aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-08-11 15:33:46 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-08-15 16:30:06 +0000
commitc79838c3a14eed1cee24731f89d7b1171751d304 (patch)
tree486c75133ee1072075d9782672c09b39b9308013 /main/xen
parentee4ffbb28c8a78a28e0315d7050f8837fa316dc5 (diff)
downloadaports-c79838c3a14eed1cee24731f89d7b1171751d304.tar.bz2
aports-c79838c3a14eed1cee24731f89d7b1171751d304.tar.xz
main/xen: upgrade to 4.7.0 and add secfixes
Diffstat (limited to 'main/xen')
-rw-r--r--main/xen/APKBUILD112
-rw-r--r--main/xen/gcc5-cflags.patch21
-rw-r--r--main/xen/gnutls-3.4.0.patch36
-rw-r--r--main/xen/init-xenstore-domain.patch10
-rw-r--r--main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch68
-rw-r--r--main/xen/patch-gcc6-etherboot-e1000_phy.c.patch20
-rw-r--r--main/xen/patch-gcc6-etherboot-igb_phy.c.patch20
-rw-r--r--main/xen/patch-gcc6-etherboot-no-pie.patch13
-rw-r--r--main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch257
-rw-r--r--main/xen/patch-gcc6-etherboot-via-rhine.c.patch21
-rw-r--r--main/xen/patch-gcc6-etherboot-via-velocity.c.patch12
-rw-r--r--main/xen/rombios-no-pie.patch26
-rw-r--r--main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch41
-rw-r--r--main/xen/xsa182-unstable.patch102
-rw-r--r--main/xen/xsa183-unstable.patch75
-rw-r--r--main/xen/xsa184-qemut-master.patch43
-rw-r--r--main/xen/xsa184-qemuu-master.patch43
17 files changed, 797 insertions, 123 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index afc4cf7a70..dfb40dde2e 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
-pkgver=4.6.3
-pkgrel=1
+pkgver=4.7.0
+pkgrel=0
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86_64 armhf"
@@ -15,6 +15,12 @@ depends_dev="openssl-dev python-dev e2fsprogs-dev gettext zlib-dev ncurses-dev
e2fsprogs-dev linux-headers argp-standalone"
makedepends="$depends_dev autoconf automake libtool "
+# secfixes:
+# 4.7.0-r0:
+# - CVE-2016-6258 XSA-182
+# - CVE-2016-6259 XSA-183
+# - CVE-2016-5403 XSA-184
+
case "$CARCH" in
x86*)
depends="$depends syslinux"
@@ -53,14 +59,17 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
http://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz
http://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz
+ xsa182-unstable.patch
+ xsa183-unstable.patch
+ xsa184-qemut-master.patch
+ xsa184-qemuu-master.patch
+
qemu-coroutine-gthread.patch
qemu-xen_paths.patch
hotplug-vif-vtrill.patch
+ rombios-no-pie.patch
0001-ipxe-dont-clobber-ebp.patch
- gcc5-cflags.patch
-
- init-xenstore-domain.patch
musl-support.patch
musl-hvmloader-fix-stdint.patch
@@ -70,6 +79,21 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xen-hotplug-lockfd.patch
xen-fd-is-file.c
+ patch-gcc6-etherboot-nonnull-compare.patch::https://git.ipxe.org/ipxe.git/patch/e2f14c2f8c10674dbbd4f1228d79dc4c9be213b5
+ patch-gcc6-etherboot-rm-unused-string-functions.patch
+ patch-gcc6-etherboot-nic.c.patch::https://git.ipxe.org/ipxe.git/patch/a5885fbc19c4b60dc1a21624d1a9d1b77a93504e
+ patch-gcc6-etherboot-ath.patch::https://git.ipxe.org/ipxe.git/patch/63037bdce4a325e5e1da85ffcdf27b77ac670c01
+ patch-gcc6-etherboot-sis190.patch::https://git.ipxe.org/ipxe.git/patch/65b32a0b7000f70a5bb1d33190d40f9b04c93172
+ patch-gcc6-etherboot-skge.patch::https://git.ipxe.org/ipxe.git/patch/76ec2a0540b25dbd183b9ce185583a4b24278cf1
+ patch-gcc6-etherboot-via-velocity.c.patch
+ patch-gcc6-etherboot-via-rhine.c.patch
+ patch-gcc6-etherboot-e1000_phy.c.patch
+ patch-gcc6-etherboot-igb_phy.c.patch
+ patch-gcc6-etherboot-ath9k-9287-array.patch
+ patch-gcc6-etherboot-no-pie.patch
+ patch-gcc6-etherboot-link-header.patch::https://git.ipxe.org/ipxe.git/patch/6324bd9389521c7e86384591f41eb78a81e9af47
+ patch-gcc6-etherboot-eth_broadcast.patch::https://git.ipxe.org/ipxe.git/patch/1cbb1581f16e235fafc963c906ad02b38d5457bd
+
xenstored.initd
xenstored.confd
xenconsoled.initd
@@ -84,11 +108,18 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
_builddir="$srcdir"/$pkgname-$pkgver
_seabios=/usr/share/seabios/bios-256k.bin
prepare() {
- local i _failed=
+ local i _failed= _series=
cd "$_builddir"
for i in $source; do
case $i in
+ *-etherboot-*)
+ p=${i%%::*}
+ p=${p##*/}
+ msg "adding to ipxe: $p"
+ cp "$srcdir"/$p tools/firmware/etherboot/patches/
+ echo "$p" >> tools/firmware/etherboot/patches/series
+ ;;
*.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \
|| _failed="$_failed $i"
;;
@@ -245,7 +276,7 @@ hypervisor() {
mv "$pkgdir"/boot "$subpkgdir"/
}
-md5sums="26419d8477082dbdb32ec75b00f00643 xen-4.6.3.tar.gz
+md5sums="3aa4e01bf37a3a5bc8572907cb88e649 xen-4.7.0.tar.gz
dd60683d7057917e34630b4a787932e8 gmp-4.3.2.tar.bz2
cd3f3eb54446be6003156158d51f4884 grub-0.97.tar.gz
36cc57650cffda9a0269493be2a169bb lwip-1.3.0.tar.gz
@@ -255,18 +286,35 @@ cec05e7785497c5e19da2f114b934ffd pciutils-2.2.9.tar.bz2
e26becb8a6a2b6695f6b3e8097593db8 tpm_emulator-0.7.4.tar.gz
debc62758716a169df9f62e6ab2bc634 zlib-1.2.3.tar.gz
7496268cebf47d5c9ccb0696e3b26065 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz
+d162fdb5a2def649a18e377dfb8c618e xsa182-unstable.patch
+4e89035687d1fcdabe34610f947871ae xsa183-unstable.patch
+95bc220677fc2bb9a3df4dc14a0b31f6 xsa184-qemut-master.patch
+cc0904605d03a9e4f6f21d16824e41c9 xsa184-qemuu-master.patch
de1a3db370b87cfb0bddb51796b50315 qemu-coroutine-gthread.patch
08bfdf8caff5d631f53660bf3fd4edaf qemu-xen_paths.patch
e449bb3359b490804ffc7b0ae08d62a0 hotplug-vif-vtrill.patch
+5fab5487fe92fa29302db9ccb04af564 rombios-no-pie.patch
3a04998db5cc3c5c86f3b46e97e9cd82 0001-ipxe-dont-clobber-ebp.patch
-a0b70cd1190345396d97170bf2d11663 gcc5-cflags.patch
-cadc904edee45ea4824439b1e9558b37 init-xenstore-domain.patch
0984e3000de17a6d14b8014a3ced46a4 musl-support.patch
513456607a2adfaa0baf1e3ae5124b23 musl-hvmloader-fix-stdint.patch
c9313a790faa727205627a1657b9bf06 stdint_local.h
c13f954d041a6fa78d0d241ad1780c0b elf_local.h
750138c31ec96d1a11fe0c665ac07e9e xen-hotplug-lockfd.patch
649f77b90978cd2b6d506ac44ec6c393 xen-fd-is-file.c
+ea983c48b69eea3885627b2c8da8afec patch-gcc6-etherboot-nonnull-compare.patch
+c1b73e5b708002b77b50827742c3af09 patch-gcc6-etherboot-rm-unused-string-functions.patch
+e10ec3a62e8dc47052b8d8be77520af7 patch-gcc6-etherboot-nic.c.patch
+78433fdb5ed0d9f71a1d2b8103a886c9 patch-gcc6-etherboot-ath.patch
+83b0416745dffdfedec8caab7d20b758 patch-gcc6-etherboot-sis190.patch
+24ece1158115e508e6a5db0a086f065c patch-gcc6-etherboot-skge.patch
+465ca7d4841fe34b7b4d9d99257cd092 patch-gcc6-etherboot-via-velocity.c.patch
+b136a8d31272eec48c766065bba260ca patch-gcc6-etherboot-via-rhine.c.patch
+ef2d246f23e5ca152a4057617041bac6 patch-gcc6-etherboot-e1000_phy.c.patch
+05b86753c6e6ca90af038b499fd564f0 patch-gcc6-etherboot-igb_phy.c.patch
+74a5f930491bbc4333c84fff36029a1c patch-gcc6-etherboot-ath9k-9287-array.patch
+567de70c3355c9724ebfdb02d7806435 patch-gcc6-etherboot-no-pie.patch
+4ae9e861dc0a9b1873236399ba8cff6d patch-gcc6-etherboot-link-header.patch
+ce606e447bc4884dffc59080cd10acfd patch-gcc6-etherboot-eth_broadcast.patch
4aeda68bf5b168019762fcf6edb661d3 xenstored.initd
d86504e12f05deca6b3eeeb90157160e xenstored.confd
d1dd5fc9a8b00f7373d789f9b5a605b9 xenconsoled.initd
@@ -276,7 +324,7 @@ dcdd1de2c29e469e834a02ede4f47806 xendomains.confd
9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate
6a2f777c16678d84039acf670d86fff6 xenqemu.confd
e1c9e1c83a5cc49224608a48060bd677 xenqemu.initd"
-sha256sums="02badfce9a037bd1bd4a94210c1f6b85467746216c71795805102b514bcf1fc4 xen-4.6.3.tar.gz
+sha256sums="be5876144d49729572ae06142e0bb93f1c1f2695578141eff2931995add24623 xen-4.7.0.tar.gz
936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775 gmp-4.3.2.tar.bz2
4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b grub-0.97.tar.gz
772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f lwip-1.3.0.tar.gz
@@ -286,18 +334,35 @@ f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24 pciutils-2.2.9
4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459 tpm_emulator-0.7.4.tar.gz
1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e zlib-1.2.3.tar.gz
632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz
+303400b9a832a3c1d423cc2cc97c2f00482793722f9ef7dd246783a049ac2792 xsa182-unstable.patch
+ea0ea4b294332814330f222e6d78eea3b19c394eac8ae22feb4a5bd21e90331f xsa183-unstable.patch
+88c939c64b8f9fc9f86d0a30517d5455462d1ff837aa4285a9cb189b54c0cf20 xsa184-qemut-master.patch
+3877e19992c4532b8b2a37e151fe6a6187a1bbee2b54c1718b995260bb0fcf65 xsa184-qemuu-master.patch
3941f99b49c7e8dafc9fae8aad2136a14c6d84533cd542cc5f1040a41ef7c6fe qemu-coroutine-gthread.patch
e4e5e838e259a3116978aabbcebc1865a895179a7fcbf4bad195c83e9b4c0f98 qemu-xen_paths.patch
dd1e784bc455eb62cb85b3fa24bfc34f575ceaab9597ef6a2f1ee7ff7b3cae0a hotplug-vif-vtrill.patch
+74cb62a4614dd042ea9169112fb677bfef751a760aae34c7e73391fa857a8429 rombios-no-pie.patch
ac8bbd0b864c7de278fd9b68392b71863581ec21622c2e9b87e501e492e414d3 0001-ipxe-dont-clobber-ebp.patch
-8226200f17448e20784ad985ffe47aba1e8401364d9a2b6301818ca043f9ec35 gcc5-cflags.patch
-f246382763746536bafc77f117cc6e689c6c9ee8dd2608c02dbfe9f025701589 init-xenstore-domain.patch
2fea4ceec8872f5560023fa135e3ff03d6deee4299e53d3a33ec59c31779b2c5 musl-support.patch
479b9605e85c865be6117b6d1993124dbbb7da7f95d0e896e4c0fe5cdfeb74d3 musl-hvmloader-fix-stdint.patch
6b4ad2a9fdb3e23b06c8c1961a46b06c15a46471fe6fb13cdc269da37466f334 stdint_local.h
7f1ed2db24d8eba87a08eea0601a9ab339209906fdfa74c8c03564a1a6e6471e elf_local.h
b183ed028a8c42a64e6fd3fb4b2b6dad832f52ed838fceb69bf681de4e7d794f xen-hotplug-lockfd.patch
d0b3e5f282a07878341c38f40d01041ed37623757a99d6e0a420ca64d1f4ef2a xen-fd-is-file.c
+17bb27d95c86af8cc5e499b1b0db9b95bba3f45910d55b420f9f1f5452355fab patch-gcc6-etherboot-nonnull-compare.patch
+5d5fe7bf52cbae9da20cfd1fc798699b2355a1af907ebf7f764e227891a759bb patch-gcc6-etherboot-rm-unused-string-functions.patch
+9f34f8ecb9a44c688275b838c83efd233bb817f5e222629eac98e116168d704c patch-gcc6-etherboot-nic.c.patch
+cdf7c4a089fe1fe493aafaf669decc3c9e071a0950da77dce526c09088d1c931 patch-gcc6-etherboot-ath.patch
+32595581467772b9fa0fbb5384c99caefeb2cee3306b94b9bd2722084454f5a2 patch-gcc6-etherboot-sis190.patch
+c73d1653b9b1d97ddce717817dc74429cd94c7b22989a08604eaa60df63f75f8 patch-gcc6-etherboot-skge.patch
+448caed900ada2c030738218f5b82f5e29d9dc2e1beef9ebd49cbeb23734df0d patch-gcc6-etherboot-via-velocity.c.patch
+61b1518c8d41792ec3b36e0fbfc265adb6c9304945a6fa18d6cc5a197e34b94f patch-gcc6-etherboot-via-rhine.c.patch
+577f06e38a9ecbd3576907f2ba1c5040f4f1573fe92912635230702ad157b2e7 patch-gcc6-etherboot-e1000_phy.c.patch
+80a24e9504d3893e83dc60550ffe364a873aaf3dafb52dcdade13f61f2ec0ee5 patch-gcc6-etherboot-igb_phy.c.patch
+a15d73e0fb51fe3c1cf8b80a5ff17d532444016d14495d90d9e642ec60f320a6 patch-gcc6-etherboot-ath9k-9287-array.patch
+2269932e8645c11e7fe60eeb6e0720841c2b5ddac2e6965ead1527d3e5924ee9 patch-gcc6-etherboot-no-pie.patch
+cace870b6629003b55d9df9ef24f3445067239b913c006b6e23da511c1a21d78 patch-gcc6-etherboot-link-header.patch
+be05ccd8975af402dcba3a3dc78c173319b2edd636bac11ac11163091453b704 patch-gcc6-etherboot-eth_broadcast.patch
90a8fc315bfe305581b3873890b1c1c8da6f62b5d06b73b79bac7a74671bbb07 xenstored.initd
991bb7c9da02941556e29714bd96b26e39e57e0a5b514eadd78d9bfa3fa5a9dc xenstored.confd
d13719093a2c3824525f36ac91ac3c9bd1154e5ba0974e5441e4a2ab5e883521 xenconsoled.initd
@@ -307,7 +372,7 @@ d13719093a2c3824525f36ac91ac3c9bd1154e5ba0974e5441e4a2ab5e883521 xenconsoled.in
0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate
4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd
c92bbb1166edd61141fdf678116974209c4422daf373cdd5bc438aa4adb25b8d xenqemu.initd"
-sha512sums="187a860b40c05139f22b8498a5fae1db173c3110d957147af29a56cb83b7111c9dc4946d65f9dffc847001fc01c5e9bf51886eaa1194bb9cfd0b6dbcd43a2c5c xen-4.6.3.tar.gz
+sha512sums="2c52c8ef145dfab7d069e79318d5d631e1106a0ddc79d88b3bacf36c7f15cea67dccb704a245e785d2a1e42c6fb6c0ad74832f564aaeec025ad7b864031f0921 xen-4.7.0.tar.gz
2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2
c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz
1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz
@@ -317,18 +382,35 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36
4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35 tpm_emulator-0.7.4.tar.gz
021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e zlib-1.2.3.tar.gz
c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz
+e0a195ca377be7e4d584eff451d7b077406f54ca64c94b1515a4b23318fed33880da759144237de3be4abc92572037c8f5119b6b70ffc26a1872a771d769b8b2 xsa182-unstable.patch
+a5c23c5ecc6c01875da2c0791c3d62334f3709dff12cb6a1b7a486778da7604994b610a6fc1fb12a46aca409b833c1f37ca704006cd52a283f1ead66a4d9af2a xsa183-unstable.patch
+14c07d077a9d60a03859ca1b92347517c93faf88db06f8cb0515e486a3919afa8401203161ff671dda8fbdb64e6ca5e86120f1b8f65e6bfaa63a8c6a33211bad xsa184-qemut-master.patch
+862e00d9cd126f8323f9c9706bf6ce7896d97e68e647416c699d9f2e01b88083a5fea346b13403577311384946912123f64bf5a568f1a6f92077d28923df54c6 xsa184-qemuu-master.patch
c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch
1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch
f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch
+71d0ebcda62259a1bf056807363015f2370f12daa5774f16150da42cba66bb5b65ec82f1f806fe147346560aa4d0e78bc5b5d8ae9f7e82d0aabae9d63fc876f6 rombios-no-pie.patch
a6455988477a29d856924651db5e14f96d835413b956278d2291cbb8e5877d7bf6f462890f607ecf1c7b4003997295d0ba7852e110fc20df3a3edf1845e778ba 0001-ipxe-dont-clobber-ebp.patch
-68ea6d4798f107fc2fd134c970cd7f7b9aeafe3efaf9501bbd5ec35e7e212f1d637c15c21c7a257c0709c2a2d441f6c6192abad39fd23b3ecba69bcefbb3e930 gcc5-cflags.patch
-76ffe70833928a9e19dedbf42e87f6267c4d15e7dc8710fba9b7874245a5d5b4c43a27ef97c3b121cbcd5a8470f1216a3f64114cb5b83325cb30fa2040721b66 init-xenstore-domain.patch
76bd60768b296752ca11195bb03a57584686461da45255cb540977111a73c42b5b92362fd46d97bfd20487c96971dd5aed7eae7d8bf1aad7d5199adb875d4962 musl-support.patch
08cf7fac825dd3da5f33856abf6692da00d8928ab73050b3ae0a643ddb97c8ae323238a80152fd31595ac1c31678d559232264258c189e2c05ecaf33e295f13e musl-hvmloader-fix-stdint.patch
9dcb481c5b83c7df23e87be717d8a9234014f26a0f80893e125fe8110e2923562d95162d18ff64c08b5782cd7c085f90378a9e0802b3995c077c8ba32bbb669f stdint_local.h
853467a2d055c5bfbdc7bdca175a334241be44a7c5ac3c0a84a4bc5463b5c070b66d37e2a557429ef860727a6b7350683af758cc2494d85b6be4d883143a2c0d elf_local.h
79cb1b6b81b17cb87a064dfe3548949dfb80f64f203cac11ef327102b7a25794549ce2d9c019ebf05f752214da8e05065e9219d069e679c0ae5bee3d090c685e xen-hotplug-lockfd.patch
e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3ac853c5dbad8082da3c9cd53b65081910516feb492577b7fc xen-fd-is-file.c
+be0f4d00d0952883f2e0f5cabff4bda9bbfc1ff728389065a7a820875b191cf37890a272d3f9a0398fa86bbad20f6a2c16d2b7f30f3e03d746ee1d72b8ae3614 patch-gcc6-etherboot-nonnull-compare.patch
+55cf5ced4ff02d7a94bcdddbfdd0f4894c07991fa0be1829787f9498401340f0da30d2f118f4798c87e6097b13f14e1829cdc8024227ad0a561d5d8e08fc14ac patch-gcc6-etherboot-rm-unused-string-functions.patch
+fac0d9c790aa49ded45ab46304dada4d3526e62594dc837e0578ebff6e75d9e87d0451447deb8bc0a82b898e1d414d759bff67b71f84ef20d23655496769c939 patch-gcc6-etherboot-nic.c.patch
+4a47a6b3f0fa1061aaa7a3cecd8bc39d7200eac1861189bcb3f9aa82eec68272bc9b7e861f787f0edb894edf0e17cafdc3a5e53924893fec48c7269a129aac5b patch-gcc6-etherboot-ath.patch
+3c5a8a05e73e688993438196c0d799f2a9d41d7f092722a42ddbb420c464f54cf870e071b71b0c1e0e96a0b934ae229bb7dff16ca0538c1ceebe7e44c51f374b patch-gcc6-etherboot-sis190.patch
+d4de0c94b850b886ceaa519d327fbfb80028147395694a31aed76de1a6f4ea001a356f11fb833c963b3934268313611193e21c615273cbc99c9911b847ca0233 patch-gcc6-etherboot-skge.patch
+4676979566c78d8f8dc46083dd2959bd871fdc5e790ec0846f47cd74f6740117e217a1b382d03302965769afcdf3f299ec9abd584b27430c4ed69e6776081194 patch-gcc6-etherboot-via-velocity.c.patch
+be4a3f48a7a3de745693ef1b8d1ab487ee3d8d7ed1b2e98ed94af7d52fb1db2fd724f8fada267a5ef9caa41721431e0e66d18d9cfc6557bfb8a1f95f44eeba68 patch-gcc6-etherboot-via-rhine.c.patch
+1bec93daf9c2df4904828f6473c64a46d2da1401b6aac5c33b1c411f8bfc0be119109db7c6582bb38aa178a28a3401072cac2636f1c631392fcffeed88bc0950 patch-gcc6-etherboot-e1000_phy.c.patch
+78093aa78c4711001adef6f29588535ca000931bcfca7c247d5ff4ef24eff2a553919ec5bae2f7d40236513d3bfa04e3baf20fdba5cd1ce8bd4957b8deebeb3c patch-gcc6-etherboot-igb_phy.c.patch
+cca8b3230d33261efffb30cfc42661a6ec09433e3aa80d50710112d73c6b45c81dc0fa259072dc42ca31c5cec8ceca84b0a4f44ed85716f2e2d3287ddc84b7ec patch-gcc6-etherboot-ath9k-9287-array.patch
+a87f907b193203d6710515d48fb88dfd1c22ec4ca4a710822f1327df9902e4d66552208bc6b1c7fbd1816946edeccb3ffb374397b3e5b629be1b130bb763315e patch-gcc6-etherboot-no-pie.patch
+3126cdc1338d14338b56defddb96e99a12aff0f847365386a89fd54469ed08e17abbb10827ce08ca515895c6b50c37d189b1f84712de938ce0db2f8817c1de6e patch-gcc6-etherboot-link-header.patch
+44561a76fa7abab4dd9c150d4b14c83432fea1813c5455f7321f71b28ece47f56002fae6bec25c5d63259a961136dfd29c4ac4d9649a0a7b3b5dbcd5b62fc111 patch-gcc6-etherboot-eth_broadcast.patch
52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd
093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd
3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd
diff --git a/main/xen/gcc5-cflags.patch b/main/xen/gcc5-cflags.patch
deleted file mode 100644
index d8e0bcdac2..0000000000
--- a/main/xen/gcc5-cflags.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-gcc5 gives array-bounds warning on xen/common/symbols.c
- also maybe-uninitialized warning on xen/xsm/flask/ss/policydb.c
-
---- xen-4.5.0/xen/common/Makefile.orig 2015-01-12 16:53:24.000000000 +0000
-+++ xen-4.5.0/xen/common/Makefile 2015-02-14 15:40:29.722759007 +0000
-@@ -72,3 +72,5 @@
-
- subdir-y += libelf
- subdir-$(HAS_DEVICE_TREE) += libfdt
-+
-+CFLAGS += -Wno-error=array-bounds
---- xen-4.5.0/xen/xsm/flask/Makefile.orig 2015-01-12 16:53:24.000000000 +0000
-+++ xen-4.5.0/xen/xsm/flask/Makefile 2015-02-14 16:49:54.376183206 +0000
-@@ -5,6 +5,7 @@
- subdir-y += ss
-
- CFLAGS += -I./include
-+CFLAGS += -Wno-error=maybe-uninitialized
-
- AWK = awk
-
diff --git a/main/xen/gnutls-3.4.0.patch b/main/xen/gnutls-3.4.0.patch
deleted file mode 100644
index 9d2ed166dd..0000000000
--- a/main/xen/gnutls-3.4.0.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- ./tools/qemu-xen-traditional/vnc.c.orig
-+++ ./tools/qemu-xen-traditional/vnc.c
-@@ -2137,10 +2137,6 @@
-
-
- static int vnc_start_tls(struct VncState *vs) {
-- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
-- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
-
- VNC_DEBUG("Do TLS setup\n");
- if (vnc_tls_initialize() < 0) {
-@@ -2161,21 +2157,7 @@
- return -1;
- }
-
-- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
-- gnutls_deinit(vs->tls_session);
-- vs->tls_session = NULL;
-- vnc_client_error(vs);
-- return -1;
-- }
--
-- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
-- gnutls_deinit(vs->tls_session);
-- vs->tls_session = NULL;
-- vnc_client_error(vs);
-- return -1;
-- }
--
-- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
-+ if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
diff --git a/main/xen/init-xenstore-domain.patch b/main/xen/init-xenstore-domain.patch
deleted file mode 100644
index 7bbedb918c..0000000000
--- a/main/xen/init-xenstore-domain.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- ./tools/xenstore/Makefile.orig
-+++ ./tools/xenstore/Makefile
-@@ -139,6 +139,7 @@
- endif
- $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir)
- $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
-+ $(INSTALL_PROG) init-xenstore-domain $(DESTDIR)$(bindir)
- set -e ; for c in $(CLIENTS) ; do \
- ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \
- done
diff --git a/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch b/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch
new file mode 100644
index 0000000000..7b1f369b1e
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch
@@ -0,0 +1,68 @@
+From 83d6f1f15f8cce844b0a131cbc63e444620e48b5 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 14 Mar 2016 15:18:36 +0100
+Subject: ath9k: fix buffer overrun for ar9287
+
+Code that was added back in 2.6.38 has an obvious overflow
+when accessing a static array, and at the time it was added
+only a code comment was put in front of it as a reminder
+to have it reviewed properly.
+
+This has not happened, but gcc-6 now points to the specific
+overflow:
+
+drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
+drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
+ maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~^~~
+
+It turns out that the correct array length exists in the local
+'intercepts' variable of this function, so we can just use that
+instead of hardcoding '4', so this patch changes all three
+instances to use that variable. The other two instances were
+already correct, but it's more consistent this way.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/wireless/ath/ath9k/eeprom.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath9k/eeprom.c b/drivers/net/wireless/ath/ath9k/eeprom.c
+index 73fb423..a794157 100644
+--- a/src/drivers/net/ath/ath9k/ath9k_eeprom.c
++++ b/src/drivers/net/ath/ath9k/ath9k_eeprom.c
+@@ -477,10 +477,9 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah,
+
+ if (match) {
+ if (AR_SREV_9287(ah)) {
+- /* FIXME: array overrun? */
+ for (i = 0; i < numXpdGains; i++) {
+ minPwrT4[i] = data_9287[idxL].pwrPdg[i][0];
+- maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
++ maxPwrT4[i] = data_9287[idxL].pwrPdg[i][intercepts - 1];
+ ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i],
+ data_9287[idxL].pwrPdg[i],
+ data_9287[idxL].vpdPdg[i],
+@@ -490,7 +489,7 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah,
+ } else if (eeprom_4k) {
+ for (i = 0; i < numXpdGains; i++) {
+ minPwrT4[i] = data_4k[idxL].pwrPdg[i][0];
+- maxPwrT4[i] = data_4k[idxL].pwrPdg[i][4];
++ maxPwrT4[i] = data_4k[idxL].pwrPdg[i][intercepts - 1];
+ ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i],
+ data_4k[idxL].pwrPdg[i],
+ data_4k[idxL].vpdPdg[i],
+@@ -500,7 +499,7 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah,
+ } else {
+ for (i = 0; i < numXpdGains; i++) {
+ minPwrT4[i] = data_def[idxL].pwrPdg[i][0];
+- maxPwrT4[i] = data_def[idxL].pwrPdg[i][4];
++ maxPwrT4[i] = data_def[idxL].pwrPdg[i][intercepts - 1];
+ ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i],
+ data_def[idxL].pwrPdg[i],
+ data_def[idxL].vpdPdg[i],
+--
+cgit v0.12
+
diff --git a/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch b/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch
new file mode 100644
index 0000000000..4cd6c246c1
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch
@@ -0,0 +1,20 @@
+diff -aur a/src/drivers/net/e1000/e1000_phy.c b/src/drivers/net/e1000/e1000_phy.c
+--- a/src/drivers/net/e1000/e1000_phy.c 2016-05-12 19:40:13.950772568 +1000
++++ b/src/drivers/net/e1000/e1000_phy.c 2016-05-12 19:41:08.429089344 +1000
+@@ -164,7 +164,7 @@
+
+ DEBUGFUNC("e1000_get_phy_id");
+
+- if (!(phy->ops.read_reg))
++ if (!(phy->ops.read_reg)) {
+ goto out;
+
+ ret_val = phy->ops.read_reg(hw, PHY_ID1, &phy_id);
+@@ -179,6 +179,7 @@
+
+ phy->id |= (u32)(phy_id & PHY_REVISION_MASK);
+ phy->revision = (u32)(phy_id & ~PHY_REVISION_MASK);
++ }
+
+ out:
+ return ret_val;
diff --git a/main/xen/patch-gcc6-etherboot-igb_phy.c.patch b/main/xen/patch-gcc6-etherboot-igb_phy.c.patch
new file mode 100644
index 0000000000..44beb4baa9
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-igb_phy.c.patch
@@ -0,0 +1,20 @@
+diff -aur a/src/drivers/net/igb/igb_phy.c b/src/drivers/net/igb/igb_phy.c
+--- a/src/drivers/net/igb/igb_phy.c 2016-05-12 19:53:45.063246296 +1000
++++ b/src/drivers/net/igb/igb_phy.c 2016-05-12 19:54:09.992692278 +1000
+@@ -88,7 +88,7 @@
+
+ DEBUGFUNC("igb_get_phy_id");
+
+- if (!(phy->ops.read_reg))
++ if (!(phy->ops.read_reg)) {
+ goto out;
+
+ ret_val = phy->ops.read_reg(hw, PHY_ID1, &phy_id);
+@@ -103,6 +103,7 @@
+
+ phy->id |= (u32)(phy_id & PHY_REVISION_MASK);
+ phy->revision = (u32)(phy_id & ~PHY_REVISION_MASK);
++ }
+
+ out:
+ return ret_val;
diff --git a/main/xen/patch-gcc6-etherboot-no-pie.patch b/main/xen/patch-gcc6-etherboot-no-pie.patch
new file mode 100644
index 0000000000..c4500259a6
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-no-pie.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Makefile b/src/Makefile
+index e2425d7..20111d7 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -4,7 +4,7 @@
+ #
+
+ CLEANUP :=
+-CFLAGS :=
++CFLAGS := -fno-pie
+ ASFLAGS :=
+ LDFLAGS :=
+ MAKEDEPS := Makefile
diff --git a/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch b/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch
new file mode 100644
index 0000000000..991d433301
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch
@@ -0,0 +1,257 @@
+From b54167b8b6a35c7dab19bbe4b421d447036558d4 Mon Sep 17 00:00:00 2001
+From: Michael Brown <mcb30@ipxe.org>
+Date: Mon, 16 Feb 2015 15:33:32 +0000
+Subject: [PATCH] [libc] Remove unused string functions
+
+Signed-off-by: Michael Brown <mcb30@ipxe.org>
+---
+ src/core/stringextra.c | 188 ------------------------------------------------
+ src/include/string.h | 6 --
+ 2 files changed, 0 insertions(+), 194 deletions(-)
+
+diff --git a/src/core/stringextra.c b/src/core/stringextra.c
+index 0a50985..18ffc63 100644
+--- a/src/core/stringextra.c
++++ b/src/core/stringextra.c
+@@ -38,122 +38,6 @@ FILE_LICENCE ( GPL2_ONLY );
+
+ /* *** FROM string.c *** */
+
+-#ifndef __HAVE_ARCH_STRNICMP
+-/**
+- * strnicmp - Case insensitive, length-limited string comparison
+- * @s1: One string
+- * @s2: The other string
+- * @len: the maximum number of characters to compare
+- */
+-int strnicmp(const char *s1, const char *s2, size_t len)
+-{
+- /* Yes, Virginia, it had better be unsigned */
+- unsigned char c1, c2;
+-
+- c1 = 0; c2 = 0;
+- if (len) {
+- do {
+- c1 = *s1; c2 = *s2;
+- s1++; s2++;
+- if (!c1)
+- break;
+- if (!c2)
+- break;
+- if (c1 == c2)
+- continue;
+- c1 = tolower(c1);
+- c2 = tolower(c2);
+- if (c1 != c2)
+- break;
+- } while (--len);
+- }
+- return (int)c1 - (int)c2;
+-}
+-#endif
+-
+-char * ___strtok;
+-
+-#ifndef __HAVE_ARCH_STRNCAT
+-/**
+- * strncat - Append a length-limited, %NUL-terminated string to another
+- * @dest: The string to be appended to
+- * @src: The string to append to it
+- * @count: The maximum numbers of bytes to copy
+- *
+- * Note that in contrast to strncpy, strncat ensures the result is
+- * terminated.
+- */
+-char * strncat(char *dest, const char *src, size_t count)
+-{
+- char *tmp = dest;
+-
+- if (count) {
+- while (*dest)
+- dest++;
+- while ((*dest++ = *src++)) {
+- if (--count == 0) {
+- *dest = '\0';
+- break;
+- }
+- }
+- }
+-
+- return tmp;
+-}
+-#endif
+-
+-#ifndef __HAVE_ARCH_STRSPN
+-/**
+- * strspn - Calculate the length of the initial substring of @s which only
+- * contain letters in @accept
+- * @s: The string to be searched
+- * @accept: The string to search for
+- */
+-size_t strspn(const char *s, const char *accept)
+-{
+- const char *p;
+- const char *a;
+- size_t count = 0;
+-
+- for (p = s; *p != '\0'; ++p) {
+- for (a = accept; *a != '\0'; ++a) {
+- if (*p == *a)
+- break;
+- }
+- if (*a == '\0')
+- return count;
+- ++count;
+- }
+-
+- return count;
+-}
+-#endif
+-
+-#ifndef __HAVE_ARCH_STRCSPN
+-/**
+- * strcspn - Calculate the length of the initial substring of @s which only
+- * contain letters not in @reject
+- * @s: The string to be searched
+- * @accept: The string to search for
+- */
+-size_t strcspn(const char *s, const char *reject)
+-{
+- const char *p;
+- const char *r;
+- size_t count = 0;
+-
+- for (p = s; *p != '\0'; ++p) {
+- for (r = reject; *r != '\0'; ++r) {
+- if (*p == *r)
+- return count;
+- }
+- ++count;
+- }
+-
+- return count;
+-}
+-#endif
+-
+ #ifndef __HAVE_ARCH_STRPBRK
+ /**
+ * strpbrk - Find the first occurrence of a set of characters
+@@ -174,35 +58,6 @@ char * strpbrk(const char * cs,const char * ct)
+ }
+ #endif
+
+-#ifndef __HAVE_ARCH_STRTOK
+-/**
+- * strtok - Split a string into tokens
+- * @s: The string to be searched
+- * @ct: The characters to search for
+- *
+- * WARNING: strtok is deprecated, use strsep instead.
+- */
+-char * strtok(char * s,const char * ct)
+-{
+- char *sbegin, *send;
+-
+- sbegin = s ? s : ___strtok;
+- if (!sbegin) {
+- return NULL;
+- }
+- sbegin += strspn(sbegin,ct);
+- if (*sbegin == '\0') {
+- ___strtok = NULL;
+- return( NULL );
+- }
+- send = strpbrk( sbegin, ct);
+- if (send && *send != '\0')
+- *send++ = '\0';
+- ___strtok = send;
+- return (sbegin);
+-}
+-#endif
+-
+ #ifndef __HAVE_ARCH_STRSEP
+ /**
+ * strsep - Split a string into tokens
+@@ -230,46 +85,3 @@ char * strsep(char **s, const char *ct)
+ return sbegin;
+ }
+ #endif
+-
+-#ifndef __HAVE_ARCH_BCOPY
+-/**
+- * bcopy - Copy one area of memory to another
+- * @src: Where to copy from
+- * @dest: Where to copy to
+- * @count: The size of the area.
+- *
+- * Note that this is the same as memcpy(), with the arguments reversed.
+- * memcpy() is the standard, bcopy() is a legacy BSD function.
+- *
+- * You should not use this function to access IO space, use memcpy_toio()
+- * or memcpy_fromio() instead.
+- */
+-char * bcopy(const char * src, char * dest, int count)
+-{
+- return memmove(dest,src,count);
+-}
+-#endif
+-
+-#ifndef __HAVE_ARCH_MEMSCAN
+-/**
+- * memscan - Find a character in an area of memory.
+- * @addr: The memory area
+- * @c: The byte to search for
+- * @size: The size of the area.
+- *
+- * returns the address of the first occurrence of @c, or 1 byte past
+- * the area if @c is not found
+- */
+-void * memscan(const void * addr, int c, size_t size)
+-{
+- unsigned char * p = (unsigned char *) addr;
+-
+- while (size) {
+- if (*p == c)
+- return (void *) p;
+- p++;
+- size--;
+- }
+- return (void *) p;
+-}
+-#endif
+diff --git a/src/include/string.h b/src/include/string.h
+index 3482e1b..dfd78a6 100644
+--- a/src/include/string.h
++++ b/src/include/string.h
+@@ -19,11 +19,9 @@ FILE_LICENCE ( GPL2_ONLY );
+ #include <stddef.h>
+ #include <bits/string.h>
+
+-int __pure strnicmp(const char *s1, const char *s2, size_t len) __nonnull;
+ char * strcpy(char * dest,const char *src) __nonnull;
+ char * strncpy(char * dest,const char *src,size_t count) __nonnull;
+ char * strcat(char * dest, const char * src) __nonnull;
+-char * strncat(char *dest, const char *src, size_t count) __nonnull;
+ int __pure strcmp(const char * cs,const char * ct) __nonnull;
+ int __pure strncmp(const char * cs,const char * ct,
+ size_t count) __nonnull;
+@@ -31,16 +29,12 @@ char * __pure strchr(const char * s, int c) __nonnull;
+ char * __pure strrchr(const char * s, int c) __nonnull;
+ size_t __pure strlen(const char * s) __nonnull;
+ size_t __pure strnlen(const char * s, size_t count) __nonnull;
+-size_t __pure strspn(const char *s, const char *accept) __nonnull;
+-size_t __pure strcspn(const char *s, const char *reject) __nonnull;
+ char * __pure strpbrk(const char * cs,const char * ct) __nonnull;
+-char * strtok(char * s,const char * ct) __nonnull;
+ char * strsep(char **s, const char *ct) __nonnull;
+ void * memset(void * s,int c,size_t count) __nonnull;
+ void * memmove(void * dest,const void *src,size_t count) __nonnull;
+ int __pure memcmp(const void * cs,const void * ct,
+ size_t count) __nonnull;
+-void * __pure memscan(const void * addr, int c, size_t size) __nonnull;
+ char * __pure strstr(const char * s1,const char * s2) __nonnull;
+ void * __pure memchr(const void *s, int c, size_t n) __nonnull;
+ char * __malloc strdup(const char *s) __nonnull;
+--
+1.7.9
+
diff --git a/main/xen/patch-gcc6-etherboot-via-rhine.c.patch b/main/xen/patch-gcc6-etherboot-via-rhine.c.patch
new file mode 100644
index 0000000000..697208ae3f
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-via-rhine.c.patch
@@ -0,0 +1,21 @@
+diff -aru a/src/drivers/net/via-rhine.c b/src/drivers/net/via-rhine.c
+--- a/src/drivers/net/via-rhine.c 2016-05-12 19:24:14.047825550 +1000
++++ b/src/drivers/net/via-rhine.c 2016-05-12 19:33:18.061858418 +1000
+@@ -945,13 +945,15 @@
+ /* added comment by guard */
+ /* For supporting VT6107, please use revision id to recognize different chips in driver */
+ // if (tp->chip_id == 0x3065)
+- if( tp->chip_revision < 0x80 && tp->chip_revision >=0x40 )
++ if( tp->chip_revision < 0x80 && tp->chip_revision >=0x40 ) {
+ intr_status |= inb(nic->ioaddr + IntrStatus2) << 16;
+ intr_status = (intr_status & ~DEFAULT_INTR);
+- if ( action == ENABLE )
++ if ( action == ENABLE ) {
+ intr_status = intr_status | DEFAULT_INTR;
+ outw(intr_status, nic->ioaddr + IntrEnable);
++ }
+ break;
++ }
+ case FORCE :
+ outw(0x0010, nic->ioaddr + 0x84);
+ break;
diff --git a/main/xen/patch-gcc6-etherboot-via-velocity.c.patch b/main/xen/patch-gcc6-etherboot-via-velocity.c.patch
new file mode 100644
index 0000000000..36a3d81158
--- /dev/null
+++ b/main/xen/patch-gcc6-etherboot-via-velocity.c.patch
@@ -0,0 +1,12 @@
+diff -aur a/src/drivers/net/via-velocity.c b/src/drivers/net/via-velocity.c
+--- a/src/drivers/net/via-velocity.c 2016-05-12 19:14:33.231788641 +1000
++++ b/src/drivers/net/via-velocity.c 2016-05-12 19:17:08.235494746 +1000
+@@ -69,7 +69,7 @@
+
+ /* NIC specific static variables go here */
+ #define VELOCITY_PARAM(N,D) \
+- static const int N[MAX_UNITS]=OPTION_DEFAULT;
++ static __attribute__ ((unused)) const int N[MAX_UNITS]=OPTION_DEFAULT;
+ /* MODULE_PARM(N, "1-" __MODULE_STRING(MAX_UNITS) "i");\
+ MODULE_PARM_DESC(N, D); */
+
diff --git a/main/xen/rombios-no-pie.patch b/main/xen/rombios-no-pie.patch
new file mode 100644
index 0000000000..3e98bb497d
--- /dev/null
+++ b/main/xen/rombios-no-pie.patch
@@ -0,0 +1,26 @@
+diff --git a/tools/firmware/rombios/32bit/Makefile b/tools/firmware/rombios/32bit/Makefile
+index 396906c..07168eb 100644
+--- a/tools/firmware/rombios/32bit/Makefile
++++ b/tools/firmware/rombios/32bit/Makefile
+@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/firmware/Rules.mk
+
+ TARGET = 32bitbios_flat.h
+
+-CFLAGS += $(CFLAGS_xeninclude) -I..
++CFLAGS += $(CFLAGS_xeninclude) -I.. -fno-pie
+
+ SUBDIRS = tcgbios
+
+diff --git a/tools/firmware/rombios/32bit/tcgbios/Makefile b/tools/firmware/rombios/32bit/tcgbios/Makefile
+index f6f2649..104496a 100644
+--- a/tools/firmware/rombios/32bit/tcgbios/Makefile
++++ b/tools/firmware/rombios/32bit/tcgbios/Makefile
+@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/firmware/Rules.mk
+
+ TARGET = tcgbiosext.o
+
+-CFLAGS += $(CFLAGS_xeninclude) -I.. -I../..
++CFLAGS += $(CFLAGS_xeninclude) -I.. -I../.. -fno-pie
+
+ .PHONY: all
+ all: $(TARGET)
diff --git a/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch b/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch
deleted file mode 100644
index ac73aa7a25..0000000000
--- a/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 2bb230972c5ddb1ca823f47750b5d46a9d302d0e Mon Sep 17 00:00:00 2001
-From: Jan Beulich <jbeulich@suse.com>
-Date: Thu, 19 May 2016 12:06:33 +0200
-Subject: [PATCH] x86emul: suppress writeback upon unsuccessful MMX/SSE/AVX
- insn emulation
-
-This in particular prevents updating guest IP when handling the retry
-needed to forward the memory access to qemu.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Release-acked-by: Wei Liu <wei.liu2@citrix.com>
----
- xen/arch/x86/x86_emulate/x86_emulate.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
-index 621332b..d7c6d90 100644
---- a/xen/arch/x86/x86_emulate/x86_emulate.c
-+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -4178,6 +4178,8 @@ x86_emulate(
- if ( !rc && (b & 1) && (ea.type == OP_MEM) )
- rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp,
- ea.bytes, ctxt);
-+ if ( rc )
-+ goto done;
- dst.type = OP_NONE;
- break;
- }
-@@ -4430,6 +4432,8 @@ x86_emulate(
- if ( !rc && (b != 0x6f) && (ea.type == OP_MEM) )
- rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp,
- ea.bytes, ctxt);
-+ if ( rc )
-+ goto done;
- dst.type = OP_NONE;
- break;
- }
---
-2.1.4
-
diff --git a/main/xen/xsa182-unstable.patch b/main/xen/xsa182-unstable.patch
new file mode 100644
index 0000000000..3e40e8a530
--- /dev/null
+++ b/main/xen/xsa182-unstable.patch
@@ -0,0 +1,102 @@
+From 00593655e231ed5ea20704120037026e33b83fbb Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Date: Mon, 11 Jul 2016 14:32:03 +0100
+Subject: [PATCH] x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
+
+All changes in writeability and cacheability must go through full
+re-validation.
+
+Rework the logic as a whitelist, to make it clearer to follow.
+
+This is XSA-182
+
+Reported-by: Jérémie Boutoille <jboutoille@ext.quarkslab.com>
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Tim Deegan <tim@xen.org>
+---
+ xen/arch/x86/mm.c | 28 ++++++++++++++++------------
+ xen/include/asm-x86/page.h | 1 +
+ 2 files changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
+index dbcf6cb..56ca19f 100644
+--- a/xen/arch/x86/mm.c
++++ b/xen/arch/x86/mm.c
+@@ -1852,6 +1852,14 @@ static inline int update_intpte(intpte_t *p,
+ _t ## e_get_intpte(_o), _t ## e_get_intpte(_n), \
+ (_m), (_v), (_ad))
+
++/*
++ * PTE flags that a guest may change without re-validating the PTE.
++ * All other bits affect translation, caching, or Xen's safety.
++ */
++#define FASTPATH_FLAG_WHITELIST \
++ (_PAGE_NX_BIT | _PAGE_AVAIL_HIGH | _PAGE_AVAIL | _PAGE_GLOBAL | \
++ _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_USER)
++
+ /* Update the L1 entry at pl1e to new value nl1e. */
+ static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e,
+ unsigned long gl1mfn, int preserve_ad,
+@@ -1891,9 +1899,8 @@ static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e,
+ nl1e = l1e_from_pfn(page_to_mfn(page), l1e_get_flags(nl1e));
+ }
+
+- /* Fast path for identical mapping, r/w, presence, and cachability. */
+- if ( !l1e_has_changed(ol1e, nl1e,
+- PAGE_CACHE_ATTRS | _PAGE_RW | _PAGE_PRESENT) )
++ /* Fast path for sufficiently-similar mappings. */
++ if ( !l1e_has_changed(ol1e, nl1e, ~FASTPATH_FLAG_WHITELIST) )
+ {
+ adjust_guest_l1e(nl1e, pt_dom);
+ rc = UPDATE_ENTRY(l1, pl1e, ol1e, nl1e, gl1mfn, pt_vcpu,
+@@ -1970,11 +1977,8 @@ static int mod_l2_entry(l2_pgentry_t *pl2e,
+ return -EINVAL;
+ }
+
+- /* Fast path for identical mapping and presence. */
+- if ( !l2e_has_changed(ol2e, nl2e,
+- unlikely(opt_allow_superpage)
+- ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
+- : _PAGE_PRESENT) )
++ /* Fast path for sufficiently-similar mappings. */
++ if ( !l2e_has_changed(ol2e, nl2e, ~FASTPATH_FLAG_WHITELIST) )
+ {
+ adjust_guest_l2e(nl2e, d);
+ if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) )
+@@ -2039,8 +2043,8 @@ static int mod_l3_entry(l3_pgentry_t *pl3e,
+ return -EINVAL;
+ }
+
+- /* Fast path for identical mapping and presence. */
+- if ( !l3e_has_changed(ol3e, nl3e, _PAGE_PRESENT) )
++ /* Fast path for sufficiently-similar mappings. */
++ if ( !l3e_has_changed(ol3e, nl3e, ~FASTPATH_FLAG_WHITELIST) )
+ {
+ adjust_guest_l3e(nl3e, d);
+ rc = UPDATE_ENTRY(l3, pl3e, ol3e, nl3e, pfn, vcpu, preserve_ad);
+@@ -2103,8 +2107,8 @@ static int mod_l4_entry(l4_pgentry_t *pl4e,
+ return -EINVAL;
+ }
+
+- /* Fast path for identical mapping and presence. */
+- if ( !l4e_has_changed(ol4e, nl4e, _PAGE_PRESENT) )
++ /* Fast path for sufficiently-similar mappings. */
++ if ( !l4e_has_changed(ol4e, nl4e, ~FASTPATH_FLAG_WHITELIST) )
+ {
+ adjust_guest_l4e(nl4e, d);
+ rc = UPDATE_ENTRY(l4, pl4e, ol4e, nl4e, pfn, vcpu, preserve_ad);
+diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h
+index 224852a..4ae387f 100644
+--- a/xen/include/asm-x86/page.h
++++ b/xen/include/asm-x86/page.h
+@@ -313,6 +313,7 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t);
+ #define _PAGE_AVAIL2 _AC(0x800,U)
+ #define _PAGE_AVAIL _AC(0xE00,U)
+ #define _PAGE_PSE_PAT _AC(0x1000,U)
++#define _PAGE_AVAIL_HIGH (_AC(0x7ff, U) << 12)
+ #define _PAGE_NX (cpu_has_nx ? _PAGE_NX_BIT : 0)
+ /* non-architectural flags */
+ #define _PAGE_PAGED 0x2000U
+--
+2.1.4
+
diff --git a/main/xen/xsa183-unstable.patch b/main/xen/xsa183-unstable.patch
new file mode 100644
index 0000000000..573c530112
--- /dev/null
+++ b/main/xen/xsa183-unstable.patch
@@ -0,0 +1,75 @@
+From 2fd4f34058fb5f87fbd80978dbd2cb458aff565d Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Date: Wed, 15 Jun 2016 18:32:14 +0100
+Subject: [PATCH] x86/entry: Avoid SMAP violation in
+ compat_create_bounce_frame()
+
+A 32bit guest kernel might be running on user mappings.
+compat_create_bounce_frame() must whitelist its guest accesses to avoid
+risking a SMAP violation.
+
+For both variants of create_bounce_frame(), re-blacklist user accesses if
+execution exits via an exception table redirection.
+
+This is XSA-183 / CVE-2016-6259
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: George Dunlap <george.dunlap@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+---
+v2:
+ * Include CLAC on the exit paths from compat_create_bounce_frame which occur
+ from faults attempting to load %fs
+ * Reposition ASM_STAC to avoid breaking the macro-op fusion of test/jz
+---
+ xen/arch/x86/x86_64/compat/entry.S | 3 +++
+ xen/arch/x86/x86_64/entry.S | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
+index 7f02afd..e80c53c 100644
+--- a/xen/arch/x86/x86_64/compat/entry.S
++++ b/xen/arch/x86/x86_64/compat/entry.S
+@@ -318,6 +318,7 @@ ENTRY(compat_int80_direct_trap)
+ compat_create_bounce_frame:
+ ASSERT_INTERRUPTS_ENABLED
+ mov %fs,%edi
++ ASM_STAC
+ testb $2,UREGS_cs+8(%rsp)
+ jz 1f
+ /* Push new frame at registered guest-OS stack base. */
+@@ -364,6 +365,7 @@ compat_create_bounce_frame:
+ movl TRAPBOUNCE_error_code(%rdx),%eax
+ .Lft8: movl %eax,%fs:(%rsi) # ERROR CODE
+ 1:
++ ASM_CLAC
+ /* Rewrite our stack frame and return to guest-OS mode. */
+ /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
+ andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\
+@@ -403,6 +405,7 @@ compat_crash_page_fault_4:
+ addl $4,%esi
+ compat_crash_page_fault:
+ .Lft14: mov %edi,%fs
++ ASM_CLAC
+ movl %esi,%edi
+ call show_page_walk
+ jmp dom_crash_sync_extable
+diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
+index ad8c64c..f7178cd 100644
+--- a/xen/arch/x86/x86_64/entry.S
++++ b/xen/arch/x86/x86_64/entry.S
+@@ -420,9 +420,11 @@ domain_crash_page_fault_16:
+ domain_crash_page_fault_8:
+ addq $8,%rsi
+ domain_crash_page_fault:
++ ASM_CLAC
+ movq %rsi,%rdi
+ call show_page_walk
+ ENTRY(dom_crash_sync_extable)
++ ASM_CLAC
+ # Get out of the guest-save area of the stack.
+ GET_STACK_END(ax)
+ leaq STACK_CPUINFO_FIELD(guest_cpu_user_regs)(%rax),%rsp
+--
+2.1.4
+
diff --git a/main/xen/xsa184-qemut-master.patch b/main/xen/xsa184-qemut-master.patch
new file mode 100644
index 0000000000..b376f33a52
--- /dev/null
+++ b/main/xen/xsa184-qemut-master.patch
@@ -0,0 +1,43 @@
+From 17d8c4e47dfb41cb6778520ff2eab7a11fe12dfd Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Tue, 26 Jul 2016 15:31:59 +0100
+Subject: [PATCH] virtio: error out if guest exceeds virtqueue size
+
+A broken or malicious guest can submit more requests than the virtqueue
+size permits.
+
+The guest can submit requests without bothering to wait for completion
+and is therefore not bound by virtqueue size. This requires reusing
+vring descriptors in more than one request, which is incorrect but
+possible. Processing a request allocates a VirtQueueElement and
+therefore causes unbounded memory allocation controlled by the guest.
+
+Exit with an error if the guest provides more requests than the
+virtqueue size permits. This bounds memory allocation and makes the
+buggy guest visible to the user.
+
+Reported-by: Zhenhao Hong <zhenhaohong@gmail.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/virtio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/virtio.c b/hw/virtio.c
+index c26feff..42897bf 100644
+--- a/tools/qemu-xen-traditional/hw/virtio.c
++++ b/tools/qemu-xen-traditional/hw/virtio.c
+@@ -421,6 +421,11 @@ int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
+ /* When we start there are none of either input nor output. */
+ elem->out_num = elem->in_num = 0;
+
++ if (vq->inuse >= vq->vring.num) {
++ fprintf(stderr, "Virtqueue size exceeded");
++ exit(1);
++ }
++
+ i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
+ do {
+ struct iovec *sg;
+--
+2.1.4
+
diff --git a/main/xen/xsa184-qemuu-master.patch b/main/xen/xsa184-qemuu-master.patch
new file mode 100644
index 0000000000..bbe44e8fcb
--- /dev/null
+++ b/main/xen/xsa184-qemuu-master.patch
@@ -0,0 +1,43 @@
+From e469db25d6b2e5c71cd15451889226641c53a5cd Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Mon, 25 Jul 2016 17:37:18 +0530
+Subject: [PATCH] virtio: error out if guest exceeds virtqueue size
+
+A broken or malicious guest can submit more requests than the virtqueue
+size permits.
+
+The guest can submit requests without bothering to wait for completion
+and is therefore not bound by virtqueue size. This requires reusing
+vring descriptors in more than one request, which is incorrect but
+possible. Processing a request allocates a VirtQueueElement and
+therefore causes unbounded memory allocation controlled by the guest.
+
+Exit with an error if the guest provides more requests than the
+virtqueue size permits. This bounds memory allocation and makes the
+buggy guest visible to the user.
+
+Reported-by: Zhenhao Hong <zhenhaohong@gmail.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/virtio/virtio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index d24f775..f8ac0fb 100644
+--- a/tools/qemu-xen/hw/virtio/virtio.c
++++ b/tools/qemu-xen/hw/virtio/virtio.c
+@@ -483,6 +483,11 @@ int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
+
+ max = vq->vring.num;
+
++ if (vq->inuse >= max) {
++ error_report("Virtqueue size exceeded");
++ exit(1);
++ }
++
+ i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
+ if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
+ vring_set_avail_event(vq, vq->last_avail_idx);
+--
+2.1.4
+