4.2.1-r1; re-invoked ipxe-nopie.patch, revbump 4.2.1-r3; updated security patches, bump 4.2.2; updated security patches, dropped ocaml use flag made redundant by build

Package-Manager: portage-2.1.11.62/cvs/Linux x86_64 Manifest-Sign-Key: 0xB8072B0D
author: Ian Delaney <idella4@gentoo.org> 2013-05-15 17:48:20 +0000
committer: Ian Delaney <idella4@gentoo.org> 2013-05-15 17:48:20 +0000
commit: ae473f558786d68ee21c26315e3664c9000ea21b (patch)
tree: 8c4ebe48022721bed774f517f1c6fba4ccb75d74 /app-emulation/xen-tools
parent: Fix phing dependency on php's xsl extension (diff)
download: historical-ae473f558786d68ee21c26315e3664c9000ea21b.tar.gz
historical-ae473f558786d68ee21c26315e3664c9000ea21b.tar.bz2
historical-ae473f558786d68ee21c26315e3664c9000ea21b.zip
11 files changed, 1307 insertions, 10 deletions
diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog
index 98b5728a9da1..08a90a55126b 100644
--- a/app-emulation/xen-tools/ChangeLog
+++ b/app-emulation/xen-tools/ChangeLog
@@ -1,6 +1,21 @@
 # ChangeLog for app-emulation/xen-tools
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.146 2013/05/15 08:40:29 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.147 2013/05/15 17:47:47 idella4 Exp $
+
+*xen-tools-4.2.2 (15 May 2013)
+*xen-tools-4.2.1-r3 (15 May 2013)
+
+  15 May 2013; Ian Delaney <idella4@gentoo.org>
+  +files/xen-4-CVE-2013-0215-XSA-38.patch,
+  +files/xen-4-CVE-2013-1919-XSA-46.patch,
+  +files/xen-4-CVE-2013-1922-XSA-48.patch,
+  +files/xen-4-CVE-2013-1952-XSA-49.patch,
+  +files/xen-4-CVE-2013-1952-XSA_49.patch, +files/xen-4-ulong.patch,
+  +xen-tools-4.2.1-r3.ebuild, +xen-tools-4.2.2.ebuild,
+  xen-tools-4.2.1-r1.ebuild:
+  4.2.1-r1; re-invoked ipxe-nopie.patch, revbump 4.2.1-r3; updated security
+  patches, bump 4.2.2; updated security patches, dropped ocaml use flag made
+  redundant by build
 
   15 May 2013; Ian Delaney <idella4@gentoo.org> files/xenstored.initd:
   Fix to xenstored.initd wrt Bug #459082
diff --git a/app-emulation/xen-tools/Manifest b/app-emulation/xen-tools/Manifest
index 4834e226d531..523894cd2aba 100644
--- a/app-emulation/xen-tools/Manifest
+++ b/app-emulation/xen-tools/Manifest
@@ -5,7 +5,13 @@ AUX ipxe-nopie.patch 964 SHA256 0b70407969735f36587fade77f524c1c2077f28585b9e0df
 AUX stubs-32.h 537 SHA256 4c903162da80cefd394404cb8cd9963a6ef6e3ad6c7adcbaa450a002d929bfc5 SHA512 55308dbedaa91909a2213940f7a7b574cabe6b5a3104761a2a6f28d6aed00164544488c00cbf9d66a9a370a14c6b6d3a00434efd3ff0228cc8e4d81af19c0e68 WHIRLPOOL 9c006e266bea6bb9d623e76011a4eac07c5fe4fdf76a041cc42a2289a7e9163988bad0fb2f458e300e45aabf9fb864ec764a496d7f89d58e57a506bac206a5f1
 AUX xen-4-CVE-2012-4544-XSA-25.patch 12691 SHA256 2bbac6a09946722fc082124870d750a6b9ab93ea3166bf50faee717acf03d70b SHA512 e911636808ecb08510821bf18ba7807485f2b4b7288966349d40cb4091eeafbc5d9abbee5bc26f04dfe5f3157e9173d1820d1e3b2b25d1e678358ad8d5b2f901 WHIRLPOOL 48e08d9900536a65193290dd4e802a64c33033414ef55823ef21806905ba448bd4c57af4102752172035c0572c431f280f84cf362007911cb1ba2573d4379749
 AUX xen-4-CVE-2012-6075-XSA-41.patch 1393 SHA256 6aa21c02e94cb9b4f612c7a9d1a8f980967692b1f20346da9670abb1d7ec688c SHA512 547f63e7eaf0a6db1a9de267cc6f9aa0f28e2221f2c69ca463ada85edbc07ac84c276dcd3ee017ab8846d4e4129e182fb76be35b91ae9a0e0afecdc091e0c305 WHIRLPOOL 848359780edc15895a09bf76afeaa503f907ac98a856b52d64ef4dcb137e2319222a47cd7a2866e6f25731498f487cfca2a462fb6dfcda8404026d8acfff5bcc
+AUX xen-4-CVE-2013-0215-XSA-38.patch 2515 SHA256 7d7a5746bc76da747bf61eb87b3303a8f3abb0d96561f35a706c671317ebe4eb SHA512 2abe25c83a3ede047db380b0477ba1aaaf9d955e87244f8d2404699e011cac46ad5501a0f75b76b90b5dc276d19ae08600a2fe57a69681f97088b5d17d977066 WHIRLPOOL 5176ba1c9f3019c50c087c56185c393ae99c0504f10abf08d896998f80d9f0a05c8c103b4276c3370c72171fab2fdc07ba9c68261ac02c6a859ed7a74b6bd056
+AUX xen-4-CVE-2013-1919-XSA-46.patch 9844 SHA256 822da2303f1fc69648d7a29eb72fdda8e64baab3edc0e1548456d31e66ed1d7c SHA512 35ed4d580d219e977ee1085c223563f51ccd9ce3675df2660d10d99c366a2fe2446269c98ac9dbf57c37de83340f4b0868d0eb3c5d898be4c0fc80357f6ed780 WHIRLPOOL 36015584e3f72c3eea62cd0658230805645983be571768f068baa605b274d16cca9fc4dcb27152016dde81f6a1dbcd91430654af5c2c1b5211ed5c2441b65c1c
+AUX xen-4-CVE-2013-1922-XSA-48.patch 3846 SHA256 dc23077028584e71a08dd0dc9e81552c76744a5ce9d39df5958a95ae9cf3107b SHA512 31dd8c62d41cc0a01a79d9b24a5b793f5e2058230808d9c5364c6ff3477ab02f3258f1bbd761d97dc1b97ee120b41524b999eaac77f33b606496fc324b5fa2e4 WHIRLPOOL 6913705b070daeac8925a44585f94f78ec43cf1d7a8feeba6839499b0340a727f3c39848627bcd58217b589a932fbfce13628bdca2b815e2ddf58b9c69c11721
+AUX xen-4-CVE-2013-1952-XSA-49.patch 1877 SHA256 37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f SHA512 1e3ef057744076b9fca22c1982f33d38be06ab8e5d57e40e3160fc2850b69711a1765e4a2b037f7bc1fdb8a9f93f1649d86ea3da972ec4af147b7b80191069f8 WHIRLPOOL 43e78ad3ba597e7084b6194507839b8cc4c21f45c8fd70f00cb061a4ad22ec9ec690bf35ffffc7e02c616de5f35b329c6c4e3a9cf5ddaf23cdf0525681f70639
+AUX xen-4-CVE-2013-1952-XSA_49.patch 1597 SHA256 f7daee05c81bfa4effa821e22c8b0861c254b3a1d4e14b7da5709a6102997b87 SHA512 f4d49b90b08b5ac52a5e41f0b555db20e846016f0020e67ea243eed24f621b4b356c3c9e7c181e97fa2d428024a941b7b52eb5bfd933a850aafc4a7b51bb3295 WHIRLPOOL e0fb3d0d9463276dc6331547ef13d4117d7c3bb1503f9e60885553056a3452cba4937500834dedc79fde29198420bf0c7e5c7e9e596c8d27202559dd00c94bb7
 AUX xen-4-fix_dotconfig-gcc.patch 9551 SHA256 93c8726fc3e0bd3f54d4162a3fdace45e3c3ea24fecf5f54270c6dc55c3924ab SHA512 64bfc2dd60bf5a7db593250f9da62cdea4daa458aa8c474ec47b065f6e19509555f48d49ec8624c484d873fe947b6f9cab98cdcd2c24ca8795eb1b64b378a004 WHIRLPOOL 341506ced55ae2ad30af1696434df25ba77c665042aa82dda35d0722f0cccbe567c8cebf51c2e20e0df3084f74f7eb7a69808dea2801f911b2d3c46a293b6ba2
+AUX xen-4-ulong.patch 463 SHA256 160af74e6149a7c8066fa3f0b59c7dc36d0185adc98a3897de0ea26868778c1e SHA512 5188b1712009168c994ad72f9d0b0e9cd708a79244d2fbdd675b2fedb5f62b5b2f6c9f1bdd2101e2b66f1c08ab94f55230f4f269907671d82b00f510d059f2f2 WHIRLPOOL 86c98b5d698535893cd05f05481486a8a96f8ee96ce2add4e14de1d6a18701810d6a2c5925fa6cb367e95ef605c8bf9ebecb7dff7cf01763da4235a9c79c5b3f
 AUX xen-4.2.0-anti-download.patch 1028 SHA256 95ff7390d25eddf56af1d98b1310d2ebf97eebcad5c298c8320eb6ce9afd596e SHA512 8d84c3386764e2dd38bd0e93163c016b38d9e634cc4c9078138e593a887f3a9d2cecf391008004ae934a49b24af2a18051aab22b2a83b48fdad60ea50fc6120d WHIRLPOOL d95955f7236c1a4d9e23e5e4be1a8f8e9148511fc16b4fe0bba3854c02e24789c808739654684140d9900f22172b635c9af5bb6910f594b115b1eca4a7c907bc
 AUX xen-4.2.0-jserver.patch 900 SHA256 a8f9c0517b7fa4d56f3125515d260e60c51ef2cfe3fc22223c54415a92ffa16e SHA512 7f9bb7189273ecc34b5c66aea8cc9567a15c3d7e0fbd44e0f49669b067d719c9d85d6758cc213145679cbb8c2224cb5704aabb3ed40925bb2529965a5238d411 WHIRLPOOL ed6bcf1135c7dcb58eb2219c02b002fb57b16f50bfb0161bc64319b78dd7f8b87bc6206952755af900245d13073408946e31a51f01e95517f7def072f4810e66
 AUX xen-4.2.0-nostrip.patch 1554 SHA256 3bab6078b59a086e214fa0786cb827eeeb009d6f7f9901f6a8f1a23b857259f9 SHA512 7fe44ac34a317fc2d1298cea5d26fdd778f8356f3ac9b4fc412c07ca471ea0b21e7fac29f456306681396dee835e4c18c35ce4b7ba47c47153989eeecfb96310 WHIRLPOOL 7701c5b521245ba0b66e9ff53c41ada8e216d36f7a92b2af45aaddc0bd210bbaf21cb9401036b995f2f8d2598edb9324ad50a91f71d08e427caca21b26f101bd
@@ -32,16 +38,19 @@ DIST ipxe.tar.gz 2867999 SHA256 632ce8c193ccacc3012bd354bdb733a4be126f7c098e1119
 DIST seabios-0-20121121.tar.bz2 2199282 SHA256 f7f67181c6c0b4cea3a9db48e2569fdcbbc81b732a2f672079c42fb44153ee62 SHA512 4f886088ebaa911590b8cb19db5c5dbc8f1384d2d5a7c4bf04df083e177513b3123b1839dad744171670eded8b69ce092a774288aec1804d00aa32b1b6778599 WHIRLPOOL f2e62682d7213ee5eaecbc2590637ef36d9c86f746840c0ee758c0c153139f485032ea2cd098c87bb8a2b5f17f91375b8fb65599e3b71b45b1645df85a88887f
 DIST xen-4.2.0.tar.gz 15587687 SHA256 43f4a086e4e0330145a27b7ace8365c42b5afbc95cefadafe067be91bd3e5cfb SHA512 4fb56c79d722fb307bc657f16d02079c6636427e7650c4354193632d38d2d1db8e588f844ff0ca6e757c108ed639a528565ec9fc7c00bb4d5b6fbc9d122d8a70 WHIRLPOOL 369a109375864cb61920b56cf501522051d28513e738f0fd0e7b76244c3e08a8a0a6ff6cf245872d9bbd9c0f22c7da76c9cbc0f852bad6108ca25fd42dc677c0
 DIST xen-4.2.1.tar.gz 15593695 SHA256 fb8df5827ce3e2d2d3b078d9e5afde502beb5e7ab9442e51a94087061bd450c6 SHA512 fe27a965e2b34035bd025482eda9fc4d4e82523c929323fd30813367d5ffbe2fa1ed3d7d4479f2632e8b5625972448b7bd6a7768e8dc1dcd1b6747d281cc1a9e WHIRLPOOL 226bbed059541e804f1a44e721023ffbc04bae43000653b1d7d6a9bfec0d9efbf7a48b1b0a7ad3fcb8e34f8b91e1c620c2a8eddf97baad487e9db37d49a58f37
+DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea
 EBUILD xen-tools-4.2.0-r3.ebuild 10190 SHA256 759af2416598e871367071f7045cd4971659309459c5efd6541c4d4e920a69a0 SHA512 85cdbfc9abd901b14990b1f2952748aaa861adc9b21c6b8859a2523e8c3e62e2f677da9c20218675d3a1aedb3e70a48f5b48eeb3fb37c5389f8e091ff43c5e5e WHIRLPOOL c881d9929ab45be9baec55e863c54e32328c5f7650f6c469171e7efd10c6589d0c454afb7295b89ab7bd649de1d7c5f3d835ae527463217b56e6076c42728afb
-EBUILD xen-tools-4.2.1-r1.ebuild 10122 SHA256 6e1a321db3b23db55aa250988722085d4d85675a658c569b36b083059e2842df SHA512 7e2b8e41735bc3dbb74020a17d57574cad56badc691b36173416922f8fefcae79d3b7d79c815c705da01ae0f65c2c9714a4566e2698ca8a2999d116f50ac292f WHIRLPOOL 1cc3157dbd2b2e78b8734b6b48ff597bf00c899675a968fc95d93e82b438881b305c8e236a0f2b57abaa8098cc23bb222d262fe8d5e50dd89c04edff14fde664
+EBUILD xen-tools-4.2.1-r1.ebuild 10119 SHA256 d21c0bd5a1a44a7a87aa2521d9a1c9f8b569968ddf570aeae7f47bebc3c843c6 SHA512 ef77c4c08ec57970c699c09f51879f8b8dc5fc36141b3d68ad8fecce161d8810c79f7341b39c5b9944df9d1bc7e69fc85109fa9c23eb2e2d5a9e405bae652648 WHIRLPOOL 54597bf2c032718d0461017e22524f4ca1c6ab8ff55df54cd08f19f7c43d1cdc69f4a45d3aac695f34e0b67cb20186baa8aa4b2cdc3665049eb3ce52ca56a9d4
 EBUILD xen-tools-4.2.1-r2.ebuild 10256 SHA256 7a2eb13b5dce1cd71ea2ea45f6848d67e578fe531367480fbaa3ae18b3862af7 SHA512 0b79429e45747b6d1fd6da1f90807de3d97daee86b7ac76a288c6b5f08402c61f44a5f22064d749560a7decdf747114e92dcdaef1e7b0c236a59c59a4f54eddf WHIRLPOOL 5d3e42614d241fca5f2fa898c8bef6e527cd0e2967ea1a993ddb43d719158c9fe7646c1e67278c6a3444dced0be48090fb126262bcfee35baaf075d7d5251ebd
+EBUILD xen-tools-4.2.1-r3.ebuild 10387 SHA256 c81853d0530710606b83812963ed8aef5697a28b45540f5df7395e0cfc7b01a0 SHA512 0af24f43be6039eb271c5643bbd6ffcf338d6e98cda9ce8574254d19c3e9038df7a20c2d57621ca70aee1ce9214c13486961fa627448185059a09f243674a380 WHIRLPOOL 20ba9040ff6e09a1ab1431e0f072360be6b9556d27c173a3dd9e308dac7548fa432789ec579da791f1074e995cb30bd654d72c93e22aeee208f1c2e417684235
 EBUILD xen-tools-4.2.1.ebuild 10279 SHA256 763ee5f7cce3cc7e55b7e3bab4d271c03115000053c809793ec30a14ad6681a4 SHA512 c91f648bce05a476780267cf2839431e200944bb4d9379f8cd9370b91ec241df2c29d119e4b4160f4802949a03bc2b93f2c837187325d9b72f0a573d3a951e03 WHIRLPOOL 88aa1ec2beb59fa5b62f88cd711a3823dbeebfca22395d12445e587c87e1de11333c07f9e0535b0e61ccb5403d75ea562f4e4759fc7f1a81489634061e22f852
-MISC ChangeLog 34863 SHA256 eb4d396a7bce84db536899f6ba813a516484ce78f71eee08f6797c3faa2d0776 SHA512 ef64eba6a0a773270c49428345ddaaa9996d5f28354e461afcdd397325aeba396f12be3679e388a68241de3ff166fbdf1807c6eed2035a2fb7ca2fd80acde25a WHIRLPOOL 29ae9249bc9ac7981d520c8c688096492a326a4e2a42bb43a920680704f01dd1a6e959fdd0579da8f36b8df2cdf6863bbcf33c8d39f2bc3e617e2fc50ca078c9
+EBUILD xen-tools-4.2.2.ebuild 10242 SHA256 aafd7b28b7fa1f1add6cae8cc8647a2c40b5cbbdd93d7d7700b0a5c6f82a7f45 SHA512 c840daebd16480dad89f6ce7872748616c89266b5a61b5ee3a7a35d976c5a039b51fc900616a38d15554fa953758100b509289a9c6fa4cb6e94d04cb8bd8830a WHIRLPOOL c456ab4a8b35288d5e053d57e0ce3c5cfec827386ebb6faad33396842b76ce6845c5fd2cfab279fd0e546585af487cc04e60fffef51857a99d6a19e4e3efcd75
+MISC ChangeLog 35477 SHA256 6d8014ab6ca07823391662b4b6e462f58e299579adeb13795bf9c692b2ac02bf SHA512 7f0e3f50d383af2419adc5518bbc2ead6858e2a363a1538b85233098ff9dd5767e0390756dcec6282f66317a6099ce00a5e836a84ebf6dd4102f0078deed167f WHIRLPOOL 397d9fb761bceaace7b45a47d82f1689c2a5f8d15ebb2336a338afbec5e1b90fdb56bdd4e95611173d251050e77c45a737e3f933057a045487ad142a99cd562d
 MISC metadata.xml 881 SHA256 52d19c65a78ed979b0d6df2f83fc281e8622296e2686c199dbc58cb76a70a57b SHA512 3e2400037f840272c38b0a7b9d46f9975d512bea13e6dc21bf8458fb68b1c741f4458a9eaf18aa53c3183ef4f83e70e8ae50e28132e563fc4a1d6463c77a586d WHIRLPOOL 3b030061503f4c2beec7f51d3bf790f358a4837d78d7a0faf0eee5214832fe888445a53c0b09b94bf8dd811e44523e0bb05535d58583499df97b32280f722312
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iEYEAREIAAYFAlGTShUACgkQso7CE7gHKw2rZwCfcTFat/z3c0N0+ebi+UqGzKc9
-/bIAn0rKmUAzmCDD34RCG5n3shG2kxJc
-=Za7V
+iEYEAREIAAYFAlGTylcACgkQso7CE7gHKw3EjgCfXdhf8uHJBFlBOnYEDSx1kvMv
+XqEAn2EigaeeiBZ1ztUrYQEF9L7efhZv
+=/9NX
 -----END PGP SIGNATURE-----
diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2013-0215-XSA-38.patch b/app-emulation/xen-tools/files/xen-4-CVE-2013-0215-XSA-38.patch
new file mode 100644
index 000000000000..f4a5dc0881e8
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-CVE-2013-0215-XSA-38.patch
@@ -0,0 +1,73 @@
+diff --git a/tools/ocaml/libs/xb/partial.ml b/tools/ocaml/libs/xb/partial.ml
+index 3558889..d4d1c7b 100644
+--- a/tools/ocaml/libs/xb/partial.ml
++++ b/tools/ocaml/libs/xb/partial.ml
+@@ -27,8 +27,15 @@ external header_size: unit -> int = "stub_header_size"
+ external header_of_string_internal: string -> int * int * int * int
+          = "stub_header_of_string"
+ 
++let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
++
+ let of_string s =
+ 	let tid, rid, opint, dlen = header_of_string_internal s in
++	(* A packet which is bigger than xenstore_payload_max is illegal.
++	   This will leave the guest connection is a bad state and will
++	   be hard to recover from without restarting the connection
++	   (ie rebooting the guest) *)
++	let dlen = min xenstore_payload_max dlen in
+ 	{
+ 		tid = tid;
+ 		rid = rid;
+@@ -38,6 +45,7 @@ let of_string s =
+ 	}
+ 
+ let append pkt s sz =
++	if pkt.len > 4096 then failwith "Buffer.add: cannot grow buffer";
+ 	Buffer.add_string pkt.buf (String.sub s 0 sz)
+ 
+ let to_complete pkt =
+diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c
+index 00414c5..4888ac5 100644
+--- a/tools/ocaml/libs/xb/xs_ring_stubs.c
++++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
+@@ -39,21 +39,23 @@ static int xs_ring_read(struct mmap_interface *interface,
+                              char *buffer, int len)
+ {
+ 	struct xenstore_domain_interface *intf = interface->addr;
+-	XENSTORE_RING_IDX cons, prod;
++	XENSTORE_RING_IDX cons, prod; /* offsets only */
+ 	int to_read;
+ 
+-	cons = intf->req_cons;
+-	prod = intf->req_prod;
++	cons = *(volatile uint32*)&intf->req_cons;
++	prod = *(volatile uint32*)&intf->req_prod;
+ 	xen_mb();
++	cons = MASK_XENSTORE_IDX(cons);
++	prod = MASK_XENSTORE_IDX(prod);
+ 	if (prod == cons)
+ 		return 0;
+-	if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) 
++	if (prod > cons)
+ 		to_read = prod - cons;
+ 	else
+-		to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
++		to_read = XENSTORE_RING_SIZE - cons;
+ 	if (to_read < len)
+ 		len = to_read;
+-	memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
++	memcpy(buffer, intf->req + cons, len);
+ 	xen_mb();
+ 	intf->req_cons += len;
+ 	return len;
+@@ -66,8 +68,8 @@ static int xs_ring_write(struct mmap_interface *interface,
+ 	XENSTORE_RING_IDX cons, prod;
+ 	int can_write;
+ 
+-	cons = intf->rsp_cons;
+-	prod = intf->rsp_prod;
++	cons = *(volatile uint32*)&intf->rsp_cons;
++	prod = *(volatile uint32*)&intf->rsp_prod;
+ 	xen_mb();
+ 	if ( (prod - cons) >= XENSTORE_RING_SIZE )
+ 		return 0;
diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2013-1919-XSA-46.patch b/app-emulation/xen-tools/files/xen-4-CVE-2013-1919-XSA-46.patch
new file mode 100644
index 000000000000..9448ea9c6748
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-CVE-2013-1919-XSA-46.patch
@@ -0,0 +1,293 @@
+x86: fix various issues with handling guest IRQs
+
+- properly revoke IRQ access in map_domain_pirq() error path
+- don't permit replacing an in use IRQ
+- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
+- track IRQ access permission in host IRQ terms, not guest IRQ ones
+  (and with that, also disallow Dom0 access to IRQ0)
+
+This is CVE-2013-1919 / XSA-46.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+
+--- a/tools/libxl/libxl_create.c
++++ b/tools/libxl/libxl_create.c
+@@ -968,14 +968,16 @@ static void domcreate_launch_dm(libxl__e
+     }
+ 
+     for (i = 0; i < d_config->b_info.num_irqs; i++) {
+-        uint32_t irq = d_config->b_info.irqs[i];
++        int irq = d_config->b_info.irqs[i];
+ 
+-        LOG(DEBUG, "dom%d irq %"PRIx32, domid, irq);
++        LOG(DEBUG, "dom%d irq %d", domid, irq);
+ 
+-        ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
++        ret = irq >= 0 ? xc_physdev_map_pirq(CTX->xch, domid, irq, &irq)
++                       : -EOVERFLOW;
++        if (!ret)
++            ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
+         if ( ret<0 ){
+-            LOGE(ERROR,
+-                 "failed give dom%d access to irq %"PRId32, domid, irq);
++            LOGE(ERROR, "failed give dom%d access to irq %d", domid, irq);
+             ret = ERROR_FAIL;
+         }
+     }
+--- a/tools/python/xen/xend/server/irqif.py
++++ b/tools/python/xen/xend/server/irqif.py
+@@ -73,6 +73,12 @@ class IRQController(DevController):
+        
+         pirq = get_param('irq')
+ 
++        rc = xc.physdev_map_pirq(domid = self.getDomid(),
++                                 index = pirq,
++                                 pirq  = pirq)
++        if rc < 0:
++            raise VmError('irq: Failed to map irq %x' % (pirq))
++
+         rc = xc.domain_irq_permission(domid        = self.getDomid(),
+                                       pirq         = pirq,
+                                       allow_access = True)
+@@ -81,12 +87,6 @@ class IRQController(DevController):
+             #todo non-fatal
+             raise VmError(
+                 'irq: Failed to configure irq: %d' % (pirq))
+-        rc = xc.physdev_map_pirq(domid = self.getDomid(),
+-                                index = pirq,
+-                                pirq  = pirq)
+-        if rc < 0:
+-            raise VmError(
+-                'irq: Failed to map irq %x' % (pirq))
+         back = dict([(k, config[k]) for k in self.valid_cfg if k in config])
+         return (self.allocateDeviceID(), back, {})
+ 
+--- a/xen/arch/x86/domain_build.c
++++ b/xen/arch/x86/domain_build.c
+@@ -1219,7 +1219,7 @@ int __init construct_dom0(
+     /* DOM0 is permitted full I/O capabilities. */
+     rc |= ioports_permit_access(dom0, 0, 0xFFFF);
+     rc |= iomem_permit_access(dom0, 0UL, ~0UL);
+-    rc |= irqs_permit_access(dom0, 0, d->nr_pirqs - 1);
++    rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1);
+ 
+     /*
+      * Modify I/O port access permissions.
+--- a/xen/arch/x86/domctl.c
++++ b/xen/arch/x86/domctl.c
+@@ -772,9 +772,13 @@ long arch_do_domctl(
+             goto bind_out;
+ 
+         ret = -EPERM;
+-        if ( !IS_PRIV(current->domain) &&
+-             !irq_access_permitted(current->domain, bind->machine_irq) )
+-            goto bind_out;
++        if ( !IS_PRIV(current->domain) )
++        {
++            int irq = domain_pirq_to_irq(d, bind->machine_irq);
++
++            if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
++                goto bind_out;
++        }
+ 
+         ret = -ESRCH;
+         if ( iommu_enabled )
+@@ -803,9 +807,13 @@ long arch_do_domctl(
+         bind = &(domctl->u.bind_pt_irq);
+ 
+         ret = -EPERM;
+-        if ( !IS_PRIV(current->domain) &&
+-             !irq_access_permitted(current->domain, bind->machine_irq) )
+-            goto unbind_out;
++        if ( !IS_PRIV(current->domain) )
++        {
++            int irq = domain_pirq_to_irq(d, bind->machine_irq);
++
++            if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
++                goto unbind_out;
++        }
+ 
+         if ( iommu_enabled )
+         {
+--- a/xen/arch/x86/irq.c
++++ b/xen/arch/x86/irq.c
+@@ -184,6 +184,14 @@ int create_irq(int node)
+         desc->arch.used = IRQ_UNUSED;
+         irq = ret;
+     }
++    else if ( dom0 )
++    {
++        ret = irq_permit_access(dom0, irq);
++        if ( ret )
++            printk(XENLOG_G_ERR
++                   "Could not grant Dom0 access to IRQ%d (error %d)\n",
++                   irq, ret);
++    }
+ 
+     return irq;
+ }
+@@ -280,6 +288,17 @@ void clear_irq_vector(int irq)
+ void destroy_irq(unsigned int irq)
+ {
+     BUG_ON(!MSI_IRQ(irq));
++
++    if ( dom0 )
++    {
++        int err = irq_deny_access(dom0, irq);
++
++        if ( err )
++            printk(XENLOG_G_ERR
++                   "Could not revoke Dom0 access to IRQ%u (error %d)\n",
++                   irq, err);
++    }
++
+     dynamic_irq_cleanup(irq);
+     clear_irq_vector(irq);
+ }
+@@ -1858,7 +1877,7 @@ int map_domain_pirq(
+ 
+     if ( !IS_PRIV(current->domain) &&
+          !(IS_PRIV_FOR(current->domain, d) &&
+-           irq_access_permitted(current->domain, pirq)))
++           irq_access_permitted(current->domain, irq)))
+         return -EPERM;
+ 
+     if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs )
+@@ -1887,17 +1906,18 @@ int map_domain_pirq(
+         return ret;
+     }
+ 
+-    ret = irq_permit_access(d, pirq);
++    ret = irq_permit_access(d, irq);
+     if ( ret )
+     {
+-        dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d\n",
+-                d->domain_id, pirq);
++        printk(XENLOG_G_ERR
++               "dom%d: could not permit access to IRQ%d (pirq %d)\n",
++               d->domain_id, irq, pirq);
+         return ret;
+     }
+ 
+     ret = prepare_domain_irq_pirq(d, irq, pirq, &info);
+     if ( ret )
+-        return ret;
++        goto revoke;
+ 
+     desc = irq_to_desc(irq);
+ 
+@@ -1921,8 +1941,14 @@ int map_domain_pirq(
+         spin_lock_irqsave(&desc->lock, flags);
+ 
+         if ( desc->handler != &no_irq_type )
++        {
++            spin_unlock_irqrestore(&desc->lock, flags);
+             dprintk(XENLOG_G_ERR, "dom%d: irq %d in use\n",
+                     d->domain_id, irq);
++            pci_disable_msi(msi_desc);
++            ret = -EBUSY;
++            goto done;
++        }
+         setup_msi_handler(desc, msi_desc);
+ 
+         if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV
+@@ -1951,7 +1977,14 @@ int map_domain_pirq(
+ 
+ done:
+     if ( ret )
++    {
+         cleanup_domain_irq_pirq(d, irq, info);
++ revoke:
++        if ( irq_deny_access(d, irq) )
++            printk(XENLOG_G_ERR
++                   "dom%d: could not revoke access to IRQ%d (pirq %d)\n",
++                   d->domain_id, irq, pirq);
++    }
+     return ret;
+ }
+ 
+@@ -2017,10 +2050,11 @@ int unmap_domain_pirq(struct domain *d, 
+     if ( !forced_unbind )
+         cleanup_domain_irq_pirq(d, irq, info);
+ 
+-    ret = irq_deny_access(d, pirq);
++    ret = irq_deny_access(d, irq);
+     if ( ret )
+-        dprintk(XENLOG_G_ERR, "dom%d: could not deny access to irq %d\n",
+-                d->domain_id, pirq);
++        printk(XENLOG_G_ERR
++               "dom%d: could not deny access to IRQ%d (pirq %d)\n",
++               d->domain_id, irq, pirq);
+ 
+  done:
+     return ret;
+--- a/xen/arch/x86/physdev.c
++++ b/xen/arch/x86/physdev.c
+@@ -147,7 +147,7 @@ int physdev_map_pirq(domid_t domid, int 
+         if ( irq == -1 )
+             irq = create_irq(NUMA_NO_NODE);
+ 
+-        if ( irq < 0 || irq >= nr_irqs )
++        if ( irq < nr_irqs_gsi || irq >= nr_irqs )
+         {
+             dprintk(XENLOG_G_ERR, "dom%d: can't create irq for msi!\n",
+                     d->domain_id);
+--- a/xen/common/domctl.c
++++ b/xen/common/domctl.c
+@@ -25,6 +25,7 @@
+ #include <xen/paging.h>
+ #include <xen/hypercall.h>
+ #include <asm/current.h>
++#include <asm/irq.h>
+ #include <asm/page.h>
+ #include <public/domctl.h>
+ #include <xsm/xsm.h>
+@@ -897,9 +898,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
+         else if ( xsm_irq_permission(d, pirq, allow) )
+             ret = -EPERM;
+         else if ( allow )
+-            ret = irq_permit_access(d, pirq);
++            ret = pirq_permit_access(d, pirq);
+         else
+-            ret = irq_deny_access(d, pirq);
++            ret = pirq_deny_access(d, pirq);
+ 
+         rcu_unlock_domain(d);
+     }
+--- a/xen/common/event_channel.c
++++ b/xen/common/event_channel.c
+@@ -369,7 +369,7 @@ static long evtchn_bind_pirq(evtchn_bind
+     if ( (pirq < 0) || (pirq >= d->nr_pirqs) )
+         return -EINVAL;
+ 
+-    if ( !is_hvm_domain(d) && !irq_access_permitted(d, pirq) )
++    if ( !is_hvm_domain(d) && !pirq_access_permitted(d, pirq) )
+         return -EPERM;
+ 
+     spin_lock(&d->event_lock);
+--- a/xen/include/xen/iocap.h
++++ b/xen/include/xen/iocap.h
+@@ -28,4 +28,22 @@
+ #define irq_access_permitted(d, i)                      \
+     rangeset_contains_singleton((d)->irq_caps, i)
+ 
++#define pirq_permit_access(d, i) ({                     \
++    struct domain *d__ = (d);                           \
++    int i__ = domain_pirq_to_irq(d__, i);               \
++    i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\
++            : -EINVAL;                                  \
++})
++#define pirq_deny_access(d, i) ({                       \
++    struct domain *d__ = (d);                           \
++    int i__ = domain_pirq_to_irq(d__, i);               \
++    i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\
++            : -EINVAL;                                  \
++})
++#define pirq_access_permitted(d, i) ({                  \
++    struct domain *d__ = (d);                           \
++    rangeset_contains_singleton(d__->irq_caps,          \
++                                domain_pirq_to_irq(d__, i));\
++})
++
+ #endif /* __XEN_IOCAP_H__ */
diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2013-1922-XSA-48.patch b/app-emulation/xen-tools/files/xen-4-CVE-2013-1922-XSA-48.patch
new file mode 100644
index 000000000000..998dbcb1d516
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-CVE-2013-1922-XSA-48.patch
@@ -0,0 +1,114 @@
+Add -f FMT  / --format FMT arg to qemu-nbd
+
+From: "Daniel P. Berrange" <berrange@redhat.com>
+
+Currently the qemu-nbd program will auto-detect the format of
+any disk it is given. This behaviour is known to be insecure.
+For example, if qemu-nbd initially exposes a 'raw' file to an
+unprivileged app, and that app runs
+
+   'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'
+
+then the next time the app is started, the qemu-nbd will now
+detect it as a 'qcow2' file and expose /etc/shadow to the
+unprivileged app.
+
+The only way to avoid this is to explicitly tell qemu-nbd what
+disk format to use on the command line, completely disabling
+auto-detection. This patch adds a '-f' / '--format' arg for
+this purpose, mirroring what is already available via qemu-img
+and qemu commands.
+
+  qemu-nbd --format raw -p 9000 evil.img
+
+will now always use raw, regardless of what format 'evil.img'
+looks like it contains
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+[Use errx, not err. - Paolo]
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+
+[ This is a security issue, CVE-2013-1922 / XSA-48. ]
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 291cba2..8fbe2cf 100644
+--- a/tools/qemu-xen/qemu-nbd.c
++++ b/tools/qemu-xen/qemu-nbd.c
+@@ -247,6 +247,7 @@ out:
+ int main(int argc, char **argv)
+ {
+     BlockDriverState *bs;
++    BlockDriver *drv;
+     off_t dev_offset = 0;
+     off_t offset = 0;
+     uint32_t nbdflags = 0;
+@@ -256,7 +257,7 @@ int main(int argc, char **argv)
+     struct sockaddr_in addr;
+     socklen_t addr_len = sizeof(addr);
+     off_t fd_size;
+-    const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t";
++    const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t";
+     struct option lopt[] = {
+         { "help", 0, NULL, 'h' },
+         { "version", 0, NULL, 'V' },
+@@ -271,6 +272,7 @@ int main(int argc, char **argv)
+         { "snapshot", 0, NULL, 's' },
+         { "nocache", 0, NULL, 'n' },
+         { "shared", 1, NULL, 'e' },
++        { "format", 1, NULL, 'f' },
+         { "persistent", 0, NULL, 't' },
+         { "verbose", 0, NULL, 'v' },
+         { NULL, 0, NULL, 0 }
+@@ -292,6 +294,7 @@ int main(int argc, char **argv)
+     int max_fd;
+     int persistent = 0;
+     pthread_t client_thread;
++    const char *fmt = NULL;
+ 
+     /* The client thread uses SIGTERM to interrupt the server.  A signal
+      * handler ensures that "qemu-nbd -v -c" exits with a nice status code.
+@@ -368,6 +371,9 @@ int main(int argc, char **argv)
+                 errx(EXIT_FAILURE, "Shared device number must be greater than 0\n");
+             }
+             break;
++        case 'f':
++            fmt = optarg;
++            break;
+ 	case 't':
+ 	    persistent = 1;
+ 	    break;
+@@ -478,9 +484,19 @@ int main(int argc, char **argv)
+     bdrv_init();
+     atexit(bdrv_close_all);
+ 
++    if (fmt) {
++        drv = bdrv_find_format(fmt);
++        if (!drv) {
++            errx(EXIT_FAILURE, "Unknown file format '%s'", fmt);
++        }
++    } else {
++        drv = NULL;
++    }
++
+     bs = bdrv_new("hda");
+     srcpath = argv[optind];
+-    if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) {
++    ret = bdrv_open(bs, srcpath, flags, drv);
++    if (ret < 0) {
+         errno = -ret;
+         err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]);
+     }
+diff --git a/qemu-nbd.texi b/qemu-nbd.texi
+index 44996cc..f56c68e 100644
+--- a/tools/qemu-xen/qemu-nbd.texi
++++ b/tools/qemu-xen/qemu-nbd.texi
+@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protocol.
+   disconnect the specified device
+ @item -e, --shared=@var{num}
+   device can be shared by @var{num} clients (default @samp{1})
++@item -f, --format=@var{fmt}
++  force block driver for format @var{fmt} instead of auto-detecting
+ @item -t, --persistent
+   don't exit on the last connection
+ @item -v, --verbose
diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA-49.patch b/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA-49.patch
new file mode 100644
index 000000000000..4b92c7f98d35
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA-49.patch
@@ -0,0 +1,50 @@
+VT-d: don't permit SVT_NO_VERIFY entries for known device types
+
+Only in cases where we don't know what to do we should leave the IRTE
+blank (suppressing all validation), but we should always log a warning
+in those cases (as being insecure).
+
+This is CVE-2013-1952 / XSA-49.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: "Zhang, Xiantao" <xiantao.zhang@intel.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -440,16 +440,15 @@ static void set_msi_source_id(struct pci
+     type = pdev_type(seg, bus, devfn);
+     switch ( type )
+     {
++    case DEV_TYPE_PCIe_ENDPOINT:
+     case DEV_TYPE_PCIe_BRIDGE:
+     case DEV_TYPE_PCIe2PCI_BRIDGE:
+-    case DEV_TYPE_LEGACY_PCI_BRIDGE:
+-        break;
+-
+-    case DEV_TYPE_PCIe_ENDPOINT:
+         set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
+         break;
+ 
+     case DEV_TYPE_PCI:
++    case DEV_TYPE_LEGACY_PCI_BRIDGE:
++    /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
+         ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
+         if ( ret == 0 ) /* integrated PCI device */
+         {
+@@ -461,10 +460,15 @@ static void set_msi_source_id(struct pci
+             if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+-            else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
++            else
+                 set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
++        else
++            dprintk(XENLOG_WARNING VTDPREFIX,
++                    "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
++                    pdev->domain->domain_id,
++                    seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
+         break;
+ 
+     default:
diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA_49.patch b/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA_49.patch
new file mode 100644
index 000000000000..4543f21bc460
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-CVE-2013-1952-XSA_49.patch
@@ -0,0 +1,41 @@
+diff -ur xen-4.2.1.orig/xen/drivers/passthrough/vtd/intremap.c xen-4.2.1/xen/drivers/passthrough/vtd/intremap.c
+--- xen/drivers/passthrough/vtd/intremap.c	2012-12-17 23:01:55.000000000 +0800
++++ xen/drivers/passthrough/vtd/intremap.c	2013-05-15 23:09:06.704546506 +0800
+@@ -440,16 +440,17 @@
+     type = pdev_type(seg, bus, devfn);
+     switch ( type )
+     {
++    case DEV_TYPE_PCIe_ENDPOINT:
+     case DEV_TYPE_PCIe_BRIDGE:
+     case DEV_TYPE_PCIe2PCI_BRIDGE:
+-    case DEV_TYPE_LEGACY_PCI_BRIDGE:
+-        break;
+ 
+-    case DEV_TYPE_PCIe_ENDPOINT:
+         set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
+         break;
+ 
+     case DEV_TYPE_PCI:
++    case DEV_TYPE_LEGACY_PCI_BRIDGE:
++    /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
++
+         ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
+         if ( ret == 0 ) /* integrated PCI device */
+         {
+@@ -461,10 +462,15 @@
+             if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+-            else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
++            else
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
++        else
++            dprintk(XENLOG_WARNING VTDPREFIX,
++                    "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
++                    pdev->domain->domain_id,
++                    seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
+         break;
+ 
+     default:
diff --git a/app-emulation/xen-tools/files/xen-4-ulong.patch b/app-emulation/xen-tools/files/xen-4-ulong.patch
new file mode 100644
index 000000000000..443e321d344c
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-4-ulong.patch
@@ -0,0 +1,11 @@
+diff -ur xen-4.2.2.orig/tools/debugger/gdbsx/xg/xg_main.c xen-4.2.2/tools/debugger/gdbsx/xg/xg_main.c
+--- tools/debugger/gdbsx/xg/xg_main.c	2013-04-24 00:42:55.000000000 +0800
++++ tools/debugger/gdbsx/xg/xg_main.c	2013-05-16 00:22:39.263704336 +0800
+@@ -50,6 +50,7 @@
+ #include "xg_public.h"
+ #include <xen/version.h>
+ #include <xen/domctl.h>
++#include <sys/types.h>
+ #include <xen/sys/privcmd.h>
+ #include <xen/foreign/x86_32.h>
+ #include <xen/foreign/x86_64.h>
diff --git a/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild b/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild
index 7a45893082fc..64c317761e34 100644
--- a/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild
+++ b/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild,v 1.8 2013/02/22 10:36:08 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r1.ebuild,v 1.9 2013/05/15 17:47:47 idella4 Exp $
 
 EAPI=5
 
@@ -183,9 +183,9 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
 
 	# Don't build ipxe with pie on hardened, Bug #360805
-#	if gcc-specs-pie; then
-#		epatch "${FILESDIR}"/ipxe-nopie.patch
-#	fi
+	if gcc-specs-pie; then
+		epatch "${FILESDIR}"/ipxe-nopie.patch
+	fi
 
 	# Prevent double stripping of files at install
 	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
diff --git a/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild b/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild
new file mode 100644
index 000000000000..015e56346ab5
--- /dev/null
+++ b/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild
@@ -0,0 +1,347 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild,v 1.1 2013/05/15 17:47:47 idella4 Exp $
+
+EAPI=5
+
+PYTHON_COMPAT=( python{2_6,2_7} )
+PYTHON_REQ_USE='xml,threads'
+
+IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
+XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
+
+if [[ $PV == *9999 ]]; then
+	KEYWORDS=""
+	REPO="xen-unstable.hg"
+	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+	S="${WORKDIR}/${REPO}"
+	live_eclass="mercurial"
+else
+	KEYWORDS="~amd64 ~x86"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
+	$IPXE_TARBALL_URL
+	$XEN_SEABIOS_URL"
+	S="${WORKDIR}/xen-${PV}"
+fi
+
+inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass}
+
+DESCRIPTION="Xend daemon and tools"
+HOMEPAGE="http://xen.org/"
+DOCS=( README docs/README.xen-bugtool )
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="api custom-cflags debug doc flask hvm qemu ocaml pygrub screen static-libs xend"
+
+REQUIRED_USE="hvm? ( qemu )"
+
+CDEPEND="dev-libs/yajl
+	dev-python/lxml[${PYTHON_USEDEP}]
+	dev-python/pypam[${PYTHON_USEDEP}]
+	dev-python/pyxml[${PYTHON_USEDEP}]
+	sys-libs/zlib
+	sys-power/iasl
+	ocaml? ( dev-ml/findlib )
+	hvm? ( media-libs/libsdl )
+	${PYTHON_DEPS}
+	api? ( dev-libs/libxml2
+		net-misc/curl )
+	${PYTHON_DEPS}
+	pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )"
+DEPEND="${CDEPEND}
+	sys-devel/bin86
+	sys-devel/dev86
+	dev-lang/perl
+	app-misc/pax-utils
+	doc? (
+		app-doc/doxygen
+		dev-tex/latex2html[png,gif]
+		media-gfx/transfig
+		media-gfx/graphviz
+		dev-tex/xcolor
+		dev-texlive/texlive-latexextra
+		virtual/latex-base
+		dev-tex/latexmk
+		dev-texlive/texlive-latex
+		dev-texlive/texlive-pictures
+		dev-texlive/texlive-latexrecommended
+	)
+	hvm? (  x11-proto/xproto
+	)"
+RDEPEND="${CDEPEND}
+	sys-apps/iproute2
+	net-misc/bridge-utils
+	ocaml? ( >=dev-lang/ocaml-3.12.0 )
+	screen? (
+		app-misc/screen
+		app-admin/logrotate
+	)
+	virtual/udev"
+
+# hvmloader is used to bootstrap a fully virtualized kernel
+# Approved by QA team in bug #144032
+QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
+
+RESTRICT="test"
+
+pkg_setup() {
+	python-single-r1_pkg_setup
+	export "CONFIG_LOMOUNT=y"
+
+	if has_version dev-libs/libgcrypt; then
+		export "CONFIG_GCRYPT=y"
+	fi
+
+	if use qemu; then
+		export "CONFIG_IOEMU=y"
+	else
+		export "CONFIG_IOEMU=n"
+	fi
+
+	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
+		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
+		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
+		eerror "to build xen-tools on your current profile."
+		die "USE=hvm is unsupported on this system."
+	fi
+
+	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64 ; then
+			export XEN_TARGET_ARCH="x86_64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	use api     && export "LIBXENAPI_BINDINGS=y"
+	use flask   && export "FLASK_ENABLE=y"
+}
+
+src_prepare() {
+	# Drop .config, fixes to gcc-4.6
+	epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
+
+	# Xend
+	if ! use xend; then
+		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
+			-i tools/misc/Makefile || die "Disabling xend failed"
+		sed -e 's:^XEND_INITD:#XEND_INITD:' \
+			-i tools/examples/Makefile || die "Disabling xend failed"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+
+		# try and remove all the default cflags
+		find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
+			-exec sed \
+				-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+				-i {} + || die "failed to re-set custom-cflags"
+	fi
+
+	if ! use pygrub; then
+		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
+	fi
+
+	# Disable hvm support on systems that don't support x86_32 binaries.
+	if ! use hvm; then
+		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
+		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
+	fi
+
+	# Don't bother with qemu, only needed for fully virtualised guests
+	if ! use qemu; then
+		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
+		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
+	fi
+
+	# Fix texi2html build error with new texi2html
+	epatch "${FILESDIR}"/${PN}-4-docfix.patch
+
+	# Fix network broadcast on bridged networks
+	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
+
+	# Prevent the downloading of ipxe, seabios
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
+	cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
+	mv ../seabios-dir-remote tools/firmware/ || die
+	pushd tools/firmware/ > /dev/null
+	ln -s seabios-dir-remote seabios-dir || die
+	popd > /dev/null
+
+	# Fix bridge by idella4, bug #362575
+	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
+
+	# Don't build ipxe with pie on hardened, Bug #360805
+	if gcc-specs-pie; then
+		epatch "${FILESDIR}"/ipxe-nopie.patch
+	fi
+
+	# Prevent double stripping of files at install
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
+
+	# fix jobserver in Makefile
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
+
+	# add missing typedef
+	epatch "${FILESDIR}"/xen-4-ulong.patch
+
+	#Sec patch, currently valid
+	epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch
+}
+
+src_compile() {
+	export VARTEXFONTS="${T}/fonts"
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	use custom-cflags || unset CFLAGS
+	if test-flag-CC -fno-strict-overflow; then
+		append-flags -fno-strict-overflow
+	fi
+
+	unset LDFLAGS
+	unset CFLAGS
+	emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt}
+
+	use doc && emake -C docs txt html
+	emake -C docs man-pages
+}
+
+src_install() {
+	# Override auto-detection in the build system, bug #382573
+	export INITD_DIR=/tmp/init.d
+	export CONFIG_LEAF_DIR=../tmp/default
+
+	# Let the build system compile installed Python modules.
+	local PYTHONDONTWRITEBYTECODE
+	export PYTHONDONTWRITEBYTECODE
+
+	emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \
+		XEN_PYTHON_NATIVE_INSTALL=y install-tools
+
+	# Fix the remaining Python shebangs.
+	python_fix_shebang "${ED}"
+
+	# Remove RedHat-specific stuff
+	rm -rf "${ED}"tmp || die
+
+	# uncomment lines in xl.conf
+	sed -e 's:^#autoballoon=1:autoballoon=1:' \
+		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
+		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
+		-i tools/examples/xl.conf  || die
+
+	if use doc; then
+		emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
+
+		dohtml -r docs/
+		docinto pdf
+		dodoc ${DOCS[@]}
+		[ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/xen/
+	doman docs/man?/*
+
+	if use xend; then
+		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
+	fi
+	newconfd "${FILESDIR}"/xendomains.confd xendomains
+	newconfd "${FILESDIR}"/xenstored.confd xenstored
+	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
+	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
+	newinitd "${FILESDIR}"/xenstored.initd xenstored
+	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
+
+	if use screen; then
+		cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
+		cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
+		keepdir /var/log/xen-consoles
+	fi
+
+	if use qemu; then
+		mkdir -p "${D}"usr/lib64/xen/bin || die
+		mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/lib64/xen/bin/ || die
+	fi
+
+	# For -static-libs wrt Bug 384355
+	if ! use static-libs; then
+		rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a
+	fi
+
+	# xend expects these to exist
+	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
+
+	# for xendomains
+	keepdir /etc/xen/auto
+
+	# Temp QA workaround
+	dodir "$(udev_get_udevdir)"
+	mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)"
+	rm -rf "${ED}"/etc/udev
+
+	# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
+	find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
+		-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+	elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
+
+	if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
+		echo
+		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
+		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
+		ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
+	fi
+
+	# TODO: we need to have the current Python slot here.
+	if ! has_version "dev-lang/python[ncurses]"; then
+		echo
+		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
+		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
+	fi
+
+	if has_version "sys-apps/iproute2[minimal]"; then
+		echo
+		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
+		ewarn "will not work until you rebuild iproute2 without USE=minimal."
+	fi
+
+	if ! use hvm; then
+		echo
+		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
+		elog "support enable the hvm use flag."
+		elog "An x86 or amd64 multilib system is required to build HVM support."
+		echo
+		elog "The qemu use flag has been removed and replaced with hvm."
+	fi
+
+	if use xend; then
+		echo
+		elog "xend capability has been enabled and installed"
+	fi
+
+	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
+		echo
+		elog "xensv is broken upstream (Gentoo bug #142011)."
+		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
+	fi
+}
diff --git a/app-emulation/xen-tools/xen-tools-4.2.2.ebuild b/app-emulation/xen-tools/xen-tools-4.2.2.ebuild
new file mode 100644
index 000000000000..312cb58f99b0
--- /dev/null
+++ b/app-emulation/xen-tools/xen-tools-4.2.2.ebuild
@@ -0,0 +1,344 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2.ebuild,v 1.1 2013/05/15 17:47:47 idella4 Exp $
+
+EAPI=5
+
+PYTHON_COMPAT=( python{2_6,2_7} )
+PYTHON_REQ_USE='xml,threads'
+
+IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
+XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
+
+if [[ $PV == *9999 ]]; then
+	KEYWORDS=""
+	REPO="xen-unstable.hg"
+	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+	S="${WORKDIR}/${REPO}"
+	live_eclass="mercurial"
+else
+	KEYWORDS="~amd64 ~x86"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
+	$IPXE_TARBALL_URL
+	$XEN_SEABIOS_URL"
+	S="${WORKDIR}/xen-${PV}"
+fi
+
+inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass}
+
+DESCRIPTION="Xend daemon and tools"
+HOMEPAGE="http://xen.org/"
+DOCS=( README docs/README.xen-bugtool )
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen static-libs xend"
+
+REQUIRED_USE="hvm? ( qemu )"
+
+CDEPEND="dev-libs/yajl
+	dev-python/lxml[${PYTHON_USEDEP}]
+	dev-python/pypam[${PYTHON_USEDEP}]
+	dev-python/pyxml[${PYTHON_USEDEP}]
+	sys-libs/zlib
+	sys-power/iasl
+	dev-ml/findlib
+	hvm? ( media-libs/libsdl )
+	${PYTHON_DEPS}
+	api? ( dev-libs/libxml2
+		net-misc/curl )
+	${PYTHON_DEPS}
+	pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )"
+DEPEND="${CDEPEND}
+	sys-devel/bin86
+	sys-devel/dev86
+	dev-lang/perl
+	app-misc/pax-utils
+	doc? (
+		app-doc/doxygen
+		dev-tex/latex2html[png,gif]
+		media-gfx/transfig
+		media-gfx/graphviz
+		dev-tex/xcolor
+		dev-texlive/texlive-latexextra
+		virtual/latex-base
+		dev-tex/latexmk
+		dev-texlive/texlive-latex
+		dev-texlive/texlive-pictures
+		dev-texlive/texlive-latexrecommended
+	)
+	hvm? (  x11-proto/xproto
+	)"
+RDEPEND="${CDEPEND}
+	sys-apps/iproute2
+	net-misc/bridge-utils
+	screen? (
+		app-misc/screen
+		app-admin/logrotate
+	)
+	virtual/udev"
+
+# hvmloader is used to bootstrap a fully virtualized kernel
+# Approved by QA team in bug #144032
+QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
+
+RESTRICT="test"
+
+pkg_setup() {
+	python-single-r1_pkg_setup
+	export "CONFIG_LOMOUNT=y"
+
+	if has_version dev-libs/libgcrypt; then
+		export "CONFIG_GCRYPT=y"
+	fi
+
+	if use qemu; then
+		export "CONFIG_IOEMU=y"
+	else
+		export "CONFIG_IOEMU=n"
+	fi
+
+	if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
+		eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
+		eerror "an amd64 multilib profile is required. Remove the hvm use flag"
+		eerror "to build xen-tools on your current profile."
+		die "USE=hvm is unsupported on this system."
+	fi
+
+	if [[ -z ${XEN_TARGET_ARCH} ]] ; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64 ; then
+			export XEN_TARGET_ARCH="x86_64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	use api     && export "LIBXENAPI_BINDINGS=y"
+	use flask   && export "FLASK_ENABLE=y"
+}
+
+src_prepare() {
+	# Drop .config, fixes to gcc-4.6
+	epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
+
+	# Xend
+	if ! use xend; then
+		sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
+			-i tools/misc/Makefile || die "Disabling xend failed"
+		sed -e 's:^XEND_INITD:#XEND_INITD:' \
+			-i tools/examples/Makefile || die "Disabling xend failed"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+
+		# try and remove all the default cflags
+		find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
+			-exec sed \
+				-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+				-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+				-i {} + || die "failed to re-set custom-cflags"
+	fi
+
+	if ! use pygrub; then
+		sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
+	fi
+
+	# Disable hvm support on systems that don't support x86_32 binaries.
+	if ! use hvm; then
+		sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
+		sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
+	fi
+
+	# Don't bother with qemu, only needed for fully virtualised guests
+	if ! use qemu; then
+		sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
+		sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
+	fi
+
+	# Fix texi2html build error with new texi2html
+	epatch "${FILESDIR}"/${PN}-4-docfix.patch
+
+	# Fix network broadcast on bridged networks
+	epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
+
+	# Prevent the downloading of ipxe, seabios
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
+	cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
+	mv ../seabios-dir-remote tools/firmware/ || die
+	pushd tools/firmware/ > /dev/null
+	ln -s seabios-dir-remote seabios-dir || die
+	popd > /dev/null
+
+	# Fix bridge by idella4, bug #362575
+	epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
+
+	# Don't build ipxe with pie on hardened, Bug #360805
+	if gcc-specs-pie; then
+		epatch "${FILESDIR}"/ipxe-nopie.patch
+	fi
+
+	# Prevent double stripping of files at install
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
+
+	# fix jobserver in Makefile
+	epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
+
+        # add missing header
+        epatch "${FILESDIR}"/xen-4-ulong.patch
+
+	#Sec patch, currently valid
+	epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
+		"${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch
+}
+
+src_compile() {
+	export VARTEXFONTS="${T}/fonts"
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	use custom-cflags || unset CFLAGS
+	if test-flag-CC -fno-strict-overflow; then
+		append-flags -fno-strict-overflow
+	fi
+
+	unset LDFLAGS
+	unset CFLAGS
+	emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt}
+
+	use doc && emake -C docs txt html
+	emake -C docs man-pages
+}
+
+src_install() {
+	# Override auto-detection in the build system, bug #382573
+	export INITD_DIR=/tmp/init.d
+	export CONFIG_LEAF_DIR=../tmp/default
+
+	# Let the build system compile installed Python modules.
+	local PYTHONDONTWRITEBYTECODE
+	export PYTHONDONTWRITEBYTECODE
+
+	emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \
+		XEN_PYTHON_NATIVE_INSTALL=y install-tools
+
+	# Fix the remaining Python shebangs.
+	python_fix_shebang "${ED}"
+
+	# Remove RedHat-specific stuff
+	rm -rf "${ED}"tmp || die
+
+	# uncomment lines in xl.conf
+	sed -e 's:^#autoballoon=1:autoballoon=1:' \
+		-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
+		-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
+		-i tools/examples/xl.conf  || die
+
+	if use doc; then
+		emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
+
+		dohtml -r docs/
+		docinto pdf
+		dodoc ${DOCS[@]}
+		[ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/xen/
+	doman docs/man?/*
+
+	if use xend; then
+		newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
+	fi
+	newconfd "${FILESDIR}"/xendomains.confd xendomains
+	newconfd "${FILESDIR}"/xenstored.confd xenstored
+	newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
+	newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
+	newinitd "${FILESDIR}"/xenstored.initd xenstored
+	newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
+
+	if use screen; then
+		cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
+		cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
+		keepdir /var/log/xen-consoles
+	fi
+
+	if use qemu; then
+		mkdir -p "${D}"usr/lib64/xen/bin || die
+		mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/lib64/xen/bin/ || die
+	fi
+
+	# For -static-libs wrt Bug 384355
+	if ! use static-libs; then
+		rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a
+	fi
+
+	# xend expects these to exist
+	keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
+
+	# for xendomains
+	keepdir /etc/xen/auto
+
+	# Temp QA workaround
+	dodir "$(udev_get_udevdir)"
+	mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)"
+	rm -rf "${ED}"/etc/udev
+
+	# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
+	find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
+		-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+	elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
+
+	if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
+		echo
+		ewarn "xend may not work when python is built with stack smashing protection (ssp)."
+		ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
+		ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
+	fi
+
+	# TODO: we need to have the current Python slot here.
+	if ! has_version "dev-lang/python[ncurses]"; then
+		echo
+		ewarn "NB: Your dev-lang/python is built without USE=ncurses."
+		ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
+	fi
+
+	if has_version "sys-apps/iproute2[minimal]"; then
+		echo
+		ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
+		ewarn "will not work until you rebuild iproute2 without USE=minimal."
+	fi
+
+	if ! use hvm; then
+		echo
+		elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
+		elog "support enable the hvm use flag."
+		elog "An x86 or amd64 multilib system is required to build HVM support."
+		echo
+		elog "The qemu use flag has been removed and replaced with hvm."
+	fi
+
+	if use xend; then
+		echo
+		elog "xend capability has been enabled and installed"
+	fi
+
+	if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
+		echo
+		elog "xensv is broken upstream (Gentoo bug #142011)."
+		elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
+	fi
+}
author	Ian Delaney <idella4@gentoo.org>	2013-05-15 17:48:20 +0000
committer	Ian Delaney <idella4@gentoo.org>	2013-05-15 17:48:20 +0000
commit	ae473f558786d68ee21c26315e3664c9000ea21b (patch)
tree	8c4ebe48022721bed774f517f1c6fba4ccb75d74 /app-emulation/xen-tools
parent	Fix phing dependency on php's xsl extension (diff)
download	historical-ae473f558786d68ee21c26315e3664c9000ea21b.tar.gz historical-ae473f558786d68ee21c26315e3664c9000ea21b.tar.bz2 historical-ae473f558786d68ee21c26315e3664c9000ea21b.zip