revbumps; add security patches XSA-68-70/72, remove old ebuilds

Package-Manager: portage-2.2.0/cvs/Linux x86_64
Manifest-Sign-Key: 0xB8072B0D

8 files changed, 246 insertions, 11 deletions

diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog
index 7f92e62848b3..0dbc59e7589d 100644
--- a/app-emulation/xen-tools/ChangeLog
+++ b/app-emulation/xen-tools/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for app-emulation/xen-tools
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.198 2013/11/04 16:12:31 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.199 2013/11/07 00:46:42 idella4 Exp $
+
+*xen-tools-4.3.0-r3 (07 Nov 2013)
+*xen-tools-4.2.2-r5 (07 Nov 2013)
+
+  07 Nov 2013; Ian Delaney <idella4@gentoo.org>
+  +files/xen-tools-4-CVE-2013-4369-XSA-68.patch,
+  +files/xen-tools-4-CVE-2013-4370-XSA-69.patch,
+  +files/xen-tools-4-CVE-2013-4371-XSA-70.patch,
+  +files/xen-tools-4-CVE-2013-4416-XSA-72.patch, +xen-tools-4.2.2-r5.ebuild,
+  +xen-tools-4.3.0-r3.ebuild, -xen-tools-4.2.2-r4.ebuild,
+  -xen-tools-4.3.0-r2.ebuild:
+  revbumps; add security patches XSA-68-70/72, remove old ebuilds
 
 *xen-tools-4.3.0-r2 (04 Nov 2013)
 
diff --git a/app-emulation/xen-tools/Manifest b/app-emulation/xen-tools/Manifest
index 624b9f4b79cc..e325624e97b0 100644
--- a/app-emulation/xen-tools/Manifest
+++ b/app-emulation/xen-tools/Manifest
@@ -38,6 +38,10 @@ AUX xen-4.3-jserver.patch 1487 SHA256 3bbf6d06ad1960e30dc84a3e3b179d5d23331ecf60
 AUX xen-4.3.0-anti-download.patch 1031 SHA256 c525684eba4c130193a4e31789e5b5ba6dab9ed6262ad913b0a1816b483679e5 SHA512 96ccf478b28f8286ef313bfba0c91d41e9ac13348cb85e277b39de5b998c80ba0a1df3efcfc026a487aba4474f1c90329a254834d07536916437636e383b9d17 WHIRLPOOL 755df637c5f8599b7ebbb9b0005aa6183d475a9b3049bb2721c5609b68140a7424c42a2682071de4a0c01405461b92f6e46e5929d6b018ae56899daf615463bc
 AUX xen-consoles.logrotate 63 SHA256 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 SHA512 ab2105c75cfe01768aecd5bcbb56269d63666e8a44e42b6a83aee87df6c84ee2f9ab249171c21b2e09f8fec2cae8318f6e87d160989398a3e7dd68db8d52c426 WHIRLPOOL be108bf298202851de434af513ac8c03a533e7621623c2a7e8f26d498074b3eec81b85b2ae29ad2ec67f4fe9937c88bd78c5f5e260793e7e69ec964d4adb989e
 AUX xen-tools-3.4.0-network-bridge-broadcast.patch 496 SHA256 d00a1954447fc29500ab2f1a8c7900310e0dee81942be5c922ad66b6b42dfb74 SHA512 496c61ec237506c77577e832828de923283f55ab07ad141718af1a719b1b5bcdb8152a8cffddc679ff4a3e389582e7b8de8aaf1b4c8b1124bf1563467bdf674f WHIRLPOOL f80a557ed62cc26a51f85bc8682a738ab29d4573e3261c440f6e66f50cd81263fa2c6898b1aa1b1c227a2d3923cc9fd718ffad2e123ee69c6d7929def7906433
+AUX xen-tools-4-CVE-2013-4369-XSA-68.patch 1923 SHA256 64716cb49696298e0bbd9556fe9d6f559a4e2785081e28d50607317b6e27ba32 SHA512 bd1deab154e129fc63dcc51ce5c4d004f5fe044443755a0b8943d8b6087f2ef7cbfd76f2390d36f7b4ad1797ef28abbb23157401468e1bf33ecc7a17aff9e8a4 WHIRLPOOL fe4094b44455aa265780a20dd6c27eff782161908adb235769411e978fe5c8e1e8c6d24487be6b1dcab45e6eb3830d23ec3eacf1f9e5ab99f491c83617ff535b
+AUX xen-tools-4-CVE-2013-4370-XSA-69.patch 995 SHA256 d3beb662aacf628b6a25ff6cfcd9526ab689aa43a56cf25e792a001f89b4edbc SHA512 606bb9e8fbc16893a927cfa1bb45a61cfb0588eead7dd7440301e10275a23590e98af72bb4c01f7772469b4760daeac71a9a3899c55b96f0b88ad4355621ea32 WHIRLPOOL 9f63f44187e1b77d1ace968ee98f46017539b4675e5e164bde97e5e614790eede4754fdd33d57d9e48f8b4cc1607992fa85ae5ccf27b06fa34a4fd5d537f0732
+AUX xen-tools-4-CVE-2013-4371-XSA-70.patch 1050 SHA256 2582d3d545903af475436145f7e459414ad9d9c61d5720992eeeec42de8dde56 SHA512 107335f8e4ffddb9cab9e21dfdf745dea0e4d078c71ee59671942291c189dd0e998a9d480fa91ae439e6410591c9fb06491ca8e810006e22640bf0dc9cf5da81 WHIRLPOOL d7c6908432225ccf13093a378ef3cee09facd2c87cec56251f05e91d7a38dc1878c6be5d7148b7f704a2df94cc60e8b286efb403e58fb50a582076363d18f2b7
+AUX xen-tools-4-CVE-2013-4416-XSA-72.patch 2633 SHA256 66e11513fc512173140f3ca12568f8ef79415e9a7884254a700991b3f1afd125 SHA512 5b97f1d97f3f3109d63cca37ef4922e69031bee42df620aa5aec9ef91d9499b4310aa1dfac49974ed528fdac9885521026a839f66e69d392e4cfc23fa6b4ece5 WHIRLPOOL 988268db13b5ab72bcf1dc60aeb843cb2b33c638c346f84cae792d734c0b987f9ee26b3ecf1db3449750b355a33d68d508722ffafd38c3f967855ff39369c39d
 AUX xen-tools-4-docfix.patch 438 SHA256 016120c2333667aa84861ac9289c48a072c4842fb517936570882e1fc4060de6 SHA512 0a67d703749df823f5223b555c6dc896420e73ed7eeb5e77a8f8b950fc8bafaf9e20d66c35b29883b3cee6f8ca5054af3b55f804d20ae20d676feeeabf92b489 WHIRLPOOL fed73bd521b4cbea804ef4bc3b4b3a4007e7765cf0ab67e700e95afd328181ab5fce246b53a5e2a462baf6029664b25f82ffeabc1aaeb45fa99af344ecc957a5
 AUX xen-tools-4-qemu-xen-doc.patch 820 SHA256 691b2d84f7312388d528c83f3e9e90521e6b2c97abae8ca8a83325655264c98a SHA512 bc07420be7629796e49e128c1cfbde8fa7d4dc3b66174462448e9033f78c0c982dfdbd4dde9b1c54a9862fd2f9602c6bac0be1dfc0df8280aaaf8de60acb708f WHIRLPOOL 4fc2907a42bc3f824160f92586392f7dba07c2229382585f5f7bf4c0f3ab2574a814e8e8fd076b68abb2580497492e1fc0e6181ffb8f1acb5c70e60caff81505
 AUX xen-tools-4.1.1-bridge.patch 449 SHA256 71eea5408e3600c3c6f7ce4e8363ea2c19db36c1882e20cf0ef8143af527782b SHA512 3e4021c363bae11874b13675a8ad6aaf5b733e42a18e0d1259dce1cf2c305440dde13a7a08a584213dd96fa4b0a788048f6cb87a0f5b3ce777a2048215dbd779 WHIRLPOOL 9363d615578696899ba84d6d2026d3cc5115756a9d0ca5a91071ac4db6e2fa425135bbf6db320e90daf78f89c6203b291dcb2cc25a6e5db82b7c094d3c940cde
@@ -62,14 +66,14 @@ DIST seabios-dir-remote-20130720.tar.gz 3201017 SHA256 0cf06b54e8ae1cfc25f2942ee
 DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea
 DIST xen-4.3.0.tar.gz 16425975 SHA256 e1e9faabe4886e2227aacdbde74410653b233d66642ca1972a860cbec6439961 SHA512 e6b8f64e15e48704ea5cee5585cd6151fe6a5a62bc4670caf0b762c1aa71c9598db236c637ac34c42c92c6e8a5001acdd3d9d4b9305401a26273279358f481d6 WHIRLPOOL a91f14bc6535127ab17d3867b92fb3e008089453d5ba7996fd1d0b5c6d32a881c07df320f018c928e919f28de7b4ab4757c6bdb020e0cdb7d67960d4cab9dda0
 EBUILD xen-tools-4.2.2-r3.ebuild 11674 SHA256 16f5a1f6548a679f964dbb5dd892352e18bb31c8940678561e72f00259a578c8 SHA512 a056bf526a71afede4a2950b69f3dc46862ac6f34b5d981e306253ebf521758975603eee7cd4728c66871db17402e282a7c5535a1f537b46d7d7c8fc962a3e0b WHIRLPOOL 249d0b8d433a40a88a3b70ea75c7e5689e48647bb6ac336bf3bcbe52a117bd85288cfafa0653abf49a03f40faf6705b109b4b140fd714dd95e1903970ddb69cd
-EBUILD xen-tools-4.2.2-r4.ebuild 11990 SHA256 9ac3ddd93bd771a51dd510fc8eb102c4e10054bf7d9956acbb5773f10a23b56d SHA512 7e2110b4d3628de5c4c512a7e6e685a836dad119c20b6b290548490d24ef25570a6554851691060bbe12f7f13ffb610637440f15bf2fb1d5b054d567579c81e9 WHIRLPOOL 69064580e6503af06c85eb2f7de10b94b49aa0f29e5edaafb0ca129d9e6a065d6af2d4dd2b2dc1b542d93486af73355e5c658a98e92d56ff170da4f11b4c0ba1
-EBUILD xen-tools-4.3.0-r2.ebuild 12170 SHA256 28ef65fa0645d2acb54675d1244baa70aaa4c41301f67d4e3c1071ee5fd606d6 SHA512 bc2ed606bf9f31ba1b54bc1b74062c38c3f55aab5badd8a9a248984e3b0fc504256775b3b589dc5f8290ed7d3ac2096f2eca8f06cc613ab5579264e1aa96ea7b WHIRLPOOL e4138a9ef833c950e34df49e7f0d630ac881b22554a79c2cc0ab309b69dd0f3c5a23928a5a476cee3d83d5eeb3a478506b82422f2684b1a4bb460401f621c5d0
-MISC ChangeLog 47396 SHA256 6f363d92ddb71881e099131357aff0d1a61ff1dd82d77789dc6e0fcabb1d9c1c SHA512 b80e08b43ee7106b67bb4fa298c289767c65600f1f7fc7de7b628a58b48f857f355324e282595344fc59b93e12019abcfcda98947a6170b92b3011a5e7b385e4 WHIRLPOOL 0e8d0effbc66fd6eb0bf7a5cf29fa78b374828516685f67380033f357efec0947b276e365dcc9e64e9451a4943c756f1c8b6234adfa1e6a76103ec3f5d3c25ba
+EBUILD xen-tools-4.2.2-r5.ebuild 12230 SHA256 72d27efb1c080fdeb762b4d336298b0bdb2c8cc899b41f4f51dd7bfaf59f921e SHA512 9ddc5960f53ce880bb3b528db5f7091386418840d2d476f5421dff0bb2c8a0a6a06eebeaa537b578999c2229bef4e21a0610546f8061fb1ea10b324a1bdba46e WHIRLPOOL 14563e1511dd4ec8b7fcf1500a658bba872ec26ecee885b13fce1513c3a496b8ac4d147ebc4c091f4130c887642c90042d12a587dc75dcc4f2e94e31f4ccb78e
+EBUILD xen-tools-4.3.0-r3.ebuild 12382 SHA256 4b0549c56dcf40338079d3280d97afa3b3ff06535a8f57baa53e5960e649754e SHA512 713eb07a007ce17c859ad4ac9ba8a9ea5a5fb1cdf2498656b2df208162227140e30a78f46aa82c87d8a1a085962f9df8b9c57da26f4a8f411dd5ae434de0bb7f WHIRLPOOL 74b692a47956045f5ce130ff059a45fa2cea9a77d7ac74b81fdd5c479e6b39c76361e7862cfcb80f11e787139526bc0e643eec8d654ece340596f3bb7ec282cd
+MISC ChangeLog 47892 SHA256 120897175a878621de5899bb64d802e4d6b11ed3417449b9512c4eb9e4ed028b SHA512 4f7233c2bf4053d0da99da48c64623a045a5779e0699a7f5e333c13a030d7cae8b6b8f2f97a6b45f806c57d5c5ece82ab0dbf85315334c3f478d3f69a4033e75 WHIRLPOOL 67078c80fec0656781ea2539c68ae3cbe5b82d4ce30220c8f99ed410d4317da715f4b16bc82a8d7f845970f128021227c3809d621c5ecbd727ea076b3bd532be
 MISC metadata.xml 912 SHA256 c60760f1637a70d67aa32d4f94d31552769a7b12621c80f897c6ea9591d8620e SHA512 c1ed27bb987d0d9ff8e6d934973772489884f4c1ef6916862cfbaebd3030a360d876b6b9d713cff2b47b99f9144699c8cf7ff693abd22b5a76bd02d1de73e9cf WHIRLPOOL 2fad840e70030a454fec22c5cbfa539d8f31ad4f825f833360a169109e8ee6bd98ab446cf7be5f2ec13dd852223b225f81708d673c582233739f223ab6a37053
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iEYEAREIAAYFAlJ3x3wACgkQso7CE7gHKw3t4ACgtcfzrvbU26GP/tGc9p9Qhn+x
-nwsAoMtKyv+06g97xpfnr9nLEJF631r1
-=ngOf
+iEYEAREIAAYFAlJ64vwACgkQso7CE7gHKw1pdQCglQ7kzxuf879lNOoKAhg/My/v
+p/sAoN0gHDpxi7ZHjf4UU0HwwEbQYRRS
+=APDM
 -----END PGP SIGNATURE-----
diff --git a/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4369-XSA-68.patch b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4369-XSA-68.patch
new file mode 100644
index 000000000000..cad655be258e
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4369-XSA-68.patch
@@ -0,0 +1,69 @@
+libxl: fix vif rate parsing
+
+strtok can return NULL here. We don't need to use strtok anyway, so just
+use a simple strchr method.
+
+Coverity-ID: 1055642
+
+This is CVE-2013-4369 / XSA-68
+
+Signed-off-by: Matthew Daley <mattjd@gmail.com>
+
+Fix type. Add test case
+
+Signed-off-by: Ian Campbell <Ian.campbell@citrix.com>
+
+diff --git a/tools/libxl/check-xl-vif-parse b/tools/libxl/check-xl-vif-parse
+index 0473182..02c6dba 100755
+--- a/tools/libxl/check-xl-vif-parse
++++ b/tools/libxl/check-xl-vif-parse
+@@ -206,4 +206,8 @@ expected </dev/null
+ one $e rate=4294967295GB/s@5us
+ one $e rate=4296MB/s@4294s
+ 
++# test include of single '@'
++expected </dev/null
++one $e rate=@
++
+ complete
+diff --git a/tools/libxl/libxlu_vif.c b/tools/libxl/libxlu_vif.c
+index 3b3de0f..0665e62 100644
+--- a/tools/libxl/libxlu_vif.c
++++ b/tools/libxl/libxlu_vif.c
+@@ -95,23 +95,30 @@ int xlu_vif_parse_rate(XLU_Config *cfg, const char *rate, libxl_device_nic *nic)
+     uint64_t bytes_per_sec = 0;
+     uint64_t bytes_per_interval = 0;
+     uint32_t interval_usecs = 50000UL; /* Default to 50ms */
+-    char *ratetok, *tmprate;
++    char *p, *tmprate;
+     int rc = 0;
+ 
+     tmprate = strdup(rate);
++    if (tmprate == NULL) {
++        rc = ENOMEM;
++        goto out;
++    }
++
++    p = strchr(tmprate, '@');
++    if (p != NULL)
++        *p++ = 0;
++
+     if (!strcmp(tmprate,"")) {
+         xlu__vif_err(cfg, "no rate specified", rate);
+         rc = EINVAL;
+         goto out;
+     }
+ 
+-    ratetok = strtok(tmprate, "@");
+-    rc = vif_parse_rate_bytes_per_sec(cfg, ratetok, &bytes_per_sec);
++    rc = vif_parse_rate_bytes_per_sec(cfg, tmprate, &bytes_per_sec);
+     if (rc) goto out;
+ 
+-    ratetok = strtok(NULL, "@");
+-    if (ratetok != NULL) {
+-        rc = vif_parse_rate_interval_usecs(cfg, ratetok, &interval_usecs);
++    if (p != NULL) {
++        rc = vif_parse_rate_interval_usecs(cfg, p, &interval_usecs);
+         if (rc) goto out;
+     }
+ 
diff --git a/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4370-XSA-69.patch b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4370-XSA-69.patch
new file mode 100644
index 000000000000..ede124b2258f
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4370-XSA-69.patch
@@ -0,0 +1,34 @@
+From 067c122873c67bd1d9620f8340f9c9c209135388 Mon Sep 17 00:00:00 2001
+From: Matthew Daley <mattjd@gmail.com>
+Date: Tue, 10 Sep 2013 23:12:45 +1200
+Subject: [PATCH] tools/ocaml: fix erroneous free of cpumap in
+ stub_xc_vcpu_getaffinity
+
+Not sure how it got there...
+
+Coverity-ID: 1056196
+
+This is CVE-2013-4370 / XSA-69
+
+Signed-off-by: Matthew Daley <mattjd@gmail.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+---
+ tools/ocaml/libs/xc/xenctrl_stubs.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c
+index df756ad..f5cf0ed 100644
+--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
++++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
+@@ -461,8 +461,6 @@ CAMLprim value stub_xc_vcpu_getaffinity(value xch, value domid,
+ 
+ 	retval = xc_vcpu_getaffinity(_H(xch), _D(domid),
+ 	                             Int_val(vcpu), c_cpumap);
+-	free(c_cpumap);
+-
+ 	if (retval < 0) {
+ 		free(c_cpumap);
+ 		failwith_xc(_H(xch));
+-- 
+1.7.10.4
+
diff --git a/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4371-XSA-70.patch b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4371-XSA-70.patch
new file mode 100644
index 000000000000..f19dd96ed966
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4371-XSA-70.patch
@@ -0,0 +1,34 @@
+From 94db3e1cb356a0d2de1753888ceb0eb767404ec4 Mon Sep 17 00:00:00 2001
+From: Matthew Daley <mattjd@gmail.com>
+Date: Tue, 10 Sep 2013 22:18:46 +1200
+Subject: [PATCH] libxl: fix out-of-memory error handling in
+ libxl_list_cpupool
+
+...otherwise it will return freed memory. All the current users of this
+function check already for a NULL return, so use that.
+
+Coverity-ID: 1056194
+
+This is CVE-2013-4371 / XSA-70
+
+Signed-off-by: Matthew Daley <mattjd@gmail.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+---
+ tools/libxl/libxl.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
+index 0879f23..17653ef 100644
+--- a/tools/libxl/libxl.c
++++ b/tools/libxl/libxl.c
+@@ -651,6 +651,7 @@ libxl_cpupoolinfo * libxl_list_cpupool(libxl_ctx *ctx, int *nb_pool_out)
+         if (!tmp) {
+             LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "allocating cpupool info");
+             libxl_cpupoolinfo_list_free(ptr, i);
++            ptr = NULL;
+             goto out;
+         }
+         ptr = tmp;
+-- 
+1.7.10.4
+
diff --git a/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4416-XSA-72.patch b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4416-XSA-72.patch
new file mode 100644
index 000000000000..f170b4e505b4
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-tools-4-CVE-2013-4416-XSA-72.patch
@@ -0,0 +1,74 @@
+tools: xenstored: if the reply is too big then send E2BIG error
+
+This fixes the issue for both C and ocaml xenstored, however only the ocaml
+xenstored is vulnerable in its default configuration.
+
+Adding a new error appears to be safe, since bit libxenstore and the Linux
+driver at least treat an unknown error code as EINVAL.
+
+This is XSA-72
+
+Original ocaml patch by Jerome Maloberti <jerome.maloberti@citrix.com>
+Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
+Signed-off-by: Thomas Sanders <thomas.sanders@citrix.com>
+
+diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml
+index 273fe4d..47695f8 100644
+--- a/tools/ocaml/xenstored/connection.ml
++++ b/tools/ocaml/xenstored/connection.ml
+@@ -18,6 +18,8 @@ exception End_of_file
+ 
+ open Stdext
+ 
++let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
++
+ type watch = {
+ 	con: t;
+ 	token: string;
+@@ -112,8 +114,15 @@ let restrict con domid =
+ let set_target con target_domid =
+ 	con.perm <- Perms.Connection.set_target (get_perm con) ~perms:[Perms.READ; Perms.WRITE] target_domid
+ 
++let is_backend_mmap con = match con.xb.Xenbus.Xb.backend with
++	| Xenbus.Xb.Xenmmap _ -> true
++	| _ -> false
++
+ let send_reply con tid rid ty data =
+-	Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid ty data)
++	if (String.length data) > xenstore_payload_max && (is_backend_mmap con) then
++		Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid Xenbus.Xb.Op.Error "E2BIG\000")
++	else
++		Xenbus.Xb.queue con.xb (Xenbus.Xb.Packet.create tid rid ty data)
+ 
+ let send_error con tid rid err = send_reply con tid rid Xenbus.Xb.Op.Error (err ^ "\000")
+ let send_ack con tid rid ty = send_reply con tid rid ty "OK\000"
+diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
+index 0f8ba64..ccfdaa3 100644
+--- a/tools/xenstore/xenstored_core.c
++++ b/tools/xenstore/xenstored_core.c
+@@ -629,6 +629,11 @@ void send_reply(struct connection *conn, enum xsd_sockmsg_type type,
+ {
+ 	struct buffered_data *bdata;
+ 
++	if ( len > XENSTORE_PAYLOAD_MAX ) {
++		send_error(conn, E2BIG);
++		return;
++	}
++
+ 	/* Message is a child of the connection context for auto-cleanup. */
+ 	bdata = new_buffer(conn);
+ 	bdata->buffer = talloc_array(bdata, char, len);
+diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h
+index 99d24e3..585f0c8 100644
+--- a/xen/include/public/io/xs_wire.h
++++ b/xen/include/public/io/xs_wire.h
+@@ -83,7 +83,8 @@ __attribute__((unused))
+     XSD_ERROR(EROFS),
+     XSD_ERROR(EBUSY),
+     XSD_ERROR(EAGAIN),
+-    XSD_ERROR(EISCONN)
++    XSD_ERROR(EISCONN),
++    XSD_ERROR(E2BIG)
+ };
+ #endif
+ 
diff --git a/app-emulation/xen-tools/xen-tools-4.2.2-r4.ebuild b/app-emulation/xen-tools/xen-tools-4.2.2-r5.ebuild
index 3824166adf3c..9fb25769b771 100644
--- a/app-emulation/xen-tools/xen-tools-4.2.2-r4.ebuild
+++ b/app-emulation/xen-tools/xen-tools-4.2.2-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r4.ebuild,v 1.8 2013/11/04 12:58:47 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r5.ebuild,v 1.1 2013/11/07 00:46:42 idella4 Exp $
 
 EAPI=5
 
@@ -224,7 +224,11 @@ src_prepare() {
 		"${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \
 		"${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch \
 		"${FILESDIR}"/xen-4-CVE-2013-2072-XSA-56.patch \
-		"${FILESDIR}"/xen-4.2-CVE-XSA-57.patch
+		"${FILESDIR}"/xen-4.2-CVE-XSA-57.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4369-XSA-68.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4370-XSA-69.patch \
+                "${FILESDIR}"/${PN}-4-CVE-2013-4371-XSA-70.patch \
+                "${FILESDIR}"/${PN}-4-CVE-2013-4416-XSA-72.patch
 
 	# Bug 472438
 	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \
diff --git a/app-emulation/xen-tools/xen-tools-4.3.0-r2.ebuild b/app-emulation/xen-tools/xen-tools-4.3.0-r3.ebuild
index b6984bed7560..777ffe32dd0d 100644
--- a/app-emulation/xen-tools/xen-tools-4.3.0-r2.ebuild
+++ b/app-emulation/xen-tools/xen-tools-4.3.0-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.0-r2.ebuild,v 1.1 2013/11/04 16:12:31 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.0-r3.ebuild,v 1.1 2013/11/07 00:46:42 idella4 Exp $
 
 EAPI=5
 
@@ -205,7 +205,11 @@ src_prepare() {
 
 	#Security patches, currently valid
 	epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
-		"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch
+		"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4369-XSA-68.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4370-XSA-69.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4371-XSA-70.patch \
+		"${FILESDIR}"/${PN}-4-CVE-2013-4416-XSA-72.patch
 
 	# Bug 472438
 	sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \