */
-+    struct page_info *old_guest_table;  /* partially destructed pagetable */
-     /* guest_table holds a ref to the page, and also a type-count unless
-      * shadow refcounts are in use */
-     pagetable_t shadow_table[4];        /* (MFN) shadow(s) of guest */
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -605,6 +605,7 @@ void audit_domains(void);
- int new_guest_cr3(unsigned long pfn);
- void make_cr3(struct vcpu *v, unsigned long mfn);
- void update_cr3(struct vcpu *v);
-+int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
- void propagate_page_fault(unsigned long addr, u16 error_code);
- void *do_page_walk(struct vcpu *v, unsigned long addr);
- 

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch

@@ -1,169 +0,0 @@
-x86: make new_guest_cr3() preemptible
-
-... as it may take significant amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2889,44 +2889,69 @@ int new_guest_cr3(unsigned long mfn)
- {
-     struct vcpu *curr = current;
-     struct domain *d = curr->domain;
--    int okay;
-+    int rc;
-     unsigned long old_base_mfn;
- 
- #ifdef __x86_64__
-     if ( is_pv_32on64_domain(d) )
-     {
--        okay = paging_mode_refcounts(d)
--            ? 0 /* Old code was broken, but what should it be? */
--            : mod_l4_entry(
-+        rc = paging_mode_refcounts(d)
-+             ? -EINVAL /* Old code was broken, but what should it be? */
-+             : mod_l4_entry(
-                     __va(pagetable_get_paddr(curr->arch.guest_table)),
-                     l4e_from_pfn(
-                         mfn,
-                         (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)),
--                    pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0;
--        if ( unlikely(!okay) )
-+                    pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr);
-+        switch ( rc )
-         {
-+        case 0:
-+            break;
-+        case -EINTR:
-+        case -EAGAIN:
-+            return -EAGAIN;
-+        default:
-             MEM_LOG("Error while installing new compat baseptr %lx", mfn);
--            return 0;
-+            return rc;
-         }
- 
-         invalidate_shadow_ldt(curr, 0);
-         write_ptbase(curr);
- 
--        return 1;
-+        return 0;
-     }
- #endif
--    okay = paging_mode_refcounts(d)
--        ? get_page_from_pagenr(mfn, d)
--        : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0);
--    if ( unlikely(!okay) )
-+    rc = put_old_guest_table(curr);
-+    if ( unlikely(rc) )
-+        return rc;
-+
-+    old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
-+    /*
-+     * This is particularly important when getting restarted after the
-+     * previous attempt got preempted in the put-old-MFN phase.
-+     */
-+    if ( old_base_mfn == mfn )
-     {
--        MEM_LOG("Error while installing new baseptr %lx", mfn);
-+        write_ptbase(curr);
-         return 0;
-     }
- 
--    invalidate_shadow_ldt(curr, 0);
-+    rc = paging_mode_refcounts(d)
-+         ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL)
-+         : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1);
-+    switch ( rc )
-+    {
-+    case 0:
-+        break;
-+    case -EINTR:
-+    case -EAGAIN:
-+        return -EAGAIN;
-+    default:
-+        MEM_LOG("Error while installing new baseptr %lx", mfn);
-+        return rc;
-+    }
- 
--    old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
-+    invalidate_shadow_ldt(curr, 0);
- 
-     curr->arch.guest_table = pagetable_from_pfn(mfn);
-     update_cr3(curr);
-@@ -2935,13 +2960,25 @@ int new_guest_cr3(unsigned long mfn)
- 
-     if ( likely(old_base_mfn != 0) )
-     {
-+        struct page_info *page = mfn_to_page(old_base_mfn);
-+
-         if ( paging_mode_refcounts(d) )
--            put_page(mfn_to_page(old_base_mfn));
-+            put_page(page);
-         else
--            put_page_and_type(mfn_to_page(old_base_mfn));
-+            switch ( rc = put_page_and_type_preemptible(page, 1) )
-+            {
-+            case -EINTR:
-+                rc = -EAGAIN;
-+            case -EAGAIN:
-+                curr->arch.old_guest_table = page;
-+                break;
-+            default:
-+                BUG_ON(rc);
-+                break;
-+            }
-     }
- 
--    return 1;
-+    return rc;
- }
- 
- static struct domain *get_pg_owner(domid_t domid)
-@@ -3239,8 +3276,13 @@ long do_mmuext_op(
-         }
- 
-         case MMUEXT_NEW_BASEPTR:
--            okay = (!paging_mode_translate(d)
--                    && new_guest_cr3(op.arg1.mfn));
-+            if ( paging_mode_translate(d) )
-+                okay = 0;
-+            else
-+            {
-+                rc = new_guest_cr3(op.arg1.mfn);
-+                okay = !rc;
-+            }
-             break;
- 
-         
---- a/xen/arch/x86/traps.c
-+++ b/xen/arch/x86/traps.c
-@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct 
- #endif
-             }
-             page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC);
--            rc = page ? new_guest_cr3(page_to_mfn(page)) : 0;
-             if ( page )
-+            {
-+                rc = new_guest_cr3(page_to_mfn(page));
-                 put_page(page);
-+            }
-+            else
-+                rc = -EINVAL;
-             domain_unlock(v->domain);
--            if ( rc == 0 ) /* not okay */
-+            switch ( rc )
-+            {
-+            case 0:
-+                break;
-+            case -EAGAIN: /* retry after preemption */
-+                goto skip;
-+            default:      /* not okay */
-                 goto fail;
-+            }
-             break;
-         }
- 

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch

@@ -1,74 +0,0 @@
-x86: make MMUEXT_NEW_USER_BASEPTR preemptible
-
-... as it may take significant amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3296,29 +3296,56 @@ long do_mmuext_op(
-                 break;
-             }
- 
-+            old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
-+            /*
-+             * This is particularly important when getting restarted after the
-+             * previous attempt got preempted in the put-old-MFN phase.
-+             */
-+            if ( old_mfn == op.arg1.mfn )
-+                break;
-+
-             if ( op.arg1.mfn != 0 )
-             {
-                 if ( paging_mode_refcounts(d) )
-                     okay = get_page_from_pagenr(op.arg1.mfn, d);
-                 else
--                    okay = !get_page_and_type_from_pagenr(
--                        op.arg1.mfn, PGT_root_page_table, d, 0, 0);
-+                {
-+                    rc = get_page_and_type_from_pagenr(
-+                        op.arg1.mfn, PGT_root_page_table, d, 0, 1);
-+                    okay = !rc;
-+                }
-                 if ( unlikely(!okay) )
-                 {
--                    MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn);
-+                    if ( rc == -EINTR )
-+                        rc = -EAGAIN;
-+                    else if ( rc != -EAGAIN )
-+                        MEM_LOG("Error while installing new mfn %lx",
-+                                op.arg1.mfn);
-                     break;
-                 }
-             }
- 
--            old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
-             curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn);
- 
-             if ( old_mfn != 0 )
-             {
-+                struct page_info *page = mfn_to_page(old_mfn);
-+
-                 if ( paging_mode_refcounts(d) )
--                    put_page(mfn_to_page(old_mfn));
-+                    put_page(page);
-                 else
--                    put_page_and_type(mfn_to_page(old_mfn));
-+                    switch ( rc = put_page_and_type_preemptible(page, 1) )
-+                    {
-+                    case -EINTR:
-+                        rc = -EAGAIN;
-+                    case -EAGAIN:
-+                        curr->arch.old_guest_table = page;
-+                        okay = 0;
-+                        break;
-+                    default:
-+                        BUG_ON(rc);
-+                        break;
-+                    }
-             }
- 
-             break;

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch

@@ -1,200 +0,0 @@
-x86: make vcpu_reset() preemptible
-
-... as dropping the old page tables may take significant amounts of
-time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -1051,17 +1051,16 @@ int arch_set_info_guest(
- #undef c
- }
- 
--void arch_vcpu_reset(struct vcpu *v)
-+int arch_vcpu_reset(struct vcpu *v)
- {
-     if ( !is_hvm_vcpu(v) )
-     {
-         destroy_gdt(v);
--        vcpu_destroy_pagetables(v, 0);
--    }
--    else
--    {
--        vcpu_end_shutdown_deferral(v);
-+        return vcpu_destroy_pagetables(v);
-     }
-+
-+    vcpu_end_shutdown_deferral(v);
-+    return 0;
- }
- 
- /* 
-@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d
-         /* Drop the in-use references to page-table bases. */
-         for_each_vcpu ( d, v )
-         {
--            ret = vcpu_destroy_pagetables(v, 1);
-+            ret = vcpu_destroy_pagetables(v);
-             if ( ret )
-                 return ret;
-         }
---- a/xen/arch/x86/hvm/hvm.c
-+++ b/xen/arch/x86/hvm/hvm.c
-@@ -3509,8 +3509,11 @@ static void hvm_s3_suspend(struct domain
- 
-     for_each_vcpu ( d, v )
-     {
-+        int rc;
-+
-         vlapic_reset(vcpu_vlapic(v));
--        vcpu_reset(v);
-+        rc = vcpu_reset(v);
-+        ASSERT(!rc);
-     }
- 
-     vpic_reset(d);
---- a/xen/arch/x86/hvm/vlapic.c
-+++ b/xen/arch/x86/hvm/vlapic.c
-@@ -252,10 +252,13 @@ static void vlapic_init_sipi_action(unsi
-     {
-     case APIC_DM_INIT: {
-         bool_t fpu_initialised;
-+        int rc;
-+
-         domain_lock(target->domain);
-         /* Reset necessary VCPU state. This does not include FPU state. */
-         fpu_initialised = target->fpu_initialised;
--        vcpu_reset(target);
-+        rc = vcpu_reset(target);
-+        ASSERT(!rc);
-         target->fpu_initialised = fpu_initialised;
-         vlapic_reset(vcpu_vlapic(target));
-         domain_unlock(target->domain);
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2827,7 +2827,7 @@ static int put_old_guest_table(struct vc
-     return rc;
- }
- 
--int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
-+int vcpu_destroy_pagetables(struct vcpu *v)
- {
-     unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
-     struct page_info *page;
-@@ -2847,7 +2847,7 @@ int vcpu_destroy_pagetables(struct vcpu 
-         if ( paging_mode_refcounts(v->domain) )
-             put_page(page);
-         else
--            rc = put_page_and_type_preemptible(page, preemptible);
-+            rc = put_page_and_type_preemptible(page, 1);
-     }
- 
- #ifdef __x86_64__
-@@ -2873,7 +2873,7 @@ int vcpu_destroy_pagetables(struct vcpu 
-             if ( paging_mode_refcounts(v->domain) )
-                 put_page(page);
-             else
--                rc = put_page_and_type_preemptible(page, preemptible);
-+                rc = put_page_and_type_preemptible(page, 1);
-         }
-         if ( !rc )
-             v->arch.guest_table_user = pagetable_null();
---- a/xen/common/domain.c
-+++ b/xen/common/domain.c
-@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller(
-         domain_unpause(d);
- }
- 
--void vcpu_reset(struct vcpu *v)
-+int vcpu_reset(struct vcpu *v)
- {
-     struct domain *d = v->domain;
-+    int rc;
- 
-     vcpu_pause(v);
-     domain_lock(d);
- 
--    arch_vcpu_reset(v);
-+    set_bit(_VPF_in_reset, &v->pause_flags);
-+    rc = arch_vcpu_reset(v);
-+    if ( rc )
-+        goto out_unlock;
- 
-     set_bit(_VPF_down, &v->pause_flags);
- 
-@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v)
- #endif
-     cpumask_clear(v->cpu_affinity_tmp);
-     clear_bit(_VPF_blocked, &v->pause_flags);
-+    clear_bit(_VPF_in_reset, &v->pause_flags);
- 
-+ out_unlock:
-     domain_unlock(v->domain);
-     vcpu_unpause(v);
-+
-+    return rc;
- }
- 
- 
---- a/xen/common/domctl.c
-+++ b/xen/common/domctl.c
-@@ -306,8 +306,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
- 
-         if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
-         {
--            vcpu_reset(v);
--            ret = 0;
-+            ret = vcpu_reset(v);
-+            if ( ret == -EAGAIN )
-+                ret = hypercall_create_continuation(
-+                          __HYPERVISOR_domctl, "h", u_domctl);
-             goto svc_out;
-         }
- 
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -605,7 +605,7 @@ void audit_domains(void);
- int new_guest_cr3(unsigned long pfn);
- void make_cr3(struct vcpu *v, unsigned long mfn);
- void update_cr3(struct vcpu *v);
--int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
-+int vcpu_destroy_pagetables(struct vcpu *);
- void propagate_page_fault(unsigned long addr, u16 error_code);
- void *do_page_walk(struct vcpu *v, unsigned long addr);
- 
---- a/xen/include/xen/domain.h
-+++ b/xen/include/xen/domain.h
-@@ -13,7 +13,7 @@ typedef union {
- struct vcpu *alloc_vcpu(
-     struct domain *d, unsigned int vcpu_id, unsigned int cpu_id);
- struct vcpu *alloc_dom0_vcpu0(void);
--void vcpu_reset(struct vcpu *v);
-+int vcpu_reset(struct vcpu *);
- 
- struct xen_domctl_getdomaininfo;
- void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info);
-@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v)
- 
- void arch_dump_domain_info(struct domain *d);
- 
--void arch_vcpu_reset(struct vcpu *v);
-+int arch_vcpu_reset(struct vcpu *);
- 
- extern spinlock_t vcpu_alloc_lock;
- bool_t domctl_lock_acquire(void);
---- a/xen/include/xen/sched.h
-+++ b/xen/include/xen/sched.h
-@@ -644,6 +644,9 @@ static inline struct domain *next_domain
-  /* VCPU is blocked due to missing mem_sharing ring. */
- #define _VPF_mem_sharing     6
- #define VPF_mem_sharing      (1UL<<_VPF_mem_sharing)
-+ /* VCPU is being reset. */
-+#define _VPF_in_reset        7
-+#define VPF_in_reset         (1UL<<_VPF_in_reset)
- 
- static inline int vcpu_runnable(struct vcpu *v)
- {

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch

@@ -1,204 +0,0 @@
-x86: make arch_set_info_guest() preemptible
-
-.. as the root page table validation (and the dropping of an eventual
-old one) can require meaningful amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -858,6 +858,9 @@ int arch_set_info_guest(
- 
-     if ( !v->is_initialised )
-     {
-+        if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] )
-+            return -EINVAL;
-+
-         v->arch.pv_vcpu.ldt_base = c(ldt_base);
-         v->arch.pv_vcpu.ldt_ents = c(ldt_ents);
-     }
-@@ -955,24 +958,44 @@ int arch_set_info_guest(
-     if ( rc != 0 )
-         return rc;
- 
-+    set_bit(_VPF_in_reset, &v->pause_flags);
-+
-     if ( !compat )
--    {
-         cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]);
--        cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
--
--        if ( !cr3_page )
--        {
--            destroy_gdt(v);
--            return -EINVAL;
--        }
--        if ( !paging_mode_refcounts(d)
--             && !get_page_type(cr3_page, PGT_base_page_table) )
--        {
--            put_page(cr3_page);
--            destroy_gdt(v);
--            return -EINVAL;
--        }
-+#ifdef CONFIG_COMPAT
-+    else
-+        cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
-+#endif
-+    cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
- 
-+    if ( !cr3_page )
-+        rc = -EINVAL;
-+    else if ( paging_mode_refcounts(d) )
-+        /* nothing */;
-+    else if ( cr3_page == v->arch.old_guest_table )
-+    {
-+        v->arch.old_guest_table = NULL;
-+        put_page(cr3_page);
-+    }
-+    else
-+    {
-+        /*
-+         * Since v->arch.guest_table{,_user} are both NULL, this effectively
-+         * is just a call to put_old_guest_table().
-+         */
-+        if ( !compat )
-+            rc = vcpu_destroy_pagetables(v);
-+        if ( !rc )
-+            rc = get_page_type_preemptible(cr3_page,
-+                                           !compat ? PGT_root_page_table
-+                                                   : PGT_l3_page_table);
-+        if ( rc == -EINTR )
-+            rc = -EAGAIN;
-+    }
-+    if ( rc )
-+        /* handled below */;
-+    else if ( !compat )
-+    {
-         v->arch.guest_table = pagetable_from_page(cr3_page);
- #ifdef __x86_64__
-         if ( c.nat->ctrlreg[1] )
-@@ -980,56 +1003,44 @@ int arch_set_info_guest(
-             cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]);
-             cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
- 
--            if ( !cr3_page ||
--                 (!paging_mode_refcounts(d)
--                  && !get_page_type(cr3_page, PGT_base_page_table)) )
-+            if ( !cr3_page )
-+                rc = -EINVAL;
-+            else if ( !paging_mode_refcounts(d) )
-             {
--                if (cr3_page)
--                    put_page(cr3_page);
--                cr3_page = pagetable_get_page(v->arch.guest_table);
--                v->arch.guest_table = pagetable_null();
--                if ( paging_mode_refcounts(d) )
--                    put_page(cr3_page);
--                else
--                    put_page_and_type(cr3_page);
--                destroy_gdt(v);
--                return -EINVAL;
-+                rc = get_page_type_preemptible(cr3_page, PGT_root_page_table);
-+                switch ( rc )
-+                {
-+                case -EINTR:
-+                    rc = -EAGAIN;
-+                case -EAGAIN:
-+                    v->arch.old_guest_table =
-+                        pagetable_get_page(v->arch.guest_table);
-+                    v->arch.guest_table = pagetable_null();
-+                    break;
-+                }
-             }
--
--            v->arch.guest_table_user = pagetable_from_page(cr3_page);
--        }
--        else if ( !(flags & VGCF_in_kernel) )
--        {
--            destroy_gdt(v);
--            return -EINVAL;
-+            if ( !rc )
-+               v->arch.guest_table_user = pagetable_from_page(cr3_page);
-         }
-     }
-     else
-     {
-         l4_pgentry_t *l4tab;
- 
--        cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
--        cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
--
--        if ( !cr3_page)
--        {
--            destroy_gdt(v);
--            return -EINVAL;
--        }
--
--        if (!paging_mode_refcounts(d)
--            && !get_page_type(cr3_page, PGT_l3_page_table) )
--        {
--            put_page(cr3_page);
--            destroy_gdt(v);
--            return -EINVAL;
--        }
--
-         l4tab = __va(pagetable_get_paddr(v->arch.guest_table));
-         *l4tab = l4e_from_pfn(page_to_mfn(cr3_page),
-             _PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED);
- #endif
-     }
-+    if ( rc )
-+    {
-+        if ( cr3_page )
-+            put_page(cr3_page);
-+        destroy_gdt(v);
-+        return rc;
-+    }
-+
-+    clear_bit(_VPF_in_reset, &v->pause_flags);
- 
-     if ( v->vcpu_id == 0 )
-         update_domain_wallclock_time(d);
---- a/xen/common/compat/domain.c
-+++ b/xen/common/compat/domain.c
-@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid, 
-         rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt);
-         domain_unlock(d);
- 
-+        if ( rc == -EAGAIN )
-+            rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
-+                                               cmd, vcpuid, arg);
-+
-         xfree(cmp_ctxt);
-         break;
-     }
---- a/xen/common/domain.c
-+++ b/xen/common/domain.c
-@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN
-         domain_unlock(d);
- 
-         free_vcpu_guest_context(ctxt);
-+
-+        if ( rc == -EAGAIN )
-+            rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
-+                                               cmd, vcpuid, arg);
-+
-         break;
- 
-     case VCPUOP_up: {
---- a/xen/common/domctl.c
-+++ b/xen/common/domctl.c
-@@ -338,6 +338,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
-             domain_pause(d);
-             ret = arch_set_info_guest(v, c);
-             domain_unpause(d);
-+
-+            if ( ret == -EAGAIN )
-+                ret = hypercall_create_continuation(
-+                          __HYPERVISOR_domctl, "h", u_domctl);
-         }
- 
-     svc_out:

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch

@@ -1,127 +0,0 @@
-x86: make page table unpinning preemptible
-
-... as it may take significant amounts of time.
-
-Since we can't re-invoke the operation in a second attempt, the
-continuation logic must be slightly tweaked so that we make sure
-do_mmuext_op() gets run one more time even when the preempted unpin
-operation was the last one in a batch.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3123,6 +3123,14 @@ long do_mmuext_op(
-         return rc;
-     }
- 
-+    if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+         likely(guest_handle_is_null(uops)) )
-+    {
-+        /* See the curr->arch.old_guest_table related
-+         * hypercall_create_continuation() below. */
-+        return (int)foreigndom;
-+    }
-+
-     if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
-     {
-         count &= ~MMU_UPDATE_PREEMPTED;
-@@ -3146,7 +3154,7 @@ long do_mmuext_op(
- 
-     for ( i = 0; i < count; i++ )
-     {
--        if ( hypercall_preempt_check() )
-+        if ( curr->arch.old_guest_table || hypercall_preempt_check() )
-         {
-             rc = -EAGAIN;
-             break;
-@@ -3266,7 +3274,17 @@ long do_mmuext_op(
-                 break;
-             }
- 
--            put_page_and_type(page);
-+            switch ( rc = put_page_and_type_preemptible(page, 1) )
-+            {
-+            case -EINTR:
-+            case -EAGAIN:
-+                curr->arch.old_guest_table = page;
-+                rc = 0;
-+                break;
-+            default:
-+                BUG_ON(rc);
-+                break;
-+            }
-             put_page(page);
- 
-             /* A page is dirtied when its pin status is cleared. */
-@@ -3587,9 +3605,27 @@ long do_mmuext_op(
-     }
- 
-     if ( rc == -EAGAIN )
-+    {
-+        ASSERT(i < count);
-         rc = hypercall_create_continuation(
-             __HYPERVISOR_mmuext_op, "hihi",
-             uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
-+    }
-+    else if ( curr->arch.old_guest_table )
-+    {
-+        XEN_GUEST_HANDLE(void) null;
-+
-+        ASSERT(rc || i == count);
-+        set_xen_guest_handle(null, NULL);
-+        /*
-+         * In order to have a way to communicate the final return value to
-+         * our continuation, we pass this in place of "foreigndom", building
-+         * on the fact that this argument isn't needed anymore.
-+         */
-+        rc = hypercall_create_continuation(
-+                __HYPERVISOR_mmuext_op, "hihi", null,
-+                MMU_UPDATE_PREEMPTED, null, rc);
-+    }
- 
-     put_pg_owner(pg_owner);
- 
---- a/xen/arch/x86/x86_64/compat/mm.c
-+++ b/xen/arch/x86/x86_64/compat/mm.c
-@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
-     int rc = 0;
-     XEN_GUEST_HANDLE(mmuext_op_t) nat_ops;
- 
-+    if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+         likely(guest_handle_is_null(cmp_uops)) )
-+    {
-+        set_xen_guest_handle(nat_ops, NULL);
-+        return do_mmuext_op(nat_ops, count, pdone, foreigndom);
-+    }
-+
-     preempt_mask = count & MMU_UPDATE_PREEMPTED;
-     count ^= preempt_mask;
- 
-@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
-                 guest_handle_add_offset(nat_ops, i - left);
-                 guest_handle_subtract_offset(cmp_uops, left);
-                 left = 1;
--                BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops));
--                BUG_ON(left != arg1);
--                if (!test_bit(_MCSF_in_multicall, &mcs->flags))
--                    regs->_ecx += count - i;
-+                if ( arg1 != MMU_UPDATE_PREEMPTED )
-+                {
-+                    BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops,
-+                                                        cmp_uops));
-+                    if ( !test_bit(_MCSF_in_multicall, &mcs->flags) )
-+                        regs->_ecx += count - i;
-+                    else
-+                        mcs->compat_call.args[1] += count - i;
-+                }
-                 else
--                    mcs->compat_call.args[1] += count - i;
-+                    BUG_ON(hypercall_xlat_continuation(&left, 0));
-+                BUG_ON(left != arg1);
-             }
-             else
-                 BUG_ON(err > 0);

app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch

@@ -1,255 +0,0 @@
-x86: make page table handling error paths preemptible
-
-... as they may take significant amounts of time.
-
-This requires cloning the tweaked continuation logic from
-do_mmuext_op() to do_mmu_update().
-
-Note that in mod_l[34]_entry() a negative "preemptible" value gets
-passed to put_page_from_l[34]e() now, telling the callee to store the
-respective page in current->arch.old_guest_table (for a hypercall
-continuation to pick up), rather than carrying out the put right away.
-This is going to be made a little more explicit by a subsequent cleanup
-patch.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -1241,7 +1241,16 @@ static int put_page_from_l3e(l3_pgentry_
- #endif
- 
-     if ( unlikely(partial > 0) )
-+    {
-+        ASSERT(preemptible >= 0);
-         return __put_page_type(l3e_get_page(l3e), preemptible);
-+    }
-+
-+    if ( preemptible < 0 )
-+    {
-+        current->arch.old_guest_table = l3e_get_page(l3e);
-+        return 0;
-+    }
- 
-     return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible);
- }
-@@ -1254,7 +1263,17 @@ static int put_page_from_l4e(l4_pgentry_
-          (l4e_get_pfn(l4e) != pfn) )
-     {
-         if ( unlikely(partial > 0) )
-+        {
-+            ASSERT(preemptible >= 0);
-             return __put_page_type(l4e_get_page(l4e), preemptible);
-+        }
-+
-+        if ( preemptible < 0 )
-+        {
-+            current->arch.old_guest_table = l4e_get_page(l4e);
-+            return 0;
-+        }
-+
-         return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible);
-     }
-     return 1;
-@@ -1549,12 +1568,17 @@ static int alloc_l3_table(struct page_in
-     if ( rc < 0 && rc != -EAGAIN && rc != -EINTR )
-     {
-         MEM_LOG("Failure in alloc_l3_table: entry %d", i);
-+        if ( i )
-+        {
-+            page->nr_validated_ptes = i;
-+            page->partial_pte = 0;
-+            current->arch.old_guest_table = page;
-+        }
-         while ( i-- > 0 )
-         {
-             if ( !is_guest_l3_slot(i) )
-                 continue;
-             unadjust_guest_l3e(pl3e[i], d);
--            put_page_from_l3e(pl3e[i], pfn, 0, 0);
-         }
-     }
- 
-@@ -1584,22 +1608,24 @@ static int alloc_l4_table(struct page_in
-             page->nr_validated_ptes = i;
-             page->partial_pte = partial ?: 1;
-         }
--        else if ( rc == -EINTR )
-+        else if ( rc < 0 )
-         {
-+            if ( rc != -EINTR )
-+                MEM_LOG("Failure in alloc_l4_table: entry %d", i);
-             if ( i )
-             {
-                 page->nr_validated_ptes = i;
-                 page->partial_pte = 0;
--                rc = -EAGAIN;
-+                if ( rc == -EINTR )
-+                    rc = -EAGAIN;
-+                else
-+                {
-+                    if ( current->arch.old_guest_table )
-+                        page->nr_validated_ptes++;
-+                    current->arch.old_guest_table = page;
-+                }
-             }
-         }
--        else if ( rc < 0 )
--        {
--            MEM_LOG("Failure in alloc_l4_table: entry %d", i);
--            while ( i-- > 0 )
--                if ( is_guest_l4_slot(d, i) )
--                    put_page_from_l4e(pl4e[i], pfn, 0, 0);
--        }
-         if ( rc < 0 )
-             return rc;
- 
-@@ -2047,7 +2073,7 @@ static int mod_l3_entry(l3_pgentry_t *pl
-         pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e);
-     }
- 
--    put_page_from_l3e(ol3e, pfn, 0, 0);
-+    put_page_from_l3e(ol3e, pfn, 0, -preemptible);
-     return rc;
- }
- 
-@@ -2110,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl
-         return -EFAULT;
-     }
- 
--    put_page_from_l4e(ol4e, pfn, 0, 0);
-+    put_page_from_l4e(ol4e, pfn, 0, -preemptible);
-     return rc;
- }
- 
-@@ -2268,7 +2294,15 @@ static int alloc_page_type(struct page_i
-                 PRtype_info ": caf=%08lx taf=%" PRtype_info,
-                 page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)),
-                 type, page->count_info, page->u.inuse.type_info);
--        page->u.inuse.type_info = 0;
-+        if ( page != current->arch.old_guest_table )
-+            page->u.inuse.type_info = 0;
-+        else
-+        {
-+            ASSERT((page->u.inuse.type_info &
-+                    (PGT_count_mask | PGT_validated)) == 1);
-+            get_page_light(page);
-+            page->u.inuse.type_info |= PGT_partial;
-+        }
-     }
-     else
-     {
-@@ -3218,21 +3252,17 @@ long do_mmuext_op(
-             }
- 
-             if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
--            {
--                put_page_and_type(page);
-                 okay = 0;
--                break;
--            }
--
--            if ( unlikely(test_and_set_bit(_PGT_pinned,
--                                           &page->u.inuse.type_info)) )
-+            else if ( unlikely(test_and_set_bit(_PGT_pinned,
-+                                                &page->u.inuse.type_info)) )
-             {
-                 MEM_LOG("Mfn %lx already pinned", page_to_mfn(page));
--                put_page_and_type(page);
-                 okay = 0;
--                break;
-             }
- 
-+            if ( unlikely(!okay) )
-+                goto pin_drop;
-+
-             /* A page is dirtied when its pin status is set. */
-             paging_mark_dirty(pg_owner, page_to_mfn(page));
- 
-@@ -3246,7 +3276,13 @@ long do_mmuext_op(
-                                                &page->u.inuse.type_info));
-                 spin_unlock(&pg_owner->page_alloc_lock);
-                 if ( drop_ref )
--                    put_page_and_type(page);
-+                {
-+        pin_drop:
-+                    if ( type == PGT_l1_page_table )
-+                        put_page_and_type(page);
-+                    else
-+                        curr->arch.old_guest_table = page;
-+                }
-             }
- 
-             break;
-@@ -3652,11 +3688,28 @@ long do_mmu_update(
-     void *va;
-     unsigned long gpfn, gmfn, mfn;
-     struct page_info *page;
--    int rc = 0, i = 0;
--    unsigned int cmd, done = 0, pt_dom;
--    struct vcpu *v = current;
-+    unsigned int cmd, i = 0, done = 0, pt_dom;
-+    struct vcpu *curr = current, *v = curr;
-     struct domain *d = v->domain, *pt_owner = d, *pg_owner;
-     struct domain_mmap_cache mapcache;
-+    int rc = put_old_guest_table(curr);
-+
-+    if ( unlikely(rc) )
-+    {
-+        if ( likely(rc == -EAGAIN) )
-+            rc = hypercall_create_continuation(
-+                     __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone,
-+                     foreigndom);
-+        return rc;
-+    }
-+
-+    if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+         likely(guest_handle_is_null(ureqs)) )
-+    {
-+        /* See the curr->arch.old_guest_table related
-+         * hypercall_create_continuation() below. */
-+        return (int)foreigndom;
-+    }
- 
-     if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
-     {
-@@ -3705,7 +3758,7 @@ long do_mmu_update(
- 
-     for ( i = 0; i < count; i++ )
-     {
--        if ( hypercall_preempt_check() )
-+        if ( curr->arch.old_guest_table || hypercall_preempt_check() )
-         {
-             rc = -EAGAIN;
-             break;
-@@ -3886,9 +3939,27 @@ long do_mmu_update(
-     }
- 
-     if ( rc == -EAGAIN )
-+    {
-+        ASSERT(i < count);
-         rc = hypercall_create_continuation(
-             __HYPERVISOR_mmu_update, "hihi",
-             ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
-+    }
-+    else if ( curr->arch.old_guest_table )
-+    {
-+        XEN_GUEST_HANDLE(void) null;
-+
-+        ASSERT(rc || i == count);
-+        set_xen_guest_handle(null, NULL);
-+        /*
-+         * In order to have a way to communicate the final return value to
-+         * our continuation, we pass this in place of "foreigndom", building
-+         * on the fact that this argument isn't needed anymore.
-+         */
-+        rc = hypercall_create_continuation(
-+                __HYPERVISOR_mmu_update, "hihi", null,
-+                MMU_UPDATE_PREEMPTED, null, rc);
-+    }
- 
-     put_pg_owner(pg_owner);
- 

app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch

@@ -1,127 +0,0 @@
-x86/xsave: fix information leak on AMD CPUs
-
-Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the
-last instruction and operand pointers as well as the last opcode if
-there's no pending unmasked exception (see CVE-2006-1056 and commit
-9747:4d667a139318).
-
-While the FXSR solution sits in the save path, I prefer to have this in
-the restore path because there the handling is simpler (namely in the
-context of the pending changes to properly save the selector values for
-32-bit guest code).
-
-Also this is using FFREE instead of EMMS, as it doesn't seem unlikely
-that in the future we may see CPUs with x87 and SSE/AVX but no MMX
-support. The goal here anyway is just to avoid an FPU stack overflow.
-I would have preferred to use FFREEP instead of FFREE (freeing two
-stack slots at once), but AMD doesn't document that instruction.
-
-This is CVE-2013-2076 / XSA-52.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -78,6 +78,21 @@ void xrstor(struct vcpu *v, uint64_t mas
- 
-     struct xsave_struct *ptr = v->arch.xsave_area;
- 
-+    /*
-+     * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception
-+     * is pending. Clear the x87 state here by setting it to fixed
-+     * values. The hypervisor data segment can be sometimes 0 and
-+     * sometimes new user value. Both should be ok. Use the FPU saved
-+     * data block as a safe address because it should be in L1.
-+     */
-+    if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) &&
-+         !(ptr->fpu_sse.fsw & 0x0080) &&
-+         boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
-+        asm volatile ( "fnclex\n\t"        /* clear exceptions */
-+                       "ffree %%st(7)\n\t" /* clear stack tag */
-+                       "fildl %0"          /* load to clear state */
-+                       : : "m" (ptr->fpu_sse) );
-+
-     asm volatile (
-         ".byte " REX_PREFIX "0x0f,0xae,0x2f"
-         :
-#x86/xsave: recover from faults on XRSTOR
-#
-#Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed
-#to it in the memory block (i.e. aspects not under the control of the
-#hypervisor, other than e.g. proper alignment of the block).
-#
-#Also correct the comment explaining why FXRSTOR needs exception
-#recovery code to not wrongly state that this can only be a result of
-#the control tools passing a bad image.
-#
-#This is CVE-2013-2077 / XSA-53.
-#
-#Signed-off-by: Jan Beulich <jbeulich@suse.com>
-#
---- a/xen/arch/x86/i387.c
-+++ b/xen/arch/x86/i387.c
-@@ -53,7 +53,7 @@ static inline void fpu_fxrstor(struct vc
-     /*
-      * FXRSTOR can fault if passed a corrupted data block. We handle this
-      * possibility, which may occur if the block was passed to us by control
--     * tools, by silently clearing the block.
-+     * tools or through VCPUOP_initialise, by silently clearing the block.
-      */
-     asm volatile (
- #ifdef __i386__
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -93,10 +93,25 @@ void xrstor(struct vcpu *v, uint64_t mas
-                        "fildl %0"          /* load to clear state */
-                        : : "m" (ptr->fpu_sse) );
- 
--    asm volatile (
--        ".byte " REX_PREFIX "0x0f,0xae,0x2f"
--        :
--        : "m" (*ptr), "a" (lmask), "d" (hmask), "D"(ptr) );
-+    /*
-+     * XRSTOR can fault if passed a corrupted data block. We handle this
-+     * possibility, which may occur if the block was passed to us by control
-+     * tools or through VCPUOP_initialise, by silently clearing the block.
-+     */
-+    asm volatile ( "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n"
-+                   ".section .fixup,\"ax\"\n"
-+                   "2: mov %5,%%ecx       \n"
-+                   "   xor %1,%1          \n"
-+                   "   rep stosb          \n"
-+                   "   lea %2,%0          \n"
-+                   "   mov %3,%1          \n"
-+                   "   jmp 1b             \n"
-+                   ".previous             \n"
-+                   _ASM_EXTABLE(1b, 2b)
-+                   : "+&D" (ptr), "+&a" (lmask)
-+                   : "m" (*ptr), "g" (lmask), "d" (hmask),
-+                     "m" (xsave_cntxt_size)
-+                   : "ecx" );
- }
- 
- bool_t xsave_enabled(const struct vcpu *v)
-#x86/xsave: properly check guest input to XSETBV
-#
-#Other than the HVM emulation path, the PV case so far failed to check
-#that YMM state requires SSE state to be enabled, allowing for a #GP to
-#occur upon passing the inputs to XSETBV inside the hypervisor.
-#
-#This is CVE-2013-2078 / XSA-54.
-#
-#Signed-off-by: Jan Beulich <jbeulich@suse.com>
-#
---- a/xen/arch/x86/traps.c
-+++ b/xen/arch/x86/traps.c
-@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct 
-                     if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) )
-                         goto fail;
- 
-+                    /* YMM state takes SSE state as prerequisite. */
-+                    if ( (xfeature_mask & new_xfeature & XSTATE_YMM) &&
-+                         !(new_xfeature & XSTATE_SSE) )
-+                        goto fail;
-+
-                     v->arch.xcr0 = new_xfeature;
-                     v->arch.xcr0_accum |= new_xfeature;
-                     set_xcr0(new_xfeature);

app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch

@@ -1,130 +0,0 @@
-x86: fix page refcount handling in page table pin error path
-
-In the original patch 7 of the series addressing XSA-45 I mistakenly
-took the addition of the call to get_page_light() in alloc_page_type()
-to cover two decrements that would happen: One for the PGT_partial bit
-that is getting set along with the call, and the other for the page
-reference the caller hold (and would be dropping on its error path).
-But of course the additional page reference is tied to the PGT_partial
-bit, and hence any caller of a function that may leave
-->arch.old_guest_table non-NULL for error cleanup purposes has to make
-sure a respective page reference gets retained.
-
-Similar issues were then also spotted elsewhere: In effect all callers
-of get_page_type_preemptible() need to deal with errors in similar
-ways. To make sure error handling can work this way without leaking
-page references, a respective assertion gets added to that function.
-
-This is CVE-2013-1432 / XSA-58.
-
-Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -941,6 +941,10 @@ int arch_set_info_guest(
-     if ( v->vcpu_id == 0 )
-         d->vm_assist = c(vm_assist);
- 
-+    rc = put_old_guest_table(current);
-+    if ( rc )
-+        return rc;
-+
-     if ( !compat )
-         rc = (int)set_gdt(v, c.nat->gdt_frames, c.nat->gdt_ents);
- #ifdef CONFIG_COMPAT
-@@ -980,18 +984,24 @@ int arch_set_info_guest(
-     }
-     else
-     {
--        /*
--         * Since v->arch.guest_table{,_user} are both NULL, this effectively
--         * is just a call to put_old_guest_table().
--         */
-         if ( !compat )
--            rc = vcpu_destroy_pagetables(v);
-+            rc = put_old_guest_table(v);
-         if ( !rc )
-             rc = get_page_type_preemptible(cr3_page,
-                                            !compat ? PGT_root_page_table
-                                                    : PGT_l3_page_table);
--        if ( rc == -EINTR )
-+        switch ( rc )
-+        {
-+        case -EINTR:
-             rc = -EAGAIN;
-+        case -EAGAIN:
-+        case 0:
-+            break;
-+        default:
-+            if ( cr3_page == current->arch.old_guest_table )
-+                cr3_page = NULL;
-+            break;
-+        }
-     }
-     if ( rc )
-         /* handled below */;
-@@ -1018,6 +1028,11 @@ int arch_set_info_guest(
-                         pagetable_get_page(v->arch.guest_table);
-                     v->arch.guest_table = pagetable_null();
-                     break;
-+                default:
-+                    if ( cr3_page == current->arch.old_guest_table )
-+                        cr3_page = NULL;
-+                case 0:
-+                    break;
-                 }
-             }
-             if ( !rc )
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -718,7 +718,8 @@ static int get_page_and_type_from_pagenr
-           get_page_type_preemptible(page, type) :
-           (get_page_type(page, type) ? 0 : -EINVAL));
- 
--    if ( unlikely(rc) && partial >= 0 )
-+    if ( unlikely(rc) && partial >= 0 &&
-+         (!preemptible || page != current->arch.old_guest_table) )
-         put_page(page);
- 
-     return rc;
-@@ -2638,6 +2639,7 @@ int put_page_type_preemptible(struct pag
- 
- int get_page_type_preemptible(struct page_info *page, unsigned long type)
- {
-+    ASSERT(!current->arch.old_guest_table);
-     return __get_page_type(page, type, 1);
- }
- 
-@@ -2848,7 +2850,7 @@ static void put_superpage(unsigned long 
- 
- #endif
- 
--static int put_old_guest_table(struct vcpu *v)
-+int put_old_guest_table(struct vcpu *v)
- {
-     int rc;
- 
-@@ -3253,7 +3255,8 @@ long do_mmuext_op(
-                     rc = -EAGAIN;
-                 else if ( rc != -EAGAIN )
-                     MEM_LOG("Error while pinning mfn %lx", page_to_mfn(page));
--                put_page(page);
-+                if ( page != curr->arch.old_guest_table )
-+                    put_page(page);
-                 break;
-             }
- 
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -374,6 +374,7 @@ void put_page_type(struct page_info *pag
- int  get_page_type(struct page_info *page, unsigned long type);
- int  put_page_type_preemptible(struct page_info *page);
- int  get_page_type_preemptible(struct page_info *page, unsigned long type);
-+int  put_old_guest_table(struct vcpu *);
- int  get_page_from_l1e(
-     l1_pgentry_t l1e, struct domain *l1e_owner, struct domain *pg_owner);
- void put_page_from_l1e(l1_pgentry_t l1e, struct domain *l1e_owner);
-

app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch

@@ -1,41 +0,0 @@
-x86: restrict XEN_DOMCTL_getmemlist
-
-Coverity ID 1055652
-
-(See the code comment.)
-
-This is CVE-2013-4553 / XSA-74.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domctl.c
-+++ b/xen/arch/x86/domctl.c
-@@ -385,6 +385,26 @@ long arch_do_domctl(
-                 break;
-             }
- 
-+            /*
-+             * XSA-74: This sub-hypercall is broken in several ways:
-+             * - lock order inversion (p2m locks inside page_alloc_lock)
-+             * - no preemption on huge max_pfns input
-+             * - not (re-)checking d->is_dying with page_alloc_lock held
-+             * - not honoring start_pfn input (which libxc also doesn't set)
-+             * Additionally it is rather useless, as the result is stale by
-+             * the time the caller gets to look at it.
-+             * As it only has a single, non-production consumer (xen-mceinj),
-+             * rather than trying to fix it we restrict it for the time being.
-+             */
-+            if ( /* No nested locks inside copy_to_guest_offset(). */
-+                 paging_mode_external(current->domain) ||
-+                 /* Arbitrary limit capping processing time. */
-+                 max_pfns > GB(4) / PAGE_SIZE )
-+            {
-+                ret = -EOPNOTSUPP;
-+                break;
-+            }
-+
-             spin_lock(&d->page_alloc_lock);
- 
-             if ( unlikely(d->is_dying) ) {

app-emulation/xen/files/xen-4.2-XSA-84.patch

@@ -1,153 +0,0 @@
-flask: fix reading strings from guest memory
-
-Since the string size is being specified by the guest, we must range
-check it properly before doing allocations based on it. While for the
-two cases that are exposed only to trusted guests (via policy
-restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for
-the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit
-gets enforced based on the longest name across all boolean settings.
-
-This is XSA-84.
-
-Reported-by: Matthew Daley <mattd@bugfuzz.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
-
---- a/xen/xsm/flask/flask_op.c
-+++ b/xen/xsm/flask/flask_op.c
-@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(sel_sem);
- /* global data for booleans */
- static int bool_num = 0;
- static int *bool_pending_values = NULL;
-+static size_t bool_maxstr;
- static int flask_security_make_bools(void);
- 
- extern int ss_initialized;
-@@ -71,9 +72,15 @@ static int domain_has_security(struct do
-                         perms, NULL);
- }
- 
--static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, uint32_t size)
-+static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf,
-+                               size_t size, size_t max_size)
- {
--    char *tmp = xmalloc_bytes(size + 1);
-+    char *tmp;
-+
-+    if ( size > max_size )
-+        return -ENOENT;
-+
-+    tmp = xmalloc_array(char, size + 1);
-     if ( !tmp )
-         return -ENOMEM;
- 
-@@ -99,7 +106,7 @@ static int flask_security_user(struct xe
-     if ( rv )
-         return rv;
- 
--    rv = flask_copyin_string(arg->u.user, &user, arg->size);
-+    rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE);
-     if ( rv )
-         return rv;
- 
-@@ -210,7 +217,7 @@ static int flask_security_context(struct
-     if ( rv )
-         return rv;
- 
--    rv = flask_copyin_string(arg->context, &buf, arg->size);
-+    rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE);
-     if ( rv )
-         return rv;
- 
-@@ -303,7 +310,7 @@ static int flask_security_resolve_bool(s
-     if ( arg->bool_id != -1 )
-         return 0;
- 
--    rv = flask_copyin_string(arg->name, &name, arg->size);
-+    rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr);
-     if ( rv )
-         return rv;
- 
-@@ -334,7 +341,7 @@ static int flask_security_set_bool(struc
-         int num;
-         int *values;
- 
--        rv = security_get_bools(&num, NULL, &values);
-+        rv = security_get_bools(&num, NULL, &values, NULL);
-         if ( rv != 0 )
-             goto out;
- 
-@@ -440,7 +447,7 @@ static int flask_security_make_bools(voi
-     
-     xfree(bool_pending_values);
-     
--    ret = security_get_bools(&num, NULL, &values);
-+    ret = security_get_bools(&num, NULL, &values, &bool_maxstr);
-     if ( ret != 0 )
-         goto out;
- 
---- a/xen/xsm/flask/include/conditional.h
-+++ b/xen/xsm/flask/include/conditional.h
-@@ -13,7 +13,9 @@
- #ifndef _FLASK_CONDITIONAL_H_
- #define _FLASK_CONDITIONAL_H_
- 
--int security_get_bools(int *len, char ***names, int **values);
-+#include <xen/types.h>
-+
-+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr);
- 
- int security_set_bools(int len, int *values);
- 
---- a/xen/xsm/flask/ss/services.c
-+++ b/xen/xsm/flask/ss/services.c
-@@ -1900,7 +1900,7 @@ int security_find_bool(const char *name)
-     return rv;
- }
- 
--int security_get_bools(int *len, char ***names, int **values)
-+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr)
- {
-     int i, rc = -ENOMEM;
- 
-@@ -1908,6 +1908,8 @@ int security_get_bools(int *len, char **
-     if ( names )
-         *names = NULL;
-     *values = NULL;
-+    if ( maxstr )
-+        *maxstr = 0;
- 
-     *len = policydb.p_bools.nprim;
-     if ( !*len )
-@@ -1929,16 +1931,17 @@ int security_get_bools(int *len, char **
- 
-     for ( i = 0; i < *len; i++ )
-     {
--        size_t name_len;
-+        size_t name_len = strlen(policydb.p_bool_val_to_name[i]);
-+
-         (*values)[i] = policydb.bool_val_to_struct[i]->state;
-         if ( names ) {
--            name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
--            (*names)[i] = (char*)xmalloc_array(char, name_len);
-+            (*names)[i] = xmalloc_array(char, name_len + 1);
-             if ( !(*names)[i] )
-                 goto err;
--            strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
--            (*names)[i][name_len - 1] = 0;
-+            strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len + 1);
-         }
-+        if ( maxstr && name_len > *maxstr )
-+            *maxstr = name_len;
-     }
-     rc = 0;
- out:
-@@ -2056,7 +2059,7 @@ static int security_preserve_bools(struc
-     struct cond_bool_datum *booldatum;
-     struct cond_node *cur;
- 
--    rc = security_get_bools(&nbools, &bnames, &bvalues);
-+    rc = security_get_bools(&nbools, &bnames, &bvalues, NULL);
-     if ( rc )
-         goto out;
-     for ( i = 0; i < nbools; i++ )

app-emulation/xen/files/xen-4.2-XSA-85.patch

@@ -1,31 +0,0 @@
-From 593bc8c63d582ec0fc2b3a35336106cf9c3a8b34 Mon Sep 17 00:00:00 2001
-From: Matthew Daley <mattd@bugfuzz.com>
-Date: Sun, 12 Jan 2014 14:29:32 +1300
-Subject: [PATCH] xsm/flask: correct off-by-one in
- flask_security_avc_cachestats cpu id check
-
-This is XSA-85
-
-Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
----
- xen/xsm/flask/flask_op.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
-index 4426ab9..22878f5 100644
---- a/xen/xsm/flask/flask_op.c
-+++ b/xen/xsm/flask/flask_op.c
-@@ -457,7 +457,7 @@ static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
- {
-     struct avc_cache_stats *st;
- 
--    if ( arg->cpu > nr_cpu_ids )
-+    if ( arg->cpu >= nr_cpu_ids )
-         return -ENOENT;
-     if ( !cpu_online(arg->cpu) )
-         return -ENOENT;
--- 
-1.8.5.2
-

app-emulation/xen/files/xen-4.2-XSA-87.patch

@@ -1,21 +0,0 @@
-x86: PHYSDEVOP_{prepare,release}_msix are privileged
-
-Yet this wasn't being enforced.
-
-This is XSA-87.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/arch/x86/physdev.c
-+++ b/xen/arch/x86/physdev.c
-@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
-     case PHYSDEVOP_release_msix: {
-         struct physdev_pci_device dev;
- 
--        if ( copy_from_guest(&dev, arg, 1) )
-+        if ( !IS_PRIV(v->domain) )
-+            ret = -EPERM;
-+        else if ( copy_from_guest(&dev, arg, 1) )
-             ret = -EFAULT;
-         else
-             ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,

app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch

@@ -1,46 +0,0 @@
-x86/xsave: initialize extended register state when guests enable it
-
-Till now, when setting previously unset bits in XCR0 we wouldn't touch
-the active register state, thus leaving in the newly enabled registers
-whatever a prior user of it left there, i.e. potentially leaking
-information between guests.
-
-This is CVE-2013-1442 / XSA-62.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -307,6 +307,7 @@ int validate_xstate(u64 xcr0, u64 xcr0_a
- int handle_xsetbv(u32 index, u64 new_bv)
- {
-     struct vcpu *curr = current;
-+    u64 mask;
- 
-     if ( index != XCR_XFEATURE_ENABLED_MASK )
-         return -EOPNOTSUPP;
-@@ -320,9 +321,23 @@ int handle_xsetbv(u32 index, u64 new_bv)
-     if ( !set_xcr0(new_bv) )
-         return -EFAULT;
- 
-+    mask = new_bv & ~curr->arch.xcr0_accum;
-     curr->arch.xcr0 = new_bv;
-     curr->arch.xcr0_accum |= new_bv;
- 
-+    mask &= curr->fpu_dirtied ? ~XSTATE_FP_SSE : XSTATE_NONLAZY;
-+    if ( mask )
-+    {
-+        unsigned long cr0 = read_cr0();
-+
-+        clts();
-+        if ( curr->fpu_dirtied )
-+            asm ( "stmxcsr %0" : "=m" (curr->arch.xsave_area->fpu_sse.mxcsr) );
-+        xrstor(curr, mask);
-+        if ( cr0 & X86_CR0_TS )
-+            write_cr0(cr0);
-+    }
-+
-     return 0;
- }
-