* [gentoo-commits] proj/virtualization:master commit in: app-emulation/xen/, app-emulation/xen-tools/, app-emulation/, ...
@ 2011-11-28 18:15 Ian Delaney
0 siblings, 0 replies; only message in thread
From: Ian Delaney @ 2011-11-28 18:15 UTC (permalink / raw
To: gentoo-commits
commit: d6e73198410451ad57c0227af185c4049b75f4eb
Author: Ian Delaney <idell5 <AT> iinet <DOT> com <DOT> au>
AuthorDate: Mon Nov 28 18:08:55 2011 +0000
Commit: Ian Delaney <della5 <AT> iinet <DOT> com <DOT> au>
CommitDate: Mon Nov 28 18:08:55 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/virtualization.git;a=commit;h=d6e73198
Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/virtualization
Conflicts:
app-emulation/xen-tools/Manifest
---
app-emulation/files/Manifest | 7 +
.../files/xen-3.3.0-unexported-target-fix.patch | 21 +
app-emulation/files/xen-3.4.2-CVE-2011-1583.patch | 87 ++++
.../xen-3.4.2-dump_registers-watchdog-fix.patch | 19 +
.../files/xen-3.4.2-fix-__addr_ok-limit.patch | 101 +++++
app-emulation/files/xen-3.4.2-no-DMA.patch | 71 ++++
app-emulation/files/xen-3.4.2-werror-idiocy.patch | 429 ++++++++++++++++++++
app-emulation/files/xen-4.1.1-iommu_sec_fix.patch | 74 ++++
app-emulation/metadata.xml | 15 +
app-emulation/xen-3.4.2-r4.ebuild | 114 ++++++
app-emulation/xen-4.1.1-r2.ebuild | 121 ++++++
app-emulation/xen-9999.ebuild | 117 ++++++
app-emulation/xen-tools/Manifest | 22 +-
app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild | 12 +-
app-emulation/xen-tools/xen-tools-9999.ebuild | 54 +--
app-emulation/xen/Manifest | 14 +
app-emulation/xen/files/Manifest | 7 +
.../files/xen-3.3.0-unexported-target-fix.patch | 21 +
.../xen/files/xen-3.4.2-CVE-2011-1583.patch | 87 ++++
.../xen-3.4.2-dump_registers-watchdog-fix.patch | 19 +
.../xen/files/xen-3.4.2-fix-__addr_ok-limit.patch | 101 +++++
app-emulation/xen/files/xen-3.4.2-no-DMA.patch | 71 ++++
.../xen/files/xen-3.4.2-werror-idiocy.patch | 429 ++++++++++++++++++++
.../xen/files/xen-4.1.1-iommu_sec_fix.patch | 74 ++++
app-emulation/xen/metadata.xml | 15 +
app-emulation/xen/xen-3.4.2-r4.ebuild | 114 ++++++
app-emulation/xen/xen-4.1.1-r2.ebuild | 121 ++++++
app-emulation/xen/xen-9999.ebuild | 117 ++++++
28 files changed, 2413 insertions(+), 41 deletions(-)
diff --git a/app-emulation/files/Manifest b/app-emulation/files/Manifest
new file mode 100644
index 0000000..236346a
--- /dev/null
+++ b/app-emulation/files/Manifest
@@ -0,0 +1,7 @@
+MISC xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
+MISC xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
+MISC xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
+MISC xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
+MISC xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
+MISC xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
+MISC xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
diff --git a/app-emulation/files/xen-3.3.0-unexported-target-fix.patch b/app-emulation/files/xen-3.3.0-unexported-target-fix.patch
new file mode 100644
index 0000000..89f91a4
--- /dev/null
+++ b/app-emulation/files/xen-3.3.0-unexported-target-fix.patch
@@ -0,0 +1,21 @@
+diff -Nru a/tools/ioemu-qemu-xen/xen-setup b/tools/ioemu-qemu-xen/xen-setup
+--- a/tools/ioemu-qemu-xen/xen-setup 2008-08-22 17:56:41.000000000 +0800
++++ b/tools/ioemu-qemu-xen/xen-setup 2009-02-20 10:55:37.000000000 +0800
+@@ -3,6 +3,8 @@
+
+ # git-clean -x -d && ./xen-setup && make prefix=/usr CMDLINE_CFLAGS='-O0 -g' -j4 && make install DESTDIR=`pwd`/dist/ prefix=/usr && rsync -a --stats --delete . thule:shadow/qemu-iwj.git/ && rsync -a --stats dist/. root@thule:/
+
++target=i386-dm
++
+ rm -f $target/Makefile
+ rm -f $target/config.mak
+ rm -f config-host.mak
+@@ -11,8 +13,6 @@
+
+ ./configure --disable-gfx-check --disable-gcc-check --disable-curses --disable-slirp "$@" --prefix=/usr
+
+-target=i386-dm
+-
+ if [ "x$XEN_ROOT" != x ]; then
+ echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak
+ fi
diff --git a/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch b/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch
new file mode 100644
index 0000000..f5cec4d
--- /dev/null
+++ b/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch
@@ -0,0 +1,87 @@
+--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800
++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800
+@@ -308,19 +308,19 @@
+
+ extern struct xc_dom_loader elf_loader;
+
+-static unsigned int payload_offset(struct setup_header *hdr)
++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len)
+ {
+- unsigned int off;
++ if (len > dom->kernel_size)
++ return 0;
++
++ return (memcmp(dom->kernel_blob, magic, len) == 0);
++ }
+
+- off = (hdr->setup_sects + 1) * 512;
+- off += hdr->payload_offset;
+- return off;
+-}
+-
+-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom)
++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose)
+ {
+ struct setup_header *hdr;
+- int ret;
++ uint64_t payload_offset, payload_length;
++ /* int ret; */
+
+ if ( dom->kernel_blob == NULL )
+ {
+@@ -352,20 +352,47 @@
+ return -EINVAL;
+ }
+
+- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr);
+- dom->kernel_size = hdr->payload_length;
++ /* upcast to 64 bits to avoid overflow */
++ /* setup_sects is u8 and so cannot overflow */
++ payload_offset = (hdr->setup_sects + 1) * 512;
++ payload_offset += hdr->payload_offset;
++ payload_length = hdr->payload_length;
+
+- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
+- {
++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
++ {
+ ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
+- if ( ret == -1 )
++ if ( ret == -1 ) */
++ if ( payload_offset >= dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow",
++ __FUNCTION__);
++ return -EINVAL;
++ }
++ if ( (payload_offset + payload_length) > dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow",
++ __FUNCTION__);
++ }
++
++ dom->kernel_blob = dom->kernel_blob + payload_offset;
++ dom->kernel_size = payload_length;
++
++ if ( check_magic(dom, "\037\213", 2) )
++ {
++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 )
+ {
+- xc_dom_panic(XC_INVALID_KERNEL,
+- "%s: unable to gzip decompress kernel\n",
+- __FUNCTION__);
++ if ( verbose )
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n",
++ __FUNCTION__);
+ return -EINVAL;
+ }
+ }
++ else
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n",
++ __FUNCTION__);
++ return -EINVAL;
++ }
+ else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 )
+ {
+ ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size);
diff --git a/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch b/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch
new file mode 100644
index 0000000..7c8ff5b
--- /dev/null
+++ b/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch
@@ -0,0 +1,19 @@
+diff -r 784caad93325 xen/common/keyhandler.c
+--- a/xen/common/keyhandler.c Tue Nov 10 15:03:52 2009 +0000
++++ b/xen/common/keyhandler.c Tue Jan 05 10:47:49 2010 +0000
+@@ -106,6 +106,7 @@
+ unsigned int cpu;
+
+ /* We want to get everything out that we possibly can. */
++ watchdog_disable();
+ console_start_sync();
+
+ printk("'%c' pressed -> dumping registers\n", key);
+@@ -125,6 +126,7 @@
+ printk("\n");
+
+ console_end_sync();
++ watchdog_enable();
+ }
+
+ static void dump_dom0_registers(unsigned char key)
diff --git a/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch b/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch
new file mode 100644
index 0000000..8616008
--- /dev/null
+++ b/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+ Xen Security Advisory CVE-2011-2901 / XSA-4
+ revision no.2
+ Xen <= 3.3 DoS due to incorrect virtual address validation
+
+ISSUE DESCRIPTION
+=================
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half" too,
+via certain hypercalls which ignore virtual-address bits [63:48].
+Vulnerable hypercalls exist only in very old versions of the
+hypervisor.
+
+VULNERABLE SYSTEMS
+==================
+
+All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV
+guests with untrusted administrators are vulnerable.
+
+IMPACT
+======
+
+A malicious guest administrator on a vulnerable system is able to
+crash the host.
+
+There are no known further exploits but these have not been ruled out.
+
+RESOLUTION
+==========
+
+The attached patch resolves the issue.
+
+Alternatively, users may choose to upgrade to a more recent hypervisor
+
+PATCHES
+=======
+
+The following patch resolves this issue.
+
+Filename: fix-__addr_ok-limit.patch
+SHA1: f18bde8d276110451c608a16f577865aa1226b4f
+SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636
+
+This patch should apply cleanly, and fix the problem, for all affected
+versions of Xen.
+
+It is harmless when applied to later hypervisors and will be included
+in the Xen unstable branch in due course.
+
+VERSION HISTORY
+===============
+
+Analysis following version 1 of this advisory (sent out to the
+predisclosure list during the embargo period) indicates that the
+actual DoS vulnerability only exists in very old hypervisors, Xen 3.3
+and earlier, contrary to previous reports.
+
+This advisory is no longer embargoed.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP
+MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD
+7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4
+zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A
+JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT
+2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg=
+=09T8
+-----END PGP SIGNATURE-----
+
+Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half"
+too. Guests may exploit this to gain access to off-limits ranges.
+
+This issue has been assigned CVE-2011-2901.
+
+Signed-off-by: Laszlo Ersek <lersek@...hat.com>
+Signed-off-by: Ian Campbell <ian.campbell@...rix.com>
+
+diff --git a/xen/include/asm-x86/x86_64/uaccess.h
+b/xen/include/asm-x86/x86_64/uaccess.h
+--- a/xen/include/asm-x86/x86_64/uaccess.h
++++ b/xen/include/asm-x86/x86_64/uaccess.h
+@@ -34,7 +34,7 @@
+ * non-canonical address (and thus fault) before ever reaching VIRT_START.
+ */
+ #define __addr_ok(addr) \
+- (((unsigned long)(addr) < (1UL<<48)) || \
++ (((unsigned long)(addr) < (1UL<<47)) || \
+ ((unsigned long)(addr) >= HYPERVISOR_VIRT_END))
+
+ #define access_ok(addr, size) \
diff --git a/app-emulation/files/xen-3.4.2-no-DMA.patch b/app-emulation/files/xen-3.4.2-no-DMA.patch
new file mode 100644
index 0000000..f04d9e2
--- /dev/null
+++ b/app-emulation/files/xen-3.4.2-no-DMA.patch
@@ -0,0 +1,71 @@
+# HG changeset patch
+# User Tim Deegan <Tim.Deegan@citrix.com>
+# Date 1313145221 -3600
+# Node ID 84e3706df07a1963e23cd3875d8603917657d462
+# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
+Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
+
+This stops the card from raising back-to-back faults and live-locking
+the CPU that handles them.
+
+Signed-off-by: Tim Deegan <tim@xen.org>
+Acked-by: Wei Wang2 <wei.wang2@amd.com>
+Acked-by: Allen M Kay <allen.m.kay@intel.com>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c.orig Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
+@@ -733,7 +733,7 @@
+ while (1)
+ {
+ u8 fault_reason;
+- u16 source_id;
++ u16 source_id, cword;
+ u32 data;
+ u64 guest_addr;
+ int type;
+@@ -766,6 +766,14 @@
+ iommu_page_fault_do_one(iommu, type, fault_reason,
+ source_id, guest_addr);
+
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++
+ fault_index++;
+ if ( fault_index > cap_num_fault_regs(iommu->cap) )
+ fault_index = 0;
+
+--- a/xen/drivers/passthrough/amd/iommu_init.c.orig Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
+@@ -415,7 +415,7 @@
+
+ static void parse_event_log_entry(u32 entry[])
+ {
+- u16 domain_id, device_id;
++ u16 domain_id, device_id, bdf, cword;
+ u32 code;
+ u64 *addr;
+ char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
+@@ -449,6 +449,18 @@
+ printk(XENLOG_ERR "AMD-Vi: "
+ "%s: domain = %d, device id = 0x%04x, fault address = 0x%"PRIx64"\n",
+ event_str[code-1], domain_id, device_id, *addr);
++
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
++ if ( get_dma_requestor_id(bdf) == device_id )
++ {
++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++ }
+ }
+ }
+
diff --git a/app-emulation/files/xen-3.4.2-werror-idiocy.patch b/app-emulation/files/xen-3.4.2-werror-idiocy.patch
new file mode 100644
index 0000000..7f5b3cb
--- /dev/null
+++ b/app-emulation/files/xen-3.4.2-werror-idiocy.patch
@@ -0,0 +1,429 @@
+diff -ur xen-3.4.2.orig//Config.mk xen-3.4.2//Config.mk
+--- xen-3.4.2.orig//Config.mk 2009-11-10 23:16:03.000000000 +0800
++++ xen-3.4.2//Config.mk 2011-09-25 02:34:11.605793042 +0800
+@@ -14,7 +14,7 @@
+
+ # Tools to run on system hosting the build
+ HOSTCC = gcc
+-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
++HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
+ HOSTCFLAGS += -fno-strict-aliasing
+
+ DISTDIR ?= $(XEN_ROOT)/dist
+diff -ur xen-3.4.2.orig//extras/mini-os/minios.mk xen-3.4.2//extras/mini-os/minios.mk
+--- xen-3.4.2.orig//extras/mini-os/minios.mk 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//extras/mini-os/minios.mk 2011-09-25 02:34:11.855793042 +0800
+@@ -6,7 +6,7 @@
+
+ # Define some default flags.
+ # NB. '-Wcast-qual' is nasty, so I omitted it.
+-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls
++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
+ DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
+ DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline)
+ DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline
+diff -ur xen-3.4.2.orig//tools/blktap/drivers/Makefile xen-3.4.2//tools/blktap/drivers/Makefile
+--- xen-3.4.2.orig//tools/blktap/drivers/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/blktap/drivers/Makefile 2011-09-25 02:34:11.750793042 +0800
+@@ -5,7 +5,7 @@
+ QCOW_UTIL = img2qcow qcow2raw qcow-create
+ LIBAIO_DIR = ../../libaio/src
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -I../lib
+ CFLAGS += $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/blktap/lib/Makefile xen-3.4.2//tools/blktap/lib/Makefile
+--- xen-3.4.2.orig//tools/blktap/lib/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/blktap/lib/Makefile 2011-09-25 02:34:11.748793042 +0800
+@@ -13,7 +13,7 @@
+ SRCS :=
+ SRCS += xenbus.c blkif.c xs_api.c
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -fPIC
+ # get asprintf():
+diff -ur xen-3.4.2.orig//tools/console/Makefile xen-3.4.2//tools/console/Makefile
+--- xen-3.4.2.orig//tools/console/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/console/Makefile 2011-09-25 02:34:11.704793042 +0800
+@@ -2,7 +2,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+ CFLAGS += $(CFLAGS_libxenstore)
+diff -ur xen-3.4.2.orig//tools/debugger/xenitp/Makefile xen-3.4.2//tools/debugger/xenitp/Makefile
+--- xen-3.4.2.orig//tools/debugger/xenitp/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/debugger/xenitp/Makefile 2011-09-25 02:34:11.744793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-#CFLAGS += -Werror -g -O0
++#CFLAGS += -g -O0
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/firmware/Rules.mk xen-3.4.2//tools/firmware/Rules.mk
+--- xen-3.4.2.orig//tools/firmware/Rules.mk 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/firmware/Rules.mk 2011-09-25 02:34:11.565793045 +0800
+@@ -10,7 +10,7 @@
+ CFLAGS += -DNDEBUG
+ endif
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ # Disable PIE/SSP if GCC supports them. They can break us.
+ $(call cc-option-add,CFLAGS,CC,-nopie)
+diff -ur xen-3.4.2.orig//tools/flask/libflask/Makefile xen-3.4.2//tools/flask/libflask/Makefile
+--- xen-3.4.2.orig//tools/flask/libflask/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/flask/libflask/Makefile 2011-09-25 02:34:11.657793042 +0800
+@@ -9,7 +9,7 @@
+ SRCS :=
+ SRCS += flask_op.c
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) -I$(XEN_INCLUDE)
+
+diff -ur xen-3.4.2.orig//tools/flask/loadpolicy/Makefile xen-3.4.2//tools/flask/loadpolicy/Makefile
+--- xen-3.4.2.orig//tools/flask/loadpolicy/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/flask/loadpolicy/Makefile 2011-09-25 02:34:11.660793042 +0800
+@@ -6,7 +6,7 @@
+ LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask
+
+ PROFILE=#-pg
+-BASECFLAGS=-Wall -g -Werror
++BASECFLAGS=-Wall -g
+ BASECFLAGS+= $(PROFILE)
+ #BASECFLAGS+= -I$(XEN_ROOT)/tools
+ BASECFLAGS+= $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/fs-back/Makefile xen-3.4.2//tools/fs-back/Makefile
+--- xen-3.4.2.orig//tools/fs-back/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/fs-back/Makefile 2011-09-25 02:34:11.637793042 +0800
+@@ -5,7 +5,7 @@
+
+ IBIN = fs-backend
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/configure xen-3.4.2//tools/ioemu-qemu-xen/configure
+--- xen-3.4.2.orig//tools/ioemu-qemu-xen/configure 2009-11-05 19:44:56.000000000 +0800
++++ xen-3.4.2//tools/ioemu-qemu-xen/configure 2011-09-25 02:34:11.888793042 +0800
+@@ -468,7 +468,7 @@
+ CFLAGS="$CFLAGS -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls"
+ LDFLAGS="$LDFLAGS -g"
+ if test "$werror" = "yes" ; then
+-CFLAGS="$CFLAGS -Werror"
++CFLAGS="$CFLAGS"
+ fi
+
+ if test "$solaris" = "no" ; then
+@@ -1150,7 +1150,7 @@
+ echo "sparse enabled $sparse"
+ echo "profiler $profiler"
+ echo "static build $static"
+-echo "-Werror enabled $werror"
++
+ if test "$darwin" = "yes" ; then
+ echo "Cocoa support $cocoa"
+ fi
+diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target
+--- xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:33:23.946793064 +0800
++++ xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:34:11.584793042 +0800
+@@ -26,7 +26,7 @@
+ TARGET_PATH=$(SRC_PATH)/target-$(TARGET_BASE_ARCH)
+ VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw
+ CPPFLAGS=-I. -I.. -I$(TARGET_PATH) -I$(SRC_PATH) -MMD -MT $@ -MP -DNEED_CPU_H
+-#CFLAGS+=-Werror
++#CFLAGS+=
+ LIBS=
+ # user emulator name
+ ifndef TARGET_ARCH2
+diff -ur xen-3.4.2.orig//tools/libaio/harness/Makefile xen-3.4.2//tools/libaio/harness/Makefile
+--- xen-3.4.2.orig//tools/libaio/harness/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libaio/harness/Makefile 2011-09-25 02:34:11.674793042 +0800
+@@ -4,7 +4,7 @@
+ HARNESS_SRCS:=main.c
+ # io_queue.c
+
+-CFLAGS=-Wall -Werror -g -O -laio
++CFLAGS=-Wall -g -O -laio
+ #-lpthread -lrt
+
+ all: $(PROGS)
+diff -ur xen-3.4.2.orig//tools/libfsimage/Rules.mk xen-3.4.2//tools/libfsimage/Rules.mk
+--- xen-3.4.2.orig//tools/libfsimage/Rules.mk 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libfsimage/Rules.mk 2011-09-25 02:34:11.566793044 +0800
+@@ -1,6 +1,6 @@
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ -Werror
++CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/
+ LDFLAGS += -L../common/
+
+ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
+diff -ur xen-3.4.2.orig//tools/libxc/Makefile xen-3.4.2//tools/libxc/Makefile
+--- xen-3.4.2.orig//tools/libxc/Makefile 2011-09-25 02:33:23.987793064 +0800
++++ xen-3.4.2//tools/libxc/Makefile 2011-09-25 02:34:11.687793042 +0800
+@@ -52,7 +52,7 @@
+
+ -include $(XEN_TARGET_ARCH)/Makefile
+
+-CFLAGS += -Werror -Wmissing-prototypes
++CFLAGS += -Wmissing-prototypes
+ CFLAGS += $(INCLUDES) -I. -I../xenstore -I../include
+
+ # Needed for posix_fadvise64() in xc_linux.c
+diff -ur xen-3.4.2.orig//tools/libxen/Makefile.dist xen-3.4.2//tools/libxen/Makefile.dist
+--- xen-3.4.2.orig//tools/libxen/Makefile.dist 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libxen/Makefile.dist 2011-09-25 02:34:11.593793042 +0800
+@@ -22,7 +22,7 @@
+ CFLAGS = -Iinclude \
+ $(shell xml2-config --cflags) \
+ $(shell curl-config --cflags) \
+- -W -Wall -Wmissing-prototypes -Werror -std=c99 -O2 -fPIC
++ -W -Wall -Wmissing-prototypes -std=c99 -O2 -fPIC
+
+ LDFLAGS = $(shell xml2-config --libs) \
+ $(shell curl-config --libs)
+diff -ur xen-3.4.2.orig//tools/misc/lomount/Makefile xen-3.4.2//tools/misc/lomount/Makefile
+--- xen-3.4.2.orig//tools/misc/lomount/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/misc/lomount/Makefile 2011-09-25 02:34:11.666793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ HDRS = $(wildcard *.h)
+ OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
+diff -ur xen-3.4.2.orig//tools/misc/Makefile xen-3.4.2//tools/misc/Makefile
+--- xen-3.4.2.orig//tools/misc/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/misc/Makefile 2011-09-25 02:34:11.669793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ INCLUDES += -I $(XEN_XC)
+ INCLUDES += -I $(XEN_LIBXC)
+diff -ur xen-3.4.2.orig//tools/pygrub/setup.py xen-3.4.2//tools/pygrub/setup.py
+--- xen-3.4.2.orig//tools/pygrub/setup.py 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/pygrub/setup.py 2011-09-25 02:34:11.901793042 +0800
+@@ -3,7 +3,7 @@
+ import os
+ import sys
+
+-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_compile_args = [ "-fno-strict-aliasing" ]
+
+ XEN_ROOT = "../.."
+
+diff -ur xen-3.4.2.orig//tools/python/setup.py xen-3.4.2//tools/python/setup.py
+--- xen-3.4.2.orig//tools/python/setup.py 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/python/setup.py 2011-09-25 02:34:11.897793042 +0800
+@@ -4,7 +4,7 @@
+
+ XEN_ROOT = "../.."
+
+-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_compile_args = [ "-fno-strict-aliasing" ]
+
+ include_dirs = [ XEN_ROOT + "/tools/libxc",
+ XEN_ROOT + "/tools/xenstore",
+diff -ur xen-3.4.2.orig//tools/security/Makefile xen-3.4.2//tools/security/Makefile
+--- xen-3.4.2.orig//tools/security/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/security/Makefile 2011-09-25 02:34:11.701793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT = ../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += -I. $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/vnet/libxutil/Makefile xen-3.4.2//tools/vnet/libxutil/Makefile
+--- xen-3.4.2.orig//tools/vnet/libxutil/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vnet/libxutil/Makefile 2011-09-25 02:34:11.694793042 +0800
+@@ -25,7 +25,7 @@
+ PIC_OBJS := $(LIB_SRCS:.c=.opic)
+
+ $(call cc-option-add,CFLAGS,CC,-fgnu89-inline)
+-CFLAGS += -Werror -fno-strict-aliasing
++CFLAGS += -fno-strict-aliasing
+ CFLAGS += -O3
+ #CFLAGS += -g
+
+diff -ur xen-3.4.2.orig//tools/vtpm/Rules.mk xen-3.4.2//tools/vtpm/Rules.mk
+--- xen-3.4.2.orig//tools/vtpm/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vtpm/Rules.mk 2011-09-25 02:34:11.563793044 +0800
+@@ -9,7 +9,7 @@
+ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
+
+ # General compiler flags
+-CFLAGS = -Werror -g3 -I.
++CFLAGS = -g3 -I.
+
+ # Generic project files
+ HDRS = $(wildcard *.h)
+diff -ur xen-3.4.2.orig//tools/vtpm_manager/Rules.mk xen-3.4.2//tools/vtpm_manager/Rules.mk
+--- xen-3.4.2.orig//tools/vtpm_manager/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vtpm_manager/Rules.mk 2011-09-25 02:34:11.562793042 +0800
+@@ -9,7 +9,7 @@
+ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
+
+ # General compiler flags
+-CFLAGS = -Werror -g3 -I.
++CFLAGS = -g3 -I.
+
+ # Generic project files
+ HDRS = $(wildcard *.h)
+diff -ur xen-3.4.2.orig//tools/xcutils/Makefile xen-3.4.2//tools/xcutils/Makefile
+--- xen-3.4.2.orig//tools/xcutils/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xcutils/Makefile 2011-09-25 02:34:11.636793042 +0800
+@@ -11,7 +11,7 @@
+ XEN_ROOT = ../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxenstore)
+
+ PROGRAMS = xc_restore xc_save readnotes lsevtchn
+diff -ur xen-3.4.2.orig//tools/xenmon/Makefile xen-3.4.2//tools/xenmon/Makefile
+--- xen-3.4.2.orig//tools/xenmon/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenmon/Makefile 2011-09-25 02:34:11.641793042 +0800
+@@ -13,7 +13,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -I $(XEN_XC)
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDFLAGS += $(LDFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/xenpmd/Makefile xen-3.4.2//tools/xenpmd/Makefile
+--- xen-3.4.2.orig//tools/xenpmd/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenpmd/Makefile 2011-09-25 02:34:11.656793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += $(CFLAGS_libxenstore)
+ LDFLAGS += $(LDFLAGS_libxenstore)
+
+diff -ur xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile xen-3.4.2//tools/xenstat/libxenstat/Makefile
+--- xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstat/libxenstat/Makefile 2011-09-25 02:34:11.681793042 +0800
+@@ -34,7 +34,7 @@
+ OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
+ SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
+
+-WARN_FLAGS=-Wall -Werror
++WARN_FLAGS=-Wall
+
+ CFLAGS+=-Isrc -I$(XEN_LIBXC) -I$(XEN_XENSTORE) -I$(XEN_INCLUDE)
+ LDFLAGS+=-Lsrc -L$(XEN_XENSTORE)/ -L$(XEN_LIBXC)/
+diff -ur xen-3.4.2.orig//tools/xenstat/xentop/Makefile xen-3.4.2//tools/xenstat/xentop/Makefile
+--- xen-3.4.2.orig//tools/xenstat/xentop/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstat/xentop/Makefile 2011-09-25 02:34:11.684793042 +0800
+@@ -18,7 +18,7 @@
+ all install xentop:
+ else
+
+-CFLAGS += -DGCC_PRINTF -Wall -Werror -I$(XEN_LIBXENSTAT)
++CFLAGS += -DGCC_PRINTF -Wall -I$(XEN_LIBXENSTAT)
+ LDFLAGS += -L$(XEN_LIBXENSTAT)
+ LDLIBS += -lxenstat $(CURSES_LIBS) $(SOCKET_LIBS)
+ CFLAGS += -DHOST_$(XEN_OS)
+diff -ur xen-3.4.2.orig//tools/xenstore/Makefile xen-3.4.2//tools/xenstore/Makefile
+--- xen-3.4.2.orig//tools/xenstore/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstore/Makefile 2011-09-25 02:34:11.640793042 +0800
+@@ -4,7 +4,7 @@
+ MAJOR = 3.0
+ MINOR = 0
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -I.
+ CFLAGS += $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/xenstore/xenstored_core.c xen-3.4.2//tools/xenstore/xenstored_core.c
+--- xen-3.4.2.orig//tools/xenstore/xenstored_core.c 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstore/xenstored_core.c 2011-09-25 02:34:11.845793042 +0800
+@@ -865,7 +865,7 @@
+ {
+ unsigned int offset, datalen;
+ struct node *node;
+- char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */
++ char *vec[1] = { NULL }; /* gcc4 + -W + fucks code. */
+ char *name;
+
+ /* Extra "strings" can be created by binary data. */
+diff -ur xen-3.4.2.orig//tools/xentrace/Makefile xen-3.4.2//tools/xentrace/Makefile
+--- xen-3.4.2.orig//tools/xentrace/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xentrace/Makefile 2011-09-25 02:34:11.745793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDFLAGS += $(LDFLAGS_libxenctrl)
+Only in xen-3.4.2/: Werror.sh
+diff -ur xen-3.4.2.orig//xen/arch/ia64/Rules.mk xen-3.4.2//xen/arch/ia64/Rules.mk
+--- xen-3.4.2.orig//xen/arch/ia64/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/ia64/Rules.mk 2011-09-25 02:34:11.570793042 +0800
+@@ -68,7 +68,7 @@
+ CFLAGS += -DCONFIG_XEN_IA64_TLBFLUSH_CLOCK
+ endif
+ ifeq ($(no_warns),y)
+-CFLAGS += -Wa,--fatal-warnings -Werror -Wno-uninitialized
++CFLAGS += -Wa,--fatal-warnings -Wno-uninitialized
+ endif
+ ifneq ($(vhpt_disable),y)
+ CFLAGS += -DVHPT_ENABLED=1
+diff -ur xen-3.4.2.orig//xen/arch/x86/boot/build32.mk xen-3.4.2//xen/arch/x86/boot/build32.mk
+--- xen-3.4.2.orig//xen/arch/x86/boot/build32.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/x86/boot/build32.mk 2011-09-25 02:34:11.914793042 +0800
+@@ -8,7 +8,7 @@
+ $(call cc-option-add,CFLAGS,CC,-fno-stack-protector)
+ $(call cc-option-add,CFLAGS,CC,-fno-stack-protector-all)
+
+-CFLAGS += -Werror -fno-builtin -msoft-float
++CFLAGS += -fno-builtin -msoft-float
+
+ # NB. awk invocation is a portable alternative to 'head -n -1'
+ %.S: %.bin
+diff -ur xen-3.4.2.orig//xen/arch/x86/Rules.mk xen-3.4.2//xen/arch/x86/Rules.mk
+--- xen-3.4.2.orig//xen/arch/x86/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/x86/Rules.mk 2011-09-25 02:34:11.572793042 +0800
+@@ -17,7 +17,7 @@
+ endif
+
+ CFLAGS += -fno-builtin -fno-common
+-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
+ CFLAGS += -I$(BASEDIR)/include
+ CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic
+ CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
\ No newline at end of file
diff --git a/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch b/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch
new file mode 100644
index 0000000..737c2bd
--- /dev/null
+++ b/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch
@@ -0,0 +1,74 @@
+
+# HG changeset patch
+# User Tim Deegan <Tim.Deegan@citrix.com>
+# Date 1313145221 -3600
+# Node ID 84e3706df07a1963e23cd3875d8603917657d462
+# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
+Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
+
+This stops the card from raising back-to-back faults and live-locking
+the CPU that handles them.
+
+Signed-off-by: Tim Deegan <tim@xen.org>
+Acked-by: Wei Wang2 <wei.wang2@amd.com>
+Acked-by: Allen M Kay <allen.m.kay@intel.com>
+
+diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/amd/iommu_init.c
+--- a/xen/drivers/passthrough/amd/iommu_init.c Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
+@@ -462,7 +462,7 @@
+
+ static void parse_event_log_entry(u32 entry[])
+ {
+- u16 domain_id, device_id;
++ u16 domain_id, device_id, bdf, cword;
+ u32 code;
+ u64 *addr;
+ char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
+@@ -497,6 +497,18 @@
+ "%s: domain = %d, device id = 0x%04x, "
+ "fault address = 0x%"PRIx64"\n",
+ event_str[code-1], domain_id, device_id, *addr);
++
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
++ if ( get_dma_requestor_id(bdf) == device_id )
++ {
++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++ }
+ }
+ else
+ {
+diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/vtd/iommu.c
+--- a/xen/drivers/passthrough/vtd/iommu.c Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
+@@ -893,7 +893,7 @@
+ while (1)
+ {
+ u8 fault_reason;
+- u16 source_id;
++ u16 source_id, cword;
+ u32 data;
+ u64 guest_addr;
+ int type;
+@@ -926,6 +926,14 @@
+ iommu_page_fault_do_one(iommu, type, fault_reason,
+ source_id, guest_addr);
+
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++
+ fault_index++;
+ if ( fault_index > cap_num_fault_regs(iommu->cap) )
+ fault_index = 0;
+
diff --git a/app-emulation/metadata.xml b/app-emulation/metadata.xml
new file mode 100644
index 0000000..6550459
--- /dev/null
+++ b/app-emulation/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>xen</herd>
+ <maintainer>
+ <email>johneed@hotmail.com</email>
+ <name>Ian Delaney aka idella4 proxy maintainer</name>
+ </maintainer>
+ <use>
+ <flag name='acm'>Enable the ACM/sHype XSM module from IBM</flag>
+ <flag name='flask'>Enable the Flask XSM module from NSA</flag>
+ <flag name='pae'>Enable support for PAE kernels (usually x86-32 with >4GB memory)</flag>
+ <flag name='xsm'>Enable the Xen Security Modules (XSM)</flag>
+ </use>
+</pkgmetadata>
diff --git a/app-emulation/xen-3.4.2-r4.ebuild b/app-emulation/xen-3.4.2-r4.ebuild
new file mode 100644
index 0000000..643ade2
--- /dev/null
+++ b/app-emulation/xen-3.4.2-r4.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.3 2011/10/15 19:38:16 hwoarang Exp $
+
+EAPI=2
+
+inherit mount-boot flag-o-matic toolchain-funcs base
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="debug custom-cflags pae acm flask xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )
+ >=sys-kernel/xen-sources-2.6.18"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+PATCHES=(
+ "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch
+ "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch
+ "${FILESDIR}/"${P}-no-DMA.patch
+ "${FILESDIR}/"${P}-werror-idiocy.patch
+ "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch
+ "${FILESDIR}/"${P}-CVE-2011-1583.patch
+)
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+pkg_setup() {
+ if [ -x "${S}/.config/" ]; then
+ die "You will need to remove ${S}/.config by hand"
+ fi
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use xsm ; then
+ export "XSM_ENABLE=y"
+ use acm && export "ACM_SECURITY=y"
+ if use flask ; then
+ ! use acm && export "FLASK_ENABLE=y"
+ use acm && ewarn "Both acm and flask XSM specified, defaulting to acm."
+ fi
+ elif use acm || use flask ; then
+ ewarn "acm and flask require USE=xsm to be set, dropping use flags"
+ fi
+}
+
+src_prepare() {
+ base_src_prepare
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+}
+
+src_compile() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed"
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
diff --git a/app-emulation/xen-4.1.1-r2.ebuild b/app-emulation/xen-4.1.1-r2.ebuild
new file mode 100644
index 0000000..4b3a74b
--- /dev/null
+++ b/app-emulation/xen-4.1.1-r2.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.1.1-r2.ebuild,v 1.7 2011/11/08 23:46:38 mr_bones_ Exp $
+
+EAPI="4"
+
+if [[ $PV == *9999 ]]; then
+ KEYWORDS=""
+ REPO="xen-unstable.hg"
+ EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+ S="${WORKDIR}/${REPO}"
+ live_eclass="mercurial"
+else
+ KEYWORDS="amd64 x86"
+ SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+fi
+
+inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug flask pae xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="
+ flask? ( xsm )
+ "
+
+pkg_setup() {
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ elif use xsm ; then
+ export "XSM_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \; || die "failed to set custom-cflags"
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /' || die "failed to remove -Werror"
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to remove -Werror on setup.py"
+
+ # Add sccurity fix bug #379241
+ epatch "${FILESDIR}/${P}-iommu_sec_fix.patch"
+}
+
+src_configure() {
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
diff --git a/app-emulation/xen-9999.ebuild b/app-emulation/xen-9999.ebuild
new file mode 100644
index 0000000..c3e1126
--- /dev/null
+++ b/app-emulation/xen-9999.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-9999.ebuild,v 1.4 2011/09/11 14:48:15 alexxy Exp $
+
+EAPI="4"
+
+if [[ $PV == *9999 ]]; then
+ KEYWORDS=""
+ REPO="xen-unstable.hg"
+ EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+ S="${WORKDIR}/${REPO}"
+ live_eclass="mercurial"
+else
+ KEYWORDS="~amd64 ~x86"
+ SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+fi
+
+inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug flask pae xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="flask? ( xsm )"
+
+pkg_setup() {
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ elif use xsm ; then
+ export "XSM_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /'
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+}
+
+src_configure() {
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
diff --git a/app-emulation/xen-tools/Manifest b/app-emulation/xen-tools/Manifest
index a4ed5c6..37a1e0c 100644
--- a/app-emulation/xen-tools/Manifest
+++ b/app-emulation/xen-tools/Manifest
@@ -1,2 +1,20 @@
-DIST ipxe-git-v1.0.0.tar.gz 1996881 SHA256 d3128bfda9a1542049c278755f85bbcbb8441da7bfd702d511ce237fcf86a723 SHA512 6921fb857ca615899a5912d5590ca36b6f46daf828b85edc75461c08a189d9fed71ee74a82e42724da7a1355e45070d28a0a61694b3a4872c3554390e4bb4147 WHIRLPOOL 160e24eea479c9d67a8a5c7c5182864904ee594167f061adc40a3e74974197b6befe2ecdb76af1c101ff1a5697b060dae71dd3f9f969c8e18054526584d57031
-DIST xen-4.1.2.tar.gz 10365786 SHA256 7d9c93057cf480d3f1efa792b19285a84fa3c06060ea5c5c453be00887389b0d SHA512 8f50f238b0b474ec5556279cbd51d704b4365033f2541a5d0376f287b26b7e8f0193172041109d97bb76d35ace3adf71e12f89f5766ff79a8ea861e7282f00d7 WHIRLPOOL 93a4bdd05125ef722464ef682798191c8b3db7228cbc0a27bcbe7932a7776491f90e727e1fcc4a9e7ec3eada7f56c567c07ad61cdda2f514109f702800fe5566
+AUX ipxe-nopie.patch 952 RMD160 243c65b1e9e27fde14b10c5f605cce635de88032 SHA1 06870bb3bb063aabe16e721f487f0756a5889e8f SHA256 22d1e84568e4bdf204404c45cd4d323a78a1b5a5a29cc4a0707894e22f40bd48
+AUX xen-consoles.logrotate 63 RMD160 035bd8baf1ba68a5525bab4379c0c4e350001a74 SHA1 6f88a4da3349aade6070dfc5c4465e2c00f3e68c SHA256 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19
+AUX xen-tools-3.3.0-nostrip.patch 1021 RMD160 f702b588596dfdebf71fafbf866d270ac5bb549e SHA1 bb4db097af6e206ed68bcc1a1c3ef48b02e9a4c5 SHA256 2debac718c01a7eac4daf3182a7ae04aa562137d791cd510ecf1848d7eaccebd
+AUX xen-tools-3.4.0-network-bridge-broadcast.patch 496 RMD160 3a8c57fe70837861f6f69d1d260c6fa6adad43e3 SHA1 cc02643eee7a39e97b53674066516c80ec0c3b38 SHA256 d00a1954447fc29500ab2f1a8c7900310e0dee81942be5c922ad66b6b42dfb74
+AUX xen-tools-4.1.1-bridge.patch 449 RMD160 165524a3a92014f79e886b0a20dba8b1c1920cc2 SHA1 32db884422a48819d71003860f99779b7b82540a SHA256 71eea5408e3600c3c6f7ce4e8363ea2c19db36c1882e20cf0ef8143af527782b
+AUX xen-tools-4.1.1-curl.patch 550 RMD160 87e09f92f292d89c86416036d4207b0460a3dc6e SHA1 dec0e47d62d85cb21d9fb6d097ab183f02b80310 SHA256 4bdb2875b36e7dbb0bd8d61b697da78007bb22922f56e020795c91ebb9ddd50b
+AUX xen-tools-4.1.2-pyxml.patch 408 RMD160 131ff6e6a1b3bd71ff584d3cbfca4b078abd77b1 SHA1 5fa6ce64ef125e97df65ed357e1c40964a7a3619 SHA256 6a8d8ca5478bc68850fd930749ca22207807c87f8624c0c3596a8cd70bc06c65
+AUX xenconsoled.confd 44 RMD160 0134f85258cf524807c4e2eae94739a70808c20d SHA1 6435bba449e9cffd3f99c5afdeb3cc37ecbd744d SHA256 2a74be03eb74f6013242a4a5d721df6cb9b959b43c405de1e32813f52d749060
+AUX xenconsoled.initd 652 RMD160 5aa785e9c73c5eb8460863af2c1bc50d2a07faf4 SHA1 dceffade1f3f5f2503fc6c3ccb4b9f9788365d00 SHA256 1a5594e4e924b94490c5c942b1b63e5fe857b8ad8061060e5d8a3bdfc9f0f1b7
+AUX xend.initd-r2 1064 RMD160 07b94d60a9c93577864086945389ef9821913522 SHA1 60f246da00f829776f1bb9a16ec07a6f91cbd24e SHA256 b9dcd925856eb5213b9052169492492d686b5d1ccae65b1c94a8ac944708d155
+AUX xendomains-screen.confd 594 RMD160 79c7a3546cf1d3f8558c2120d6e8c93c753e66b9 SHA1 7f9ed2986495d5fa4a6f8b050cd632fde6a19994 SHA256 c4d7ffcdbeccc5e93460e2abbf70d642a78a363d79ccbbce0407f50cace54e0a
+AUX xendomains.confd 291 RMD160 75d55db5360da12fc3d721c37001ccbfbb844e52 SHA1 e7be8973a4bcbfc7680258e369b07e2ed097ef49 SHA256 2fac318bb96b357dd185f7729d83c0a0b941799cdb89c24ed83051bb085735dc
+AUX xendomains.initd-r2 2933 RMD160 31d35c58d0286a34bebd636e85a9368054b8f6c0 SHA1 5e9cbdb5f2b1770bf30ba99ca7c67dbf38b78e84 SHA256 da69c146e5213df5376bd9b2758d9d5957c802e5513c6ea510e604d00f1d9e40
+AUX xenstored.confd 42 RMD160 3407e1ff0958d5797e257da284798a21fe31a5db SHA1 c18f64d2a41de25695b7dfb924478e3fa64ed0c3 SHA256 afcc14f014fe4ec478f85d230efefba9ffad024bf8c83b30074e8a3712cc7831
+AUX xenstored.initd 812 RMD160 57a880e0024f3733bb3ebe945389eed6474b96f5 SHA1 9837c052afac31ee623ef02280a43114866869c8 SHA256 8f9df8ad835e45f9c995244e9e80d1a9ee630787bf2da88b7c4a73354d056fd8
+DIST ipxe-git-v1.0.0.tar.gz 1996881 RMD160 dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 SHA1 da052c8de5f3485fe0253c19cf52ed6d72528485 SHA256 d3128bfda9a1542049c278755f85bbcbb8441da7bfd702d511ce237fcf86a723
+DIST xen-4.1.2.tar.gz 10365786 RMD160 457797ec4be286afbbcad940a9ce04e44f3f40d6 SHA1 db584cb0a0cc614888d7df3b196d514fdb2edd6e SHA256 7d9c93057cf480d3f1efa792b19285a84fa3c06060ea5c5c453be00887389b0d
+EBUILD xen-tools-4.1.2-r2.ebuild 9745 RMD160 3eee671f1e60d1eab97bc4fdc922eb3fe5407913 SHA1 59db466f30d1f46130dcbc28edf83dc8649ab668 SHA256 dabaa91efc5c13c2c0d85c99b653a2c58935188db0074a043aaef81a0f8a6f6c
+EBUILD xen-tools-9999.ebuild 9220 RMD160 c4bccde67520da1d5f66123fe604876b9a6e96a7 SHA1 2465ef2e555b74dcae600af204d5c3c651fa6f9c SHA256 5a393d34346484b642c6ec3d73c6a0b4b5cfdf3d5604bbb23a3f6087ef4fd1e0
+MISC metadata.xml 821 RMD160 a05d03fc9accefb4261be9a66ce63d25db2134ae SHA1 8abd3ea5f2c54c1682af838c9d13df43ef13897e SHA256 5e77961ab06a700cc9292df0bce39dca6803a019720ca915baf43b50c2916f02
diff --git a/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild b/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
index 2a305e5..b32b668 100644
--- a/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
+++ b/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
@@ -3,7 +3,6 @@
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.1.2-r1.ebuild,v 1.1 2011/11/11 17:50:59 neurogeek Exp $
EAPI="4"
-
PYTHON_DEPEND="2"
PYTHON_USE_WITH="xml threads"
@@ -68,8 +67,7 @@ DEPEND="${CDEPEND}
hvm? (
x11-proto/xproto
sys-devel/dev86
- )
- pygrub? ( dev-lang/python[ncurses] )
+ ) pygrub? ( dev-lang/python[ncurses] )
"
RDEPEND="${CDEPEND}
@@ -139,6 +137,7 @@ src_prepare() {
# if the user *really* wants to use their own custom-cflags, let them
if use custom-cflags; then
einfo "User wants their own CFLAGS - removing defaults"
+
# try and remove all the default custom-cflags
find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
@@ -237,11 +236,11 @@ src_install() {
-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
-i tools/examples/xl.conf || die
- dodoc README docs/README.xen-bugtool docs/ChangeLog
+# dodoc README docs/README.xen-bugtool docs/ChangeLog
if use doc; then
emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
- dohtml -r docs/api/
+ dohtml -r docs/api/
docinto pdf
dodoc ${DOCS[@]}
#docs/api/tools/python/latex/refman.pdf
@@ -266,6 +265,7 @@ src_install() {
keepdir /var/log/xen-consoles
fi
+ python_convert_shebangs -r 2 "${ED}"
# xend expects these to exist
keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
@@ -321,4 +321,4 @@ pkg_postinst() {
pkg_postrm() {
python_mod_cleanup $(use pygrub && echo grub) xen
-}
+}
\ No newline at end of file
diff --git a/app-emulation/xen-tools/xen-tools-9999.ebuild b/app-emulation/xen-tools/xen-tools-9999.ebuild
index d9b8b0a..7a66079 100644
--- a/app-emulation/xen-tools/xen-tools-9999.ebuild
+++ b/app-emulation/xen-tools/xen-tools-9999.ebuild
@@ -3,9 +3,8 @@
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-9999.ebuild,v 1.7 2011/10/23 10:49:29 patrick Exp $
EAPI="4"
-
PYTHON_DEPEND="2"
-PYTHON_USE_WITH="xml"
+PYTHON_USE_WITH="xml threads"
if [[ $PV == *9999 ]]; then
KEYWORDS=""
@@ -31,6 +30,13 @@ LICENSE="GPL-2"
SLOT="0"
IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen xend"
+REQUIRED_USE="hvm? ( qemu )"
+
+QA_PRESTRIPPED="/usr/share/xen/qemu/openbios-ppc \
+ /usr/share/xen/qemu/openbios-sparc64 \
+ /usr/share/xen/qemu/openbios-sparc32"
+QA_WX_LOAD=${QA_PRESTRIPPED}
+
CDEPEND="<dev-libs/yajl-2
dev-python/lxml
dev-python/pypam
@@ -47,7 +53,7 @@ DEPEND="${CDEPEND}
dev-ml/findlib
doc? (
app-doc/doxygen
- dev-tex/latex2html
+ dev-tex/latex2html[png,gif]
media-gfx/transfig
media-gfx/graphviz
dev-tex/xcolor
@@ -61,7 +67,8 @@ DEPEND="${CDEPEND}
hvm? (
x11-proto/xproto
sys-devel/dev86
- )"
+ ) pygrub? ( dev-lang/python[ncurses] )
+ "
RDEPEND="${CDEPEND}
sys-apps/iproute2
@@ -117,26 +124,8 @@ pkg_setup() {
die "latex2html missing both png and gif flags"
fi
- if use pygrub && ! has_version "dev-lang/python[ncurses]"; then
- eerror "USE=pygrub requires python to be built with ncurses support. Please add"
- eerror "'ncurses' to your use flags and re-emerge python"
- die "python is missing ncurses flags"
- fi
-
- if ! has_version "dev-lang/python[threads]"; then
- eerror "Python is required to be built with threading support. Please add"
- eerror "'threads' to your use flags and re-emerge python"
- die "python is missing threads flags"
- fi
-
use api && export "LIBXENAPI_BINDINGS=y"
use flask && export "FLASK_ENABLE=y"
-
- if use hvm && ! use qemu; then
- elog "With qemu disabled, it is not possible to use HVM machines " \
- "or PVM machines with a framebuffer attached in the kernel config" \
- "The addition of use flag qemu is required when use flag hvm ise selected"
- fi
}
src_prepare() {
@@ -155,6 +144,7 @@ src_prepare() {
# if the user *really* wants to use their own custom-cflags, let them
if use custom-cflags; then
einfo "User wants their own CFLAGS - removing defaults"
+
# try and remove all the default custom-cflags
find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
@@ -179,7 +169,7 @@ src_prepare() {
# Don't bother with qemu, only needed for fully virtualised guests
if ! use qemu; then
sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
- sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
+ sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
fi
# Fix build for gcc-4.6
@@ -219,7 +209,7 @@ src_install() {
export INITD_DIR=/etc/init.d
export CONFIG_LEAF_DIR=default
- emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools
+ emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools
python_convert_shebangs -r 2 "${ED}"
# Remove RedHat-specific stuff
@@ -231,29 +221,26 @@ src_install() {
-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
-i tools/examples/xl.conf || die
- dodoc README docs/README.xen-bugtool docs/ChangeLog
if use doc; then
- emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs \
- || die "install docs failed"
+ emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
dohtml -r docs/api/
docinto pdf
dodoc ${DOCS[@]}
-#docs/api/tools/python/latex/refman.pdf
[ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
fi
rm -rf "${ED}"/usr/share/doc/xen/
doman docs/man?/*
if use xend; then
- newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
+ newinitd "${FILESDIR}"/xend.initd-r2 xend
fi
-
newconfd "${FILESDIR}"/xendomains.confd xendomains
- newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
newconfd "${FILESDIR}"/xenstored.confd xenstored
- newinitd "${FILESDIR}"/xenstored.initd xenstored
- newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
+ newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
+ newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
+ newinitd "${FILESDIR}"/xenstored.initd xenstored \
+ "${FILESDIR}"/xenconsoled.initd xenconsoled
if use screen; then
cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
@@ -261,6 +248,7 @@ src_install() {
keepdir /var/log/xen-consoles
fi
+ python_convert_shebangs -r 2 "${ED}"
# xend expects these to exist
keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
new file mode 100644
index 0000000..61a4034
--- /dev/null
+++ b/app-emulation/xen/Manifest
@@ -0,0 +1,14 @@
+AUX Manifest 1462 RMD160 c2090ecd3fcacafcc988563676c028d8b9bd8d0c SHA1 1f1e6db2c197e9a197e876c74131fadca34944cd SHA256 fdbed299dcfeafae7b3fb738912d67f10eef61b337a0315d0b15dc6d984e69b8
+AUX xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
+AUX xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
+AUX xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
+AUX xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
+AUX xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
+AUX xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
+AUX xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
+DIST xen-3.4.2.tar.gz 11187726 RMD160 2ef81df1f44356d60e04e21df2173ce5357d8509 SHA1 3cd2cafacd52bbac2e2da1cfd846ee6260b43455 SHA256 d17c33136041cc8da69214ccf527fc48637bee7a9ab4d68a88ec50e6a9d20b0b
+DIST xen-4.1.1.tar.gz 10355625 RMD160 4b3c0641b0f098889f627662aa6b8fea00c5b636 SHA1 f1b5ef4b663c339faf9c77fc895327cfbcc9776c SHA256 246289227507466b5da8b2d0da84a5b0e68a392527b16cde38898d0348890f5b
+EBUILD xen-3.4.2-r4.ebuild 3247 RMD160 73c91e87a06e83faee786268db656531a2dbe71f SHA1 94f6be18689fd09099ad062f829358bfa159d6ef SHA256 385ddd40121b1d415214e9adc619cb39825febcaec21b7cb70c2d2f2e4b60a04
+EBUILD xen-4.1.1-r2.ebuild 3339 RMD160 d70e58cadf5b9c45d67e2c5d05a8061c67d62319 SHA1 06f5c7c6e493f47d476d08663cfdc536ac0ee760 SHA256 6f7089d85d6ab12d22d5acec4efca8a7646a9dfc3c7a6b1b030336cb77867376
+EBUILD xen-9999.ebuild 3170 RMD160 5bbc3bb7dec7d099f639334843c3c6607ff1c5c5 SHA1 799030d125b2acb9976df9e39896937a3c591973 SHA256 b75349eb41edeb16f4571355b963de576cf58e9c7d86a4c4f74d4892d43b094f
+MISC metadata.xml 581 RMD160 d22ffb491d9dad33425b97add683dd6b8b9139e1 SHA1 649f65e9fd2ab25e32394c555a24fc0f6b59c37f SHA256 1cf2cc4bb5b5278ac75e74910607518ddd2bd6454f18325319ce1ac102fab535
diff --git a/app-emulation/xen/files/Manifest b/app-emulation/xen/files/Manifest
new file mode 100644
index 0000000..236346a
--- /dev/null
+++ b/app-emulation/xen/files/Manifest
@@ -0,0 +1,7 @@
+MISC xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
+MISC xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
+MISC xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
+MISC xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
+MISC xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
+MISC xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
+MISC xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
diff --git a/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch
new file mode 100644
index 0000000..89f91a4
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch
@@ -0,0 +1,21 @@
+diff -Nru a/tools/ioemu-qemu-xen/xen-setup b/tools/ioemu-qemu-xen/xen-setup
+--- a/tools/ioemu-qemu-xen/xen-setup 2008-08-22 17:56:41.000000000 +0800
++++ b/tools/ioemu-qemu-xen/xen-setup 2009-02-20 10:55:37.000000000 +0800
+@@ -3,6 +3,8 @@
+
+ # git-clean -x -d && ./xen-setup && make prefix=/usr CMDLINE_CFLAGS='-O0 -g' -j4 && make install DESTDIR=`pwd`/dist/ prefix=/usr && rsync -a --stats --delete . thule:shadow/qemu-iwj.git/ && rsync -a --stats dist/. root@thule:/
+
++target=i386-dm
++
+ rm -f $target/Makefile
+ rm -f $target/config.mak
+ rm -f config-host.mak
+@@ -11,8 +13,6 @@
+
+ ./configure --disable-gfx-check --disable-gcc-check --disable-curses --disable-slirp "$@" --prefix=/usr
+
+-target=i386-dm
+-
+ if [ "x$XEN_ROOT" != x ]; then
+ echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak
+ fi
diff --git a/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch
new file mode 100644
index 0000000..f5cec4d
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch
@@ -0,0 +1,87 @@
+--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800
++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800
+@@ -308,19 +308,19 @@
+
+ extern struct xc_dom_loader elf_loader;
+
+-static unsigned int payload_offset(struct setup_header *hdr)
++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len)
+ {
+- unsigned int off;
++ if (len > dom->kernel_size)
++ return 0;
++
++ return (memcmp(dom->kernel_blob, magic, len) == 0);
++ }
+
+- off = (hdr->setup_sects + 1) * 512;
+- off += hdr->payload_offset;
+- return off;
+-}
+-
+-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom)
++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose)
+ {
+ struct setup_header *hdr;
+- int ret;
++ uint64_t payload_offset, payload_length;
++ /* int ret; */
+
+ if ( dom->kernel_blob == NULL )
+ {
+@@ -352,20 +352,47 @@
+ return -EINVAL;
+ }
+
+- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr);
+- dom->kernel_size = hdr->payload_length;
++ /* upcast to 64 bits to avoid overflow */
++ /* setup_sects is u8 and so cannot overflow */
++ payload_offset = (hdr->setup_sects + 1) * 512;
++ payload_offset += hdr->payload_offset;
++ payload_length = hdr->payload_length;
+
+- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
+- {
++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
++ {
+ ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
+- if ( ret == -1 )
++ if ( ret == -1 ) */
++ if ( payload_offset >= dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow",
++ __FUNCTION__);
++ return -EINVAL;
++ }
++ if ( (payload_offset + payload_length) > dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow",
++ __FUNCTION__);
++ }
++
++ dom->kernel_blob = dom->kernel_blob + payload_offset;
++ dom->kernel_size = payload_length;
++
++ if ( check_magic(dom, "\037\213", 2) )
++ {
++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 )
+ {
+- xc_dom_panic(XC_INVALID_KERNEL,
+- "%s: unable to gzip decompress kernel\n",
+- __FUNCTION__);
++ if ( verbose )
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n",
++ __FUNCTION__);
+ return -EINVAL;
+ }
+ }
++ else
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n",
++ __FUNCTION__);
++ return -EINVAL;
++ }
+ else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 )
+ {
+ ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size);
diff --git a/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch
new file mode 100644
index 0000000..7c8ff5b
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch
@@ -0,0 +1,19 @@
+diff -r 784caad93325 xen/common/keyhandler.c
+--- a/xen/common/keyhandler.c Tue Nov 10 15:03:52 2009 +0000
++++ b/xen/common/keyhandler.c Tue Jan 05 10:47:49 2010 +0000
+@@ -106,6 +106,7 @@
+ unsigned int cpu;
+
+ /* We want to get everything out that we possibly can. */
++ watchdog_disable();
+ console_start_sync();
+
+ printk("'%c' pressed -> dumping registers\n", key);
+@@ -125,6 +126,7 @@
+ printk("\n");
+
+ console_end_sync();
++ watchdog_enable();
+ }
+
+ static void dump_dom0_registers(unsigned char key)
diff --git a/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch
new file mode 100644
index 0000000..8616008
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+ Xen Security Advisory CVE-2011-2901 / XSA-4
+ revision no.2
+ Xen <= 3.3 DoS due to incorrect virtual address validation
+
+ISSUE DESCRIPTION
+=================
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half" too,
+via certain hypercalls which ignore virtual-address bits [63:48].
+Vulnerable hypercalls exist only in very old versions of the
+hypervisor.
+
+VULNERABLE SYSTEMS
+==================
+
+All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV
+guests with untrusted administrators are vulnerable.
+
+IMPACT
+======
+
+A malicious guest administrator on a vulnerable system is able to
+crash the host.
+
+There are no known further exploits but these have not been ruled out.
+
+RESOLUTION
+==========
+
+The attached patch resolves the issue.
+
+Alternatively, users may choose to upgrade to a more recent hypervisor
+
+PATCHES
+=======
+
+The following patch resolves this issue.
+
+Filename: fix-__addr_ok-limit.patch
+SHA1: f18bde8d276110451c608a16f577865aa1226b4f
+SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636
+
+This patch should apply cleanly, and fix the problem, for all affected
+versions of Xen.
+
+It is harmless when applied to later hypervisors and will be included
+in the Xen unstable branch in due course.
+
+VERSION HISTORY
+===============
+
+Analysis following version 1 of this advisory (sent out to the
+predisclosure list during the embargo period) indicates that the
+actual DoS vulnerability only exists in very old hypervisors, Xen 3.3
+and earlier, contrary to previous reports.
+
+This advisory is no longer embargoed.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP
+MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD
+7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4
+zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A
+JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT
+2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg=
+=09T8
+-----END PGP SIGNATURE-----
+
+Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half"
+too. Guests may exploit this to gain access to off-limits ranges.
+
+This issue has been assigned CVE-2011-2901.
+
+Signed-off-by: Laszlo Ersek <lersek@...hat.com>
+Signed-off-by: Ian Campbell <ian.campbell@...rix.com>
+
+diff --git a/xen/include/asm-x86/x86_64/uaccess.h
+b/xen/include/asm-x86/x86_64/uaccess.h
+--- a/xen/include/asm-x86/x86_64/uaccess.h
++++ b/xen/include/asm-x86/x86_64/uaccess.h
+@@ -34,7 +34,7 @@
+ * non-canonical address (and thus fault) before ever reaching VIRT_START.
+ */
+ #define __addr_ok(addr) \
+- (((unsigned long)(addr) < (1UL<<48)) || \
++ (((unsigned long)(addr) < (1UL<<47)) || \
+ ((unsigned long)(addr) >= HYPERVISOR_VIRT_END))
+
+ #define access_ok(addr, size) \
diff --git a/app-emulation/xen/files/xen-3.4.2-no-DMA.patch b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch
new file mode 100644
index 0000000..f04d9e2
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch
@@ -0,0 +1,71 @@
+# HG changeset patch
+# User Tim Deegan <Tim.Deegan@citrix.com>
+# Date 1313145221 -3600
+# Node ID 84e3706df07a1963e23cd3875d8603917657d462
+# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
+Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
+
+This stops the card from raising back-to-back faults and live-locking
+the CPU that handles them.
+
+Signed-off-by: Tim Deegan <tim@xen.org>
+Acked-by: Wei Wang2 <wei.wang2@amd.com>
+Acked-by: Allen M Kay <allen.m.kay@intel.com>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c.orig Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
+@@ -733,7 +733,7 @@
+ while (1)
+ {
+ u8 fault_reason;
+- u16 source_id;
++ u16 source_id, cword;
+ u32 data;
+ u64 guest_addr;
+ int type;
+@@ -766,6 +766,14 @@
+ iommu_page_fault_do_one(iommu, type, fault_reason,
+ source_id, guest_addr);
+
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++
+ fault_index++;
+ if ( fault_index > cap_num_fault_regs(iommu->cap) )
+ fault_index = 0;
+
+--- a/xen/drivers/passthrough/amd/iommu_init.c.orig Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
+@@ -415,7 +415,7 @@
+
+ static void parse_event_log_entry(u32 entry[])
+ {
+- u16 domain_id, device_id;
++ u16 domain_id, device_id, bdf, cword;
+ u32 code;
+ u64 *addr;
+ char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
+@@ -449,6 +449,18 @@
+ printk(XENLOG_ERR "AMD-Vi: "
+ "%s: domain = %d, device id = 0x%04x, fault address = 0x%"PRIx64"\n",
+ event_str[code-1], domain_id, device_id, *addr);
++
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
++ if ( get_dma_requestor_id(bdf) == device_id )
++ {
++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++ }
+ }
+ }
+
diff --git a/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch
new file mode 100644
index 0000000..7f5b3cb
--- /dev/null
+++ b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch
@@ -0,0 +1,429 @@
+diff -ur xen-3.4.2.orig//Config.mk xen-3.4.2//Config.mk
+--- xen-3.4.2.orig//Config.mk 2009-11-10 23:16:03.000000000 +0800
++++ xen-3.4.2//Config.mk 2011-09-25 02:34:11.605793042 +0800
+@@ -14,7 +14,7 @@
+
+ # Tools to run on system hosting the build
+ HOSTCC = gcc
+-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
++HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
+ HOSTCFLAGS += -fno-strict-aliasing
+
+ DISTDIR ?= $(XEN_ROOT)/dist
+diff -ur xen-3.4.2.orig//extras/mini-os/minios.mk xen-3.4.2//extras/mini-os/minios.mk
+--- xen-3.4.2.orig//extras/mini-os/minios.mk 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//extras/mini-os/minios.mk 2011-09-25 02:34:11.855793042 +0800
+@@ -6,7 +6,7 @@
+
+ # Define some default flags.
+ # NB. '-Wcast-qual' is nasty, so I omitted it.
+-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls
++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
+ DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
+ DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline)
+ DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline
+diff -ur xen-3.4.2.orig//tools/blktap/drivers/Makefile xen-3.4.2//tools/blktap/drivers/Makefile
+--- xen-3.4.2.orig//tools/blktap/drivers/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/blktap/drivers/Makefile 2011-09-25 02:34:11.750793042 +0800
+@@ -5,7 +5,7 @@
+ QCOW_UTIL = img2qcow qcow2raw qcow-create
+ LIBAIO_DIR = ../../libaio/src
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -I../lib
+ CFLAGS += $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/blktap/lib/Makefile xen-3.4.2//tools/blktap/lib/Makefile
+--- xen-3.4.2.orig//tools/blktap/lib/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/blktap/lib/Makefile 2011-09-25 02:34:11.748793042 +0800
+@@ -13,7 +13,7 @@
+ SRCS :=
+ SRCS += xenbus.c blkif.c xs_api.c
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -fPIC
+ # get asprintf():
+diff -ur xen-3.4.2.orig//tools/console/Makefile xen-3.4.2//tools/console/Makefile
+--- xen-3.4.2.orig//tools/console/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/console/Makefile 2011-09-25 02:34:11.704793042 +0800
+@@ -2,7 +2,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+ CFLAGS += $(CFLAGS_libxenstore)
+diff -ur xen-3.4.2.orig//tools/debugger/xenitp/Makefile xen-3.4.2//tools/debugger/xenitp/Makefile
+--- xen-3.4.2.orig//tools/debugger/xenitp/Makefile 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/debugger/xenitp/Makefile 2011-09-25 02:34:11.744793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-#CFLAGS += -Werror -g -O0
++#CFLAGS += -g -O0
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/firmware/Rules.mk xen-3.4.2//tools/firmware/Rules.mk
+--- xen-3.4.2.orig//tools/firmware/Rules.mk 2009-11-10 23:12:55.000000000 +0800
++++ xen-3.4.2//tools/firmware/Rules.mk 2011-09-25 02:34:11.565793045 +0800
+@@ -10,7 +10,7 @@
+ CFLAGS += -DNDEBUG
+ endif
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ # Disable PIE/SSP if GCC supports them. They can break us.
+ $(call cc-option-add,CFLAGS,CC,-nopie)
+diff -ur xen-3.4.2.orig//tools/flask/libflask/Makefile xen-3.4.2//tools/flask/libflask/Makefile
+--- xen-3.4.2.orig//tools/flask/libflask/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/flask/libflask/Makefile 2011-09-25 02:34:11.657793042 +0800
+@@ -9,7 +9,7 @@
+ SRCS :=
+ SRCS += flask_op.c
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) -I$(XEN_INCLUDE)
+
+diff -ur xen-3.4.2.orig//tools/flask/loadpolicy/Makefile xen-3.4.2//tools/flask/loadpolicy/Makefile
+--- xen-3.4.2.orig//tools/flask/loadpolicy/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/flask/loadpolicy/Makefile 2011-09-25 02:34:11.660793042 +0800
+@@ -6,7 +6,7 @@
+ LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask
+
+ PROFILE=#-pg
+-BASECFLAGS=-Wall -g -Werror
++BASECFLAGS=-Wall -g
+ BASECFLAGS+= $(PROFILE)
+ #BASECFLAGS+= -I$(XEN_ROOT)/tools
+ BASECFLAGS+= $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/fs-back/Makefile xen-3.4.2//tools/fs-back/Makefile
+--- xen-3.4.2.orig//tools/fs-back/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/fs-back/Makefile 2011-09-25 02:34:11.637793042 +0800
+@@ -5,7 +5,7 @@
+
+ IBIN = fs-backend
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -Wno-unused
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += $(CFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/configure xen-3.4.2//tools/ioemu-qemu-xen/configure
+--- xen-3.4.2.orig//tools/ioemu-qemu-xen/configure 2009-11-05 19:44:56.000000000 +0800
++++ xen-3.4.2//tools/ioemu-qemu-xen/configure 2011-09-25 02:34:11.888793042 +0800
+@@ -468,7 +468,7 @@
+ CFLAGS="$CFLAGS -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls"
+ LDFLAGS="$LDFLAGS -g"
+ if test "$werror" = "yes" ; then
+-CFLAGS="$CFLAGS -Werror"
++CFLAGS="$CFLAGS"
+ fi
+
+ if test "$solaris" = "no" ; then
+@@ -1150,7 +1150,7 @@
+ echo "sparse enabled $sparse"
+ echo "profiler $profiler"
+ echo "static build $static"
+-echo "-Werror enabled $werror"
++
+ if test "$darwin" = "yes" ; then
+ echo "Cocoa support $cocoa"
+ fi
+diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target
+--- xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:33:23.946793064 +0800
++++ xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:34:11.584793042 +0800
+@@ -26,7 +26,7 @@
+ TARGET_PATH=$(SRC_PATH)/target-$(TARGET_BASE_ARCH)
+ VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw
+ CPPFLAGS=-I. -I.. -I$(TARGET_PATH) -I$(SRC_PATH) -MMD -MT $@ -MP -DNEED_CPU_H
+-#CFLAGS+=-Werror
++#CFLAGS+=
+ LIBS=
+ # user emulator name
+ ifndef TARGET_ARCH2
+diff -ur xen-3.4.2.orig//tools/libaio/harness/Makefile xen-3.4.2//tools/libaio/harness/Makefile
+--- xen-3.4.2.orig//tools/libaio/harness/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libaio/harness/Makefile 2011-09-25 02:34:11.674793042 +0800
+@@ -4,7 +4,7 @@
+ HARNESS_SRCS:=main.c
+ # io_queue.c
+
+-CFLAGS=-Wall -Werror -g -O -laio
++CFLAGS=-Wall -g -O -laio
+ #-lpthread -lrt
+
+ all: $(PROGS)
+diff -ur xen-3.4.2.orig//tools/libfsimage/Rules.mk xen-3.4.2//tools/libfsimage/Rules.mk
+--- xen-3.4.2.orig//tools/libfsimage/Rules.mk 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libfsimage/Rules.mk 2011-09-25 02:34:11.566793044 +0800
+@@ -1,6 +1,6 @@
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ -Werror
++CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/
+ LDFLAGS += -L../common/
+
+ PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
+diff -ur xen-3.4.2.orig//tools/libxc/Makefile xen-3.4.2//tools/libxc/Makefile
+--- xen-3.4.2.orig//tools/libxc/Makefile 2011-09-25 02:33:23.987793064 +0800
++++ xen-3.4.2//tools/libxc/Makefile 2011-09-25 02:34:11.687793042 +0800
+@@ -52,7 +52,7 @@
+
+ -include $(XEN_TARGET_ARCH)/Makefile
+
+-CFLAGS += -Werror -Wmissing-prototypes
++CFLAGS += -Wmissing-prototypes
+ CFLAGS += $(INCLUDES) -I. -I../xenstore -I../include
+
+ # Needed for posix_fadvise64() in xc_linux.c
+diff -ur xen-3.4.2.orig//tools/libxen/Makefile.dist xen-3.4.2//tools/libxen/Makefile.dist
+--- xen-3.4.2.orig//tools/libxen/Makefile.dist 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/libxen/Makefile.dist 2011-09-25 02:34:11.593793042 +0800
+@@ -22,7 +22,7 @@
+ CFLAGS = -Iinclude \
+ $(shell xml2-config --cflags) \
+ $(shell curl-config --cflags) \
+- -W -Wall -Wmissing-prototypes -Werror -std=c99 -O2 -fPIC
++ -W -Wall -Wmissing-prototypes -std=c99 -O2 -fPIC
+
+ LDFLAGS = $(shell xml2-config --libs) \
+ $(shell curl-config --libs)
+diff -ur xen-3.4.2.orig//tools/misc/lomount/Makefile xen-3.4.2//tools/misc/lomount/Makefile
+--- xen-3.4.2.orig//tools/misc/lomount/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/misc/lomount/Makefile 2011-09-25 02:34:11.666793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ HDRS = $(wildcard *.h)
+ OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
+diff -ur xen-3.4.2.orig//tools/misc/Makefile xen-3.4.2//tools/misc/Makefile
+--- xen-3.4.2.orig//tools/misc/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/misc/Makefile 2011-09-25 02:34:11.669793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ INCLUDES += -I $(XEN_XC)
+ INCLUDES += -I $(XEN_LIBXC)
+diff -ur xen-3.4.2.orig//tools/pygrub/setup.py xen-3.4.2//tools/pygrub/setup.py
+--- xen-3.4.2.orig//tools/pygrub/setup.py 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/pygrub/setup.py 2011-09-25 02:34:11.901793042 +0800
+@@ -3,7 +3,7 @@
+ import os
+ import sys
+
+-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_compile_args = [ "-fno-strict-aliasing" ]
+
+ XEN_ROOT = "../.."
+
+diff -ur xen-3.4.2.orig//tools/python/setup.py xen-3.4.2//tools/python/setup.py
+--- xen-3.4.2.orig//tools/python/setup.py 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/python/setup.py 2011-09-25 02:34:11.897793042 +0800
+@@ -4,7 +4,7 @@
+
+ XEN_ROOT = "../.."
+
+-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
++extra_compile_args = [ "-fno-strict-aliasing" ]
+
+ include_dirs = [ XEN_ROOT + "/tools/libxc",
+ XEN_ROOT + "/tools/xenstore",
+diff -ur xen-3.4.2.orig//tools/security/Makefile xen-3.4.2//tools/security/Makefile
+--- xen-3.4.2.orig//tools/security/Makefile 2009-11-10 23:12:56.000000000 +0800
++++ xen-3.4.2//tools/security/Makefile 2011-09-25 02:34:11.701793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT = ../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -fno-strict-aliasing
+ CFLAGS += -I. $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/vnet/libxutil/Makefile xen-3.4.2//tools/vnet/libxutil/Makefile
+--- xen-3.4.2.orig//tools/vnet/libxutil/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vnet/libxutil/Makefile 2011-09-25 02:34:11.694793042 +0800
+@@ -25,7 +25,7 @@
+ PIC_OBJS := $(LIB_SRCS:.c=.opic)
+
+ $(call cc-option-add,CFLAGS,CC,-fgnu89-inline)
+-CFLAGS += -Werror -fno-strict-aliasing
++CFLAGS += -fno-strict-aliasing
+ CFLAGS += -O3
+ #CFLAGS += -g
+
+diff -ur xen-3.4.2.orig//tools/vtpm/Rules.mk xen-3.4.2//tools/vtpm/Rules.mk
+--- xen-3.4.2.orig//tools/vtpm/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vtpm/Rules.mk 2011-09-25 02:34:11.563793044 +0800
+@@ -9,7 +9,7 @@
+ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
+
+ # General compiler flags
+-CFLAGS = -Werror -g3 -I.
++CFLAGS = -g3 -I.
+
+ # Generic project files
+ HDRS = $(wildcard *.h)
+diff -ur xen-3.4.2.orig//tools/vtpm_manager/Rules.mk xen-3.4.2//tools/vtpm_manager/Rules.mk
+--- xen-3.4.2.orig//tools/vtpm_manager/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/vtpm_manager/Rules.mk 2011-09-25 02:34:11.562793042 +0800
+@@ -9,7 +9,7 @@
+ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
+
+ # General compiler flags
+-CFLAGS = -Werror -g3 -I.
++CFLAGS = -g3 -I.
+
+ # Generic project files
+ HDRS = $(wildcard *.h)
+diff -ur xen-3.4.2.orig//tools/xcutils/Makefile xen-3.4.2//tools/xcutils/Makefile
+--- xen-3.4.2.orig//tools/xcutils/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xcutils/Makefile 2011-09-25 02:34:11.636793042 +0800
+@@ -11,7 +11,7 @@
+ XEN_ROOT = ../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxenstore)
+
+ PROGRAMS = xc_restore xc_save readnotes lsevtchn
+diff -ur xen-3.4.2.orig//tools/xenmon/Makefile xen-3.4.2//tools/xenmon/Makefile
+--- xen-3.4.2.orig//tools/xenmon/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenmon/Makefile 2011-09-25 02:34:11.641793042 +0800
+@@ -13,7 +13,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -I $(XEN_XC)
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDFLAGS += $(LDFLAGS_libxenctrl)
+diff -ur xen-3.4.2.orig//tools/xenpmd/Makefile xen-3.4.2//tools/xenpmd/Makefile
+--- xen-3.4.2.orig//tools/xenpmd/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenpmd/Makefile 2011-09-25 02:34:11.656793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += $(CFLAGS_libxenstore)
+ LDFLAGS += $(LDFLAGS_libxenstore)
+
+diff -ur xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile xen-3.4.2//tools/xenstat/libxenstat/Makefile
+--- xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstat/libxenstat/Makefile 2011-09-25 02:34:11.681793042 +0800
+@@ -34,7 +34,7 @@
+ OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
+ SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
+
+-WARN_FLAGS=-Wall -Werror
++WARN_FLAGS=-Wall
+
+ CFLAGS+=-Isrc -I$(XEN_LIBXC) -I$(XEN_XENSTORE) -I$(XEN_INCLUDE)
+ LDFLAGS+=-Lsrc -L$(XEN_XENSTORE)/ -L$(XEN_LIBXC)/
+diff -ur xen-3.4.2.orig//tools/xenstat/xentop/Makefile xen-3.4.2//tools/xenstat/xentop/Makefile
+--- xen-3.4.2.orig//tools/xenstat/xentop/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstat/xentop/Makefile 2011-09-25 02:34:11.684793042 +0800
+@@ -18,7 +18,7 @@
+ all install xentop:
+ else
+
+-CFLAGS += -DGCC_PRINTF -Wall -Werror -I$(XEN_LIBXENSTAT)
++CFLAGS += -DGCC_PRINTF -Wall -I$(XEN_LIBXENSTAT)
+ LDFLAGS += -L$(XEN_LIBXENSTAT)
+ LDLIBS += -lxenstat $(CURSES_LIBS) $(SOCKET_LIBS)
+ CFLAGS += -DHOST_$(XEN_OS)
+diff -ur xen-3.4.2.orig//tools/xenstore/Makefile xen-3.4.2//tools/xenstore/Makefile
+--- xen-3.4.2.orig//tools/xenstore/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstore/Makefile 2011-09-25 02:34:11.640793042 +0800
+@@ -4,7 +4,7 @@
+ MAJOR = 3.0
+ MINOR = 0
+
+-CFLAGS += -Werror
++CFLAGS +=
+ CFLAGS += -I.
+ CFLAGS += $(CFLAGS_libxenctrl)
+
+diff -ur xen-3.4.2.orig//tools/xenstore/xenstored_core.c xen-3.4.2//tools/xenstore/xenstored_core.c
+--- xen-3.4.2.orig//tools/xenstore/xenstored_core.c 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xenstore/xenstored_core.c 2011-09-25 02:34:11.845793042 +0800
+@@ -865,7 +865,7 @@
+ {
+ unsigned int offset, datalen;
+ struct node *node;
+- char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */
++ char *vec[1] = { NULL }; /* gcc4 + -W + fucks code. */
+ char *name;
+
+ /* Extra "strings" can be created by binary data. */
+diff -ur xen-3.4.2.orig//tools/xentrace/Makefile xen-3.4.2//tools/xentrace/Makefile
+--- xen-3.4.2.orig//tools/xentrace/Makefile 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//tools/xentrace/Makefile 2011-09-25 02:34:11.745793042 +0800
+@@ -1,7 +1,7 @@
+ XEN_ROOT=../..
+ include $(XEN_ROOT)/tools/Rules.mk
+
+-CFLAGS += -Werror
++CFLAGS +=
+
+ CFLAGS += $(CFLAGS_libxenctrl)
+ LDFLAGS += $(LDFLAGS_libxenctrl)
+Only in xen-3.4.2/: Werror.sh
+diff -ur xen-3.4.2.orig//xen/arch/ia64/Rules.mk xen-3.4.2//xen/arch/ia64/Rules.mk
+--- xen-3.4.2.orig//xen/arch/ia64/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/ia64/Rules.mk 2011-09-25 02:34:11.570793042 +0800
+@@ -68,7 +68,7 @@
+ CFLAGS += -DCONFIG_XEN_IA64_TLBFLUSH_CLOCK
+ endif
+ ifeq ($(no_warns),y)
+-CFLAGS += -Wa,--fatal-warnings -Werror -Wno-uninitialized
++CFLAGS += -Wa,--fatal-warnings -Wno-uninitialized
+ endif
+ ifneq ($(vhpt_disable),y)
+ CFLAGS += -DVHPT_ENABLED=1
+diff -ur xen-3.4.2.orig//xen/arch/x86/boot/build32.mk xen-3.4.2//xen/arch/x86/boot/build32.mk
+--- xen-3.4.2.orig//xen/arch/x86/boot/build32.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/x86/boot/build32.mk 2011-09-25 02:34:11.914793042 +0800
+@@ -8,7 +8,7 @@
+ $(call cc-option-add,CFLAGS,CC,-fno-stack-protector)
+ $(call cc-option-add,CFLAGS,CC,-fno-stack-protector-all)
+
+-CFLAGS += -Werror -fno-builtin -msoft-float
++CFLAGS += -fno-builtin -msoft-float
+
+ # NB. awk invocation is a portable alternative to 'head -n -1'
+ %.S: %.bin
+diff -ur xen-3.4.2.orig//xen/arch/x86/Rules.mk xen-3.4.2//xen/arch/x86/Rules.mk
+--- xen-3.4.2.orig//xen/arch/x86/Rules.mk 2009-11-10 23:12:57.000000000 +0800
++++ xen-3.4.2//xen/arch/x86/Rules.mk 2011-09-25 02:34:11.572793042 +0800
+@@ -17,7 +17,7 @@
+ endif
+
+ CFLAGS += -fno-builtin -fno-common
+-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
+ CFLAGS += -I$(BASEDIR)/include
+ CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic
+ CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
\ No newline at end of file
diff --git a/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch
new file mode 100644
index 0000000..737c2bd
--- /dev/null
+++ b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch
@@ -0,0 +1,74 @@
+
+# HG changeset patch
+# User Tim Deegan <Tim.Deegan@citrix.com>
+# Date 1313145221 -3600
+# Node ID 84e3706df07a1963e23cd3875d8603917657d462
+# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
+Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
+
+This stops the card from raising back-to-back faults and live-locking
+the CPU that handles them.
+
+Signed-off-by: Tim Deegan <tim@xen.org>
+Acked-by: Wei Wang2 <wei.wang2@amd.com>
+Acked-by: Allen M Kay <allen.m.kay@intel.com>
+
+diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/amd/iommu_init.c
+--- a/xen/drivers/passthrough/amd/iommu_init.c Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
+@@ -462,7 +462,7 @@
+
+ static void parse_event_log_entry(u32 entry[])
+ {
+- u16 domain_id, device_id;
++ u16 domain_id, device_id, bdf, cword;
+ u32 code;
+ u64 *addr;
+ char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
+@@ -497,6 +497,18 @@
+ "%s: domain = %d, device id = 0x%04x, "
+ "fault address = 0x%"PRIx64"\n",
+ event_str[code-1], domain_id, device_id, *addr);
++
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
++ if ( get_dma_requestor_id(bdf) == device_id )
++ {
++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
++ PCI_FUNC(bdf), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++ }
+ }
+ else
+ {
+diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/vtd/iommu.c
+--- a/xen/drivers/passthrough/vtd/iommu.c Mon Jul 25 16:48:39 2011 +0100
++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
+@@ -893,7 +893,7 @@
+ while (1)
+ {
+ u8 fault_reason;
+- u16 source_id;
++ u16 source_id, cword;
+ u32 data;
+ u64 guest_addr;
+ int type;
+@@ -926,6 +926,14 @@
+ iommu_page_fault_do_one(iommu, type, fault_reason,
+ source_id, guest_addr);
+
++ /* Tell the device to stop DMAing; we can't rely on the guest to
++ * control it for us. */
++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND);
++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
++ PCI_FUNC(source_id), PCI_COMMAND,
++ cword & ~PCI_COMMAND_MASTER);
++
+ fault_index++;
+ if ( fault_index > cap_num_fault_regs(iommu->cap) )
+ fault_index = 0;
+
diff --git a/app-emulation/xen/metadata.xml b/app-emulation/xen/metadata.xml
new file mode 100644
index 0000000..6550459
--- /dev/null
+++ b/app-emulation/xen/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>xen</herd>
+ <maintainer>
+ <email>johneed@hotmail.com</email>
+ <name>Ian Delaney aka idella4 proxy maintainer</name>
+ </maintainer>
+ <use>
+ <flag name='acm'>Enable the ACM/sHype XSM module from IBM</flag>
+ <flag name='flask'>Enable the Flask XSM module from NSA</flag>
+ <flag name='pae'>Enable support for PAE kernels (usually x86-32 with >4GB memory)</flag>
+ <flag name='xsm'>Enable the Xen Security Modules (XSM)</flag>
+ </use>
+</pkgmetadata>
diff --git a/app-emulation/xen/xen-3.4.2-r4.ebuild b/app-emulation/xen/xen-3.4.2-r4.ebuild
new file mode 100644
index 0000000..643ade2
--- /dev/null
+++ b/app-emulation/xen/xen-3.4.2-r4.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.3 2011/10/15 19:38:16 hwoarang Exp $
+
+EAPI=2
+
+inherit mount-boot flag-o-matic toolchain-funcs base
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="debug custom-cflags pae acm flask xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )
+ >=sys-kernel/xen-sources-2.6.18"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+PATCHES=(
+ "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch
+ "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch
+ "${FILESDIR}/"${P}-no-DMA.patch
+ "${FILESDIR}/"${P}-werror-idiocy.patch
+ "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch
+ "${FILESDIR}/"${P}-CVE-2011-1583.patch
+)
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+pkg_setup() {
+ if [ -x "${S}/.config/" ]; then
+ die "You will need to remove ${S}/.config by hand"
+ fi
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use xsm ; then
+ export "XSM_ENABLE=y"
+ use acm && export "ACM_SECURITY=y"
+ if use flask ; then
+ ! use acm && export "FLASK_ENABLE=y"
+ use acm && ewarn "Both acm and flask XSM specified, defaulting to acm."
+ fi
+ elif use acm || use flask ; then
+ ewarn "acm and flask require USE=xsm to be set, dropping use flags"
+ fi
+}
+
+src_prepare() {
+ base_src_prepare
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+}
+
+src_compile() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed"
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
diff --git a/app-emulation/xen/xen-4.1.1-r2.ebuild b/app-emulation/xen/xen-4.1.1-r2.ebuild
new file mode 100644
index 0000000..4b3a74b
--- /dev/null
+++ b/app-emulation/xen/xen-4.1.1-r2.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.1.1-r2.ebuild,v 1.7 2011/11/08 23:46:38 mr_bones_ Exp $
+
+EAPI="4"
+
+if [[ $PV == *9999 ]]; then
+ KEYWORDS=""
+ REPO="xen-unstable.hg"
+ EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+ S="${WORKDIR}/${REPO}"
+ live_eclass="mercurial"
+else
+ KEYWORDS="amd64 x86"
+ SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+fi
+
+inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug flask pae xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="
+ flask? ( xsm )
+ "
+
+pkg_setup() {
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ elif use xsm ; then
+ export "XSM_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \; || die "failed to set custom-cflags"
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /' || die "failed to remove -Werror"
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to remove -Werror on setup.py"
+
+ # Add sccurity fix bug #379241
+ epatch "${FILESDIR}/${P}-iommu_sec_fix.patch"
+}
+
+src_configure() {
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
diff --git a/app-emulation/xen/xen-9999.ebuild b/app-emulation/xen/xen-9999.ebuild
new file mode 100644
index 0000000..c3e1126
--- /dev/null
+++ b/app-emulation/xen/xen-9999.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-9999.ebuild,v 1.4 2011/09/11 14:48:15 alexxy Exp $
+
+EAPI="4"
+
+if [[ $PV == *9999 ]]; then
+ KEYWORDS=""
+ REPO="xen-unstable.hg"
+ EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+ S="${WORKDIR}/${REPO}"
+ live_eclass="mercurial"
+else
+ KEYWORDS="~amd64 ~x86"
+ SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+fi
+
+inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug flask pae xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="flask? ( xsm )"
+
+pkg_setup() {
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ elif use xsm ; then
+ export "XSM_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /'
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+}
+
+src_configure() {
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-11-28 18:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-28 18:15 [gentoo-commits] proj/virtualization:master commit in: app-emulation/xen/, app-emulation/xen-tools/, app-emulation/, Ian Delaney
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox