diff --git a/common/shlibs b/common/shlibs
index d09c51e60f..cab384f7a4 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -445,10 +445,10 @@ libparted.so.2 libparted-3.1_1
libparted-fs-resize.so.0 libparted-3.1_1
libntfs-3g.so.85 ntfs-3g-2014.2.15_1
libruby.so.2.2 ruby-2.2.0_1
-libxenctrl.so.4.4 xen-libs-4.4_1<4.5
-libxenguest.so.4.4 xen-libs-4.4_1<4.5
+libxenctrl.so.4.5 xen-libs-4.5<4.6_1
+libxenguest.so.4.5 xen-libs-4.5<4.6_1
libxlutil.so.4.3 xen-libs-4.3_1
-libxenlight.so.4.4 xen-libs-4.4_1<4.5
+libxenlight.so.4.5 xen-libs-4.5<4.6_1
libxenstore.so.3.0 xen-libs-4.2.2_2
libvhd.so.1.0 xen-libs-4.2.2_2
libxenstat.so.0 xen-libs-4.2.2_2
diff --git a/srcpkgs/xen/patches/xsa105.patch b/srcpkgs/xen/patches/xsa105.patch
deleted file mode 100644
index 978ca9920f..0000000000
--- a/srcpkgs/xen/patches/xsa105.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-x86/emulate: check cpl for all privileged instructions
-
-Without this, it is possible for userspace to load its own IDT or GDT.
-
-This is XSA-105.
-
-Reported-by: Andrei LUTAS <vlutas@bitdefender.com>
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Tested-by: Andrei LUTAS <vlutas@bitdefender.com>
-
---- xen/arch/x86/x86_emulate/x86_emulate.c
-+++ xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -3314,6 +3314,7 @@ x86_emulate(
- goto swint;
-
- case 0xf4: /* hlt */
-+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
- ctxt->retire.flags.hlt = 1;
- break;
-
-@@ -3710,6 +3711,7 @@ x86_emulate(
- break;
- case 2: /* lgdt */
- case 3: /* lidt */
-+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
- generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
- fail_if(ops->write_segment == NULL);
- memset(®, 0, sizeof(reg));
-@@ -3738,6 +3740,7 @@ x86_emulate(
- case 6: /* lmsw */
- fail_if(ops->read_cr == NULL);
- fail_if(ops->write_cr == NULL);
-+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
- if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
- goto done;
- if ( ea.type == OP_REG )
diff --git a/srcpkgs/xen/patches/xsa108.patch b/srcpkgs/xen/patches/xsa108.patch
deleted file mode 100644
index 85cf443793..0000000000
--- a/srcpkgs/xen/patches/xsa108.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-x86/HVM: properly bound x2APIC MSR range
-
-While the write path change appears to be purely cosmetic (but still
-gets done here for consistency), the read side mistake permitted
-accesses beyond the virtual APIC page.
-
-Note that while this isn't fully in line with the specification
-(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
-possible fix addressing the security issue and getting x2APIC related
-code into a consistent shape (elsewhere a 256 rather than 1024 wide
-window is being used too). This will be dealt with subsequently.
-
-This is XSA-108.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- xen/arch/x86/hvm/hvm.c
-+++ xen/arch/x86/hvm/hvm.c
-@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int
- *msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
- break;
-
-- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
-+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
- if ( hvm_x2apic_msr_read(v, msr, msr_content) )
- goto gp_fault;
- break;
-@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int
- vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
- break;
-
-- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
-+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
- if ( hvm_x2apic_msr_write(v, msr, msr_content) )
- goto gp_fault;
- break;
diff --git a/srcpkgs/xen/patches/xsa110.patch b/srcpkgs/xen/patches/xsa110.patch
deleted file mode 100644
index 7342832df1..0000000000
--- a/srcpkgs/xen/patches/xsa110.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-x86emul: enforce privilege level restrictions when loading CS
-
-Privilege level checks were basically missing for the CS case, the
-only check that was done (RPL == DPL for nonconforming segments)
-was solely covering a single special case (return to non-conforming
-segment).
-
-Additionally in long mode the L bit set requires the D bit to be clear,
-as was recently pointed out for KVM by Nadav Amit
-<namit@cs.technion.ac.il>.
-
-Finally we also need to force the loaded selector's RPL to CPL (at
-least as long as lret/retf emulation doesn't support privilege level
-changes).
-
-This is XSA-110.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- xen/arch/x86/x86_emulate/x86_emulate.c
-+++ xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -1119,7 +1119,7 @@ realmode_load_seg(
- static int
- protmode_load_seg(
- enum x86_segment seg,
-- uint16_t sel,
-+ uint16_t sel, bool_t is_ret,
- struct x86_emulate_ctxt *ctxt,
- const struct x86_emulate_ops *ops)
- {
-@@ -1185,9 +1185,23 @@ protmode_load_seg(
- /* Code segment? */
- if ( !(desc.b & (1u<<11)) )
- goto raise_exn;
-- /* Non-conforming segment: check DPL against RPL. */
-- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) )
-+ if ( is_ret
-+ ? /*
-+ * Really rpl < cpl, but our sole caller doesn't handle
-+ * privilege level changes.
-+ */
-+ rpl != cpl || (desc.b & (1 << 10) ? dpl > rpl : dpl != rpl)
-+ : desc.b & (1 << 10)
-+ /* Conforming segment: check DPL against CPL. */
-+ ? dpl > cpl
-+ /* Non-conforming segment: check RPL and DPL against CPL. */
-+ : rpl > cpl || dpl != cpl )
- goto raise_exn;
-+ /* 64-bit code segments (L bit set) must have D bit clear. */
-+ if ( in_longmode(ctxt, ops) &&
-+ (desc.b & (1 << 21)) && (desc.b & (1 << 22)) )
-+ goto raise_exn;
-+ sel = (sel ^ rpl) | cpl;
- break;
- case x86_seg_ss:
- /* Writable data segment? */
-@@ -1252,7 +1266,7 @@ protmode_load_seg(
- static int
- load_seg(
- enum x86_segment seg,
-- uint16_t sel,
-+ uint16_t sel, bool_t is_ret,
- struct x86_emulate_ctxt *ctxt,
- const struct x86_emulate_ops *ops)
- {
-@@ -1261,7 +1275,7 @@ load_seg(
- return X86EMUL_UNHANDLEABLE;
-
- if ( in_protmode(ctxt, ops) )
-- return protmode_load_seg(seg, sel, ctxt, ops);
-+ return protmode_load_seg(seg, sel, is_ret, ctxt, ops);
-
- return realmode_load_seg(seg, sel, ctxt, ops);
- }
-@@ -2003,7 +2017,7 @@ x86_emulate(
- if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes),
- &dst.val, op_bytes, ctxt, ops)) != 0 )
- goto done;
-- if ( (rc = load_seg(src.val, (uint16_t)dst.val, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(src.val, dst.val, 0, ctxt, ops)) != 0 )
- return rc;
- break;
-
-@@ -2357,7 +2371,7 @@ x86_emulate(
- enum x86_segment seg = decode_segment(modrm_reg);
- generate_exception_if(seg == decode_segment_failed, EXC_UD, -1);
- generate_exception_if(seg == x86_seg_cs, EXC_UD, -1);
-- if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(seg, src.val, 0, ctxt, ops)) != 0 )
- goto done;
- if ( seg == x86_seg_ss )
- ctxt->retire.flags.mov_ss = 1;
-@@ -2438,7 +2452,7 @@ x86_emulate(
- &_regs.eip, op_bytes, ctxt)) )
- goto done;
-
-- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
- goto done;
- _regs.eip = eip;
- break;
-@@ -2662,7 +2676,7 @@ x86_emulate(
- if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes,
- &sel, 2, ctxt, ops)) != 0 )
- goto done;
-- if ( (rc = load_seg(dst.val, (uint16_t)sel, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(dst.val, sel, 0, ctxt, ops)) != 0 )
- goto done;
- dst.val = src.val;
- break;
-@@ -2736,7 +2750,7 @@ x86_emulate(
- &dst.val, op_bytes, ctxt, ops)) ||
- (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset),
- &src.val, op_bytes, ctxt, ops)) ||
-- (rc = load_seg(x86_seg_cs, (uint16_t)src.val, ctxt, ops)) )
-+ (rc = load_seg(x86_seg_cs, src.val, 1, ctxt, ops)) )
- goto done;
- _regs.eip = dst.val;
- break;
-@@ -2785,7 +2799,7 @@ x86_emulate(
- _regs.eflags &= mask;
- _regs.eflags |= (uint32_t)(eflags & ~mask) | 0x02;
- _regs.eip = eip;
-- if ( (rc = load_seg(x86_seg_cs, (uint16_t)cs, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(x86_seg_cs, cs, 1, ctxt, ops)) != 0 )
- goto done;
- break;
- }
-@@ -3415,7 +3429,7 @@ x86_emulate(
- generate_exception_if(mode_64bit(), EXC_UD, -1);
- eip = insn_fetch_bytes(op_bytes);
- sel = insn_fetch_type(uint16_t);
-- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
- goto done;
- _regs.eip = eip;
- break;
-@@ -3714,7 +3728,7 @@ x86_emulate(
- goto done;
- }
-
-- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 )
-+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 )
- goto done;
- _regs.eip = src.val;
-
-@@ -3781,7 +3795,7 @@ x86_emulate(
- generate_exception_if(!in_protmode(ctxt, ops), EXC_UD, -1);
- generate_exception_if(!mode_ring0(), EXC_GP, 0);
- if ( (rc = load_seg((modrm_reg & 1) ? x86_seg_tr : x86_seg_ldtr,
-- src.val, ctxt, ops)) != 0 )
-+ src.val, 0, ctxt, ops)) != 0 )
- goto done;
- break;
-
diff --git a/srcpkgs/xen/template b/srcpkgs/xen/template
index 5ca3d91de6..3af0b247d1 100644
--- a/srcpkgs/xen/template
+++ b/srcpkgs/xen/template
@@ -1,14 +1,14 @@
# Template file for 'xen'
pkgname=xen
-version=4.4.1
-wrksrc=xen-${version}
-revision=6
+version=4.5.0
+wrksrc="xen-${version}"
+revision=1
short_desc="The Xen hypervisor utilities"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://xen.org"
license="GPL-2"
distfiles="http://bits.xensource.com/oss-xen/release/$version/xen-$version.tar.gz"
-checksum=55b49d3c4575d7791275125ff87c0f86f1d1e0f7f2718b6fd1c4f88a9bc7ea25
+checksum=5bdb40e2b28d2eeb541bd71a9777f40cbe2ae444b987521d33f099541a006f3b
only_for_archs="x86_64"
@@ -19,7 +19,6 @@ makedepends="
ncurses-devel liblzma-devel python-devel yajl-devel libuuid-devel libglib-devel
dev86 acpica-utils pixman-devel gcc-multilib"
depends="xen-hypervisor"
-replaces="runit-void<20141013_2"
build_options="systemd"
make_dirs="