From xen-announce-bounces@lists.xen.org Wed Mar 16 19:06:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2016 19:06:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGkL-0003Bo-JA; Wed, 16 Mar 2016 19:04:41 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGkJ-0003BW-VR; Wed, 16 Mar 2016 19:04:40 +0000 Received: from [193.109.254.147] by server-1.bemta-14.messagelabs.com id 75/40-02901-74EA9E65; Wed, 16 Mar 2016 19:04:39 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-27.messagelabs.com!1458155077!31674759!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 9512 invoked from network); 16 Mar 2016 19:04:38 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-12.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 16 Mar 2016 19:04:38 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGk9-0000By-27; Wed, 16 Mar 2016 19:04:29 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1agGk8-0004TL-Uh; Wed, 16 Mar 2016 19:04:28 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 16 Mar 2016 19:04:28 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 171 (CVE-2016-3157) - I/O port access privilege escalation in x86-64 Linux X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-3157 / XSA-171 version 4 I/O port access privilege escalation in x86-64 Linux UPDATES IN VERSION 4 ==================== Clarify Vulnerable Systems section. Public release. ISSUE DESCRIPTION ================= IRET and POPF do not modify EFLAGS.IOPL when executed by code at a privilege level other than zero. Since PV Xen guests run at privilege level 3 (for 64-bit ones; 32-bit ones run at privilege level 1), to compensate for this the context switching of EFLAGS.IOPL requires the guest to make use of a dedicated hypercall (PHYSDEVOP_set_iopl). The invocation of this hypercall, while present in the 32-bit context switch path, is missing from its 64-bit counterpart. IMPACT ====== User mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. VULNERABLE SYSTEMS ================== All upstream x86-64 Linux versions operating as PV Xen guests are vulnerable. ARM systems are not vulnerable. x86 HVM guests are not vulnerable. 32-bit Linux guests are not vulnerable. x86-64 Linux versions derived from linux-2.6.18-xen.hg (XenoLinux) are not vulnerable. We believe that non-Linux guests are not vulnerable, as we are not aware of any with an analogous bug. MITIGATION ========== Running only HVM or 32-bit PV guests will avoid this issue. CREDITS ======= This issue was discovered by Andy Lutomirski. RESOLUTION ========== Applying the attached patch resolves this issue for the indicated Linux versions. xsa171.patch Linux 4.5-rc7, Linux 4.4.x $ sha256sum xsa171* 5d47ead1212c735b444ac8f82e7f311cda3473fe3847e576c3772ce020265dfd xsa171.patch $ DEPLOYMENT DURING EMBARGO ========================= The patch is a change to the domU, ie, to the guest, not to hosts. Where the guest kernel is provided by the host administrator - ------------------------------------------------------------ Deployment of the patch by the host administrator is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because a the cloud guest administrator is almost certainly in a position to see the changes that are made by to the kernel even if the kernel is provided by the host administrator. Deployment is permitted only AFTER the embargo ends. Where the guest kernel is provided by the guest administrator - ------------------------------------------------------------- Deployment of the patch (or another which is substantially similar) by the guest administrator is permitted during the embargo ONLY if (i) the host administrator organisation is also a member of the Xen Project Security Issues Predisclosure List. (ii) all the guest's users are also members of predisclosure list. (guest users includes administrators of Linux containers running within the guest). Restriction (i) is because the host administrator can see changes that made to the kernel by a guest administrator. Restriction (ii) is because it is difficult to fully conceal the Linux kernel from unprivileged guest user processes. If the host is not operated by a member of the predisclosure list, or the guest has users outside the predisclousre list, deployment is permitted only AFTER the embargo ends. In any case - ----------- Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, or whose situation is not clearly covered above, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJW6a4ZAAoJEIP+FMlX6CvZEs4H/12hKU3NzqfHZb/wOW9PeT4Z yhGQ2mkVE6FATW15b+/+Lr4N2nIUHa40BtWjPyEOQR4UXJrZr3R5HL/wINRO7c6M 5XNjDyHqmfhOAsHWsrTB0a3CP2wWNNQ6LiBN5AuiUwoqiJiZPLhKCeEi99F+rFFK IINyOgd4XSeGRkb96GfZcPbizbO3wqiREfBIAjECYchBARv7JVGr3my6R3YBYdTn VtBratEPdkEmAEn0LtdiQlnjPib5O3paiaIDk41IPbPu1WPiozt3RJSqJUSwu+al A3qe9cBGz0NyghdYkXQjvaPP+1Q3BjyJC4hgGLo+yqyODPdaFAJZ0mjR/e0uajs= =F9Nz -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa171.patch" Content-Disposition: attachment; filename="xsa171.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5keSBMdXRvbWlyc2tpIDxsdXRvQGtlcm5lbC5vcmc+Cgp4ODYv aW9wbC82NDogcHJvcGVybHkgY29udGV4dC1zd2l0Y2ggSU9QTCBvbiBYZW4g UFYKCk9uIFhlbiBQViwgcmVncy0+ZmxhZ3MgZG9lc24ndCByZWxpYWJseSBy ZWZsZWN0IElPUEwgYW5kIHRoZQpleGl0LXRvLXVzZXJzcGFjZSBjb2RlIGRv ZXNuJ3QgY2hhbmdlIElPUEwuICBXZSBuZWVkIHRvIGNvbnRleHQKc3dpdGNo IGl0IG1hbnVhbGx5LgoKSSdtIGRvaW5nIHRoaXMgd2l0aG91dCBnb2luZyB0 aHJvdWdoIHBhcmF2aXJ0IGJlY2F1c2UgdGhpcyBpcwpzcGVjaWZpYyB0byBY ZW4gUFYuICBBZnRlciB0aGUgZHVzdCBzZXR0bGVzLCB3ZSBjYW4gbWVyZ2Ug dGhpcyB3aXRoCnRoZSAzMi1iaXQgY29kZSwgdGlkeSB1cCB0aGUgaW9wbCBz eXNjYWxsIGltcGxlbWVudGF0aW9uLCBhbmQgcmVtb3ZlCnRoZSBzZXRfaW9w bCBwdm9wIGVudGlyZWx5LgoKVGhpcyBpcyBYU0EtMTcxLgoKU2lnbmVkLW9m Zi1ieTogQW5keSBMdXRvbWlyc2tpIDxsdXRvQGtlcm5lbC5vcmc+CkNjOiBz dGFibGVAdmdlci5rZXJuZWwub3JnIApSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEvYXJjaC94ODYvaW5jbHVk ZS9hc20veGVuL2h5cGVydmlzb3IuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRl L2FzbS94ZW4vaHlwZXJ2aXNvci5oCkBAIC02Miw0ICs2Miw2IEBAIHZvaWQg eGVuX2FyY2hfcmVnaXN0ZXJfY3B1KGludCBudW0pOwogdm9pZCB4ZW5fYXJj aF91bnJlZ2lzdGVyX2NwdShpbnQgbnVtKTsKICNlbmRpZgogCit2b2lkIHhl bl9zZXRfaW9wbF9tYXNrKHVuc2lnbmVkIG1hc2spOworCiAjZW5kaWYgLyog X0FTTV9YODZfWEVOX0hZUEVSVklTT1JfSCAqLwotLS0gYS9hcmNoL3g4Ni9r ZXJuZWwvcHJvY2Vzc182NC5jCisrKyBiL2FyY2gveDg2L2tlcm5lbC9wcm9j ZXNzXzY0LmMKQEAgLTQ4LDYgKzQ4LDcgQEAKICNpbmNsdWRlIDxhc20vc3lz Y2FsbHMuaD4KICNpbmNsdWRlIDxhc20vZGVidWdyZWcuaD4KICNpbmNsdWRl IDxhc20vc3dpdGNoX3RvLmg+CisjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZp c29yLmg+CiAKIGFzbWxpbmthZ2UgZXh0ZXJuIHZvaWQgcmV0X2Zyb21fZm9y ayh2b2lkKTsKIApAQCAtNDExLDYgKzQxMiwxNyBAQCBfX3N3aXRjaF90byhz dHJ1Y3QgdGFza19zdHJ1Y3QgKnByZXZfcCwgc3RydWN0IHRhc2tfc3RydWN0 ICpuZXh0X3ApCiAJCSAgICAgdGFza190aHJlYWRfaW5mbyhwcmV2X3ApLT5m bGFncyAmIF9USUZfV09SS19DVFhTV19QUkVWKSkKIAkJX19zd2l0Y2hfdG9f eHRyYShwcmV2X3AsIG5leHRfcCwgdHNzKTsKIAorI2lmZGVmIENPTkZJR19Y RU4KKwkvKgorCSAqIE9uIFhlbiBQViwgSU9QTCBiaXRzIGluIHB0X3JlZ3Mt PmZsYWdzIGhhdmUgbm8gZWZmZWN0LCBhbmQKKwkgKiBjdXJyZW50X3B0X3Jl Z3MoKS0+ZmxhZ3MgbWF5IG5vdCBtYXRjaCB0aGUgY3VycmVudCB0YXNrJ3MK KwkgKiBpbnRlbmRlZCBJT1BMLiAgV2UgbmVlZCB0byBzd2l0Y2ggaXQgbWFu dWFsbHkuCisJICovCisJaWYgKHVubGlrZWx5KHN0YXRpY19jcHVfaGFzKFg4 Nl9GRUFUVVJFX1hFTlBWKSAmJgorCQkgICAgIHByZXYtPmlvcGwgIT0gbmV4 dC0+aW9wbCkpCisJCXhlbl9zZXRfaW9wbF9tYXNrKG5leHQtPmlvcGwpOwor I2VuZGlmCisKIAlpZiAoc3RhdGljX2NwdV9oYXNfYnVnKFg4Nl9CVUdfU1lT UkVUX1NTX0FUVFJTKSkgewogCQkvKgogCQkgKiBBTUQgQ1BVcyBoYXZlIGEg bWlzZmVhdHVyZTogU1lTUkVUIHNldHMgdGhlIFNTIHNlbGVjdG9yIGJ1dAot LS0gYS9hcmNoL3g4Ni94ZW4vZW5saWdodGVuLmMKKysrIGIvYXJjaC94ODYv eGVuL2VubGlnaHRlbi5jCkBAIC05NjEsNyArOTYxLDcgQEAgc3RhdGljIHZv aWQgeGVuX2xvYWRfc3AwKHN0cnVjdCB0c3Nfc3RydWN0ICp0c3MsCiAJdHNz LT54ODZfdHNzLnNwMCA9IHRocmVhZC0+c3AwOwogfQogCi1zdGF0aWMgdm9p ZCB4ZW5fc2V0X2lvcGxfbWFzayh1bnNpZ25lZCBtYXNrKQordm9pZCB4ZW5f c2V0X2lvcGxfbWFzayh1bnNpZ25lZCBtYXNrKQogewogCXN0cnVjdCBwaHlz ZGV2X3NldF9pb3BsIHNldF9pb3BsOwogCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMu eGVuLm9yZy94ZW4tYW5ub3VuY2U= --=separator-- From xen-announce-bounces@lists.xen.org Wed Mar 16 19:06:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2016 19:06:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGkL-0003Bo-JA; Wed, 16 Mar 2016 19:04:41 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGkJ-0003BW-VR; Wed, 16 Mar 2016 19:04:40 +0000 Received: from [193.109.254.147] by server-1.bemta-14.messagelabs.com id 75/40-02901-74EA9E65; Wed, 16 Mar 2016 19:04:39 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-27.messagelabs.com!1458155077!31674759!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 9512 invoked from network); 16 Mar 2016 19:04:38 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-12.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 16 Mar 2016 19:04:38 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1agGk9-0000By-27; Wed, 16 Mar 2016 19:04:29 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1agGk8-0004TL-Uh; Wed, 16 Mar 2016 19:04:28 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 16 Mar 2016 19:04:28 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 171 (CVE-2016-3157) - I/O port access privilege escalation in x86-64 Linux X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-3157 / XSA-171 version 4 I/O port access privilege escalation in x86-64 Linux UPDATES IN VERSION 4 ==================== Clarify Vulnerable Systems section. Public release. ISSUE DESCRIPTION ================= IRET and POPF do not modify EFLAGS.IOPL when executed by code at a privilege level other than zero. Since PV Xen guests run at privilege level 3 (for 64-bit ones; 32-bit ones run at privilege level 1), to compensate for this the context switching of EFLAGS.IOPL requires the guest to make use of a dedicated hypercall (PHYSDEVOP_set_iopl). The invocation of this hypercall, while present in the 32-bit context switch path, is missing from its 64-bit counterpart. IMPACT ====== User mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. VULNERABLE SYSTEMS ================== All upstream x86-64 Linux versions operating as PV Xen guests are vulnerable. ARM systems are not vulnerable. x86 HVM guests are not vulnerable. 32-bit Linux guests are not vulnerable. x86-64 Linux versions derived from linux-2.6.18-xen.hg (XenoLinux) are not vulnerable. We believe that non-Linux guests are not vulnerable, as we are not aware of any with an analogous bug. MITIGATION ========== Running only HVM or 32-bit PV guests will avoid this issue. CREDITS ======= This issue was discovered by Andy Lutomirski. RESOLUTION ========== Applying the attached patch resolves this issue for the indicated Linux versions. xsa171.patch Linux 4.5-rc7, Linux 4.4.x $ sha256sum xsa171* 5d47ead1212c735b444ac8f82e7f311cda3473fe3847e576c3772ce020265dfd xsa171.patch $ DEPLOYMENT DURING EMBARGO ========================= The patch is a change to the domU, ie, to the guest, not to hosts. Where the guest kernel is provided by the host administrator - ------------------------------------------------------------ Deployment of the patch by the host administrator is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because a the cloud guest administrator is almost certainly in a position to see the changes that are made by to the kernel even if the kernel is provided by the host administrator. Deployment is permitted only AFTER the embargo ends. Where the guest kernel is provided by the guest administrator - ------------------------------------------------------------- Deployment of the patch (or another which is substantially similar) by the guest administrator is permitted during the embargo ONLY if (i) the host administrator organisation is also a member of the Xen Project Security Issues Predisclosure List. (ii) all the guest's users are also members of predisclosure list. (guest users includes administrators of Linux containers running within the guest). Restriction (i) is because the host administrator can see changes that made to the kernel by a guest administrator. Restriction (ii) is because it is difficult to fully conceal the Linux kernel from unprivileged guest user processes. If the host is not operated by a member of the predisclosure list, or the guest has users outside the predisclousre list, deployment is permitted only AFTER the embargo ends. In any case - ----------- Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, or whose situation is not clearly covered above, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJW6a4ZAAoJEIP+FMlX6CvZEs4H/12hKU3NzqfHZb/wOW9PeT4Z yhGQ2mkVE6FATW15b+/+Lr4N2nIUHa40BtWjPyEOQR4UXJrZr3R5HL/wINRO7c6M 5XNjDyHqmfhOAsHWsrTB0a3CP2wWNNQ6LiBN5AuiUwoqiJiZPLhKCeEi99F+rFFK IINyOgd4XSeGRkb96GfZcPbizbO3wqiREfBIAjECYchBARv7JVGr3my6R3YBYdTn VtBratEPdkEmAEn0LtdiQlnjPib5O3paiaIDk41IPbPu1WPiozt3RJSqJUSwu+al A3qe9cBGz0NyghdYkXQjvaPP+1Q3BjyJC4hgGLo+yqyODPdaFAJZ0mjR/e0uajs= =F9Nz -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa171.patch" Content-Disposition: attachment; filename="xsa171.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5keSBMdXRvbWlyc2tpIDxsdXRvQGtlcm5lbC5vcmc+Cgp4ODYv aW9wbC82NDogcHJvcGVybHkgY29udGV4dC1zd2l0Y2ggSU9QTCBvbiBYZW4g UFYKCk9uIFhlbiBQViwgcmVncy0+ZmxhZ3MgZG9lc24ndCByZWxpYWJseSBy ZWZsZWN0IElPUEwgYW5kIHRoZQpleGl0LXRvLXVzZXJzcGFjZSBjb2RlIGRv ZXNuJ3QgY2hhbmdlIElPUEwuICBXZSBuZWVkIHRvIGNvbnRleHQKc3dpdGNo IGl0IG1hbnVhbGx5LgoKSSdtIGRvaW5nIHRoaXMgd2l0aG91dCBnb2luZyB0 aHJvdWdoIHBhcmF2aXJ0IGJlY2F1c2UgdGhpcyBpcwpzcGVjaWZpYyB0byBY ZW4gUFYuICBBZnRlciB0aGUgZHVzdCBzZXR0bGVzLCB3ZSBjYW4gbWVyZ2Ug dGhpcyB3aXRoCnRoZSAzMi1iaXQgY29kZSwgdGlkeSB1cCB0aGUgaW9wbCBz eXNjYWxsIGltcGxlbWVudGF0aW9uLCBhbmQgcmVtb3ZlCnRoZSBzZXRfaW9w bCBwdm9wIGVudGlyZWx5LgoKVGhpcyBpcyBYU0EtMTcxLgoKU2lnbmVkLW9m Zi1ieTogQW5keSBMdXRvbWlyc2tpIDxsdXRvQGtlcm5lbC5vcmc+CkNjOiBz dGFibGVAdmdlci5rZXJuZWwub3JnIApSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEvYXJjaC94ODYvaW5jbHVk ZS9hc20veGVuL2h5cGVydmlzb3IuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRl L2FzbS94ZW4vaHlwZXJ2aXNvci5oCkBAIC02Miw0ICs2Miw2IEBAIHZvaWQg eGVuX2FyY2hfcmVnaXN0ZXJfY3B1KGludCBudW0pOwogdm9pZCB4ZW5fYXJj aF91bnJlZ2lzdGVyX2NwdShpbnQgbnVtKTsKICNlbmRpZgogCit2b2lkIHhl bl9zZXRfaW9wbF9tYXNrKHVuc2lnbmVkIG1hc2spOworCiAjZW5kaWYgLyog X0FTTV9YODZfWEVOX0hZUEVSVklTT1JfSCAqLwotLS0gYS9hcmNoL3g4Ni9r ZXJuZWwvcHJvY2Vzc182NC5jCisrKyBiL2FyY2gveDg2L2tlcm5lbC9wcm9j ZXNzXzY0LmMKQEAgLTQ4LDYgKzQ4LDcgQEAKICNpbmNsdWRlIDxhc20vc3lz Y2FsbHMuaD4KICNpbmNsdWRlIDxhc20vZGVidWdyZWcuaD4KICNpbmNsdWRl IDxhc20vc3dpdGNoX3RvLmg+CisjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZp c29yLmg+CiAKIGFzbWxpbmthZ2UgZXh0ZXJuIHZvaWQgcmV0X2Zyb21fZm9y ayh2b2lkKTsKIApAQCAtNDExLDYgKzQxMiwxNyBAQCBfX3N3aXRjaF90byhz dHJ1Y3QgdGFza19zdHJ1Y3QgKnByZXZfcCwgc3RydWN0IHRhc2tfc3RydWN0 ICpuZXh0X3ApCiAJCSAgICAgdGFza190aHJlYWRfaW5mbyhwcmV2X3ApLT5m bGFncyAmIF9USUZfV09SS19DVFhTV19QUkVWKSkKIAkJX19zd2l0Y2hfdG9f eHRyYShwcmV2X3AsIG5leHRfcCwgdHNzKTsKIAorI2lmZGVmIENPTkZJR19Y RU4KKwkvKgorCSAqIE9uIFhlbiBQViwgSU9QTCBiaXRzIGluIHB0X3JlZ3Mt PmZsYWdzIGhhdmUgbm8gZWZmZWN0LCBhbmQKKwkgKiBjdXJyZW50X3B0X3Jl Z3MoKS0+ZmxhZ3MgbWF5IG5vdCBtYXRjaCB0aGUgY3VycmVudCB0YXNrJ3MK KwkgKiBpbnRlbmRlZCBJT1BMLiAgV2UgbmVlZCB0byBzd2l0Y2ggaXQgbWFu dWFsbHkuCisJICovCisJaWYgKHVubGlrZWx5KHN0YXRpY19jcHVfaGFzKFg4 Nl9GRUFUVVJFX1hFTlBWKSAmJgorCQkgICAgIHByZXYtPmlvcGwgIT0gbmV4 dC0+aW9wbCkpCisJCXhlbl9zZXRfaW9wbF9tYXNrKG5leHQtPmlvcGwpOwor I2VuZGlmCisKIAlpZiAoc3RhdGljX2NwdV9oYXNfYnVnKFg4Nl9CVUdfU1lT UkVUX1NTX0FUVFJTKSkgewogCQkvKgogCQkgKiBBTUQgQ1BVcyBoYXZlIGEg bWlzZmVhdHVyZTogU1lTUkVUIHNldHMgdGhlIFNTIHNlbGVjdG9yIGJ1dAot LS0gYS9hcmNoL3g4Ni94ZW4vZW5saWdodGVuLmMKKysrIGIvYXJjaC94ODYv eGVuL2VubGlnaHRlbi5jCkBAIC05NjEsNyArOTYxLDcgQEAgc3RhdGljIHZv aWQgeGVuX2xvYWRfc3AwKHN0cnVjdCB0c3Nfc3RydWN0ICp0c3MsCiAJdHNz LT54ODZfdHNzLnNwMCA9IHRocmVhZC0+c3AwOwogfQogCi1zdGF0aWMgdm9p ZCB4ZW5fc2V0X2lvcGxfbWFzayh1bnNpZ25lZCBtYXNrKQordm9pZCB4ZW5f c2V0X2lvcGxfbWFzayh1bnNpZ25lZCBtYXNrKQogewogCXN0cnVjdCBwaHlz ZGV2X3NldF9pb3BsIHNldF9pb3BsOwogCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMu eGVuLm9yZy94ZW4tYW5ub3VuY2U= --=separator-- From xen-announce-bounces@lists.xen.org Tue Mar 29 12:01:47 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 29 Mar 2016 12:01:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksK5-0000H5-1f; Tue, 29 Mar 2016 12:00:37 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksK3-0000Gg-VG; Tue, 29 Mar 2016 12:00:36 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id 0A/49-07120-36E6AF65; Tue, 29 Mar 2016 12:00:35 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-4.tower-21.messagelabs.com!1459252833!6345864!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 45983 invoked from network); 29 Mar 2016 12:00:34 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-4.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 29 Mar 2016 12:00:34 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksJq-0005u3-Tl; Tue, 29 Mar 2016 12:00:22 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1aksJq-0004UH-Qn; Tue, 29 Mar 2016 12:00:22 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 29 Mar 2016 12:00:22 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-3158,CVE-2016-3159 / XSA-172 version 3 broken AMD FPU FIP/FDP/FOP leak workaround UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= There is a workaround in Xen to deal with the fact that AMD CPUs don't load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases. This is because writes to the hardware FSW.ES bit, which the current workaround is based on, are ignored; instead, the CPU calculates FSW.ES from the pending exception and exception mask bits. Xen therefore needs to do the same. Note that part of said workaround was the subject of XSA-52. This can leak register contents from one guest to another. The registers in question are the FPU instruction and data pointers and opcode. IMPACT ====== A malicious domain is able to obtain address space usage and timing information, about another domain, at a fairly low rate. The leaked address information might be used to help defeat address space randomisation in order to enable another attack. The leaked address and timing information forms a low-bandwidth covert channel which might be used to gain information about the operation of a target guest. The affected FPU facility would not normally be used by cryptographic operations, as it does not provide cryptographically-relevant SIMD functions. It appears to us very unlikely that the leak might directly compromise sensitive information such as cryptographic keys, although (without knowledge of the guest software) this cannot be ruled out. (This is notwithstanding the contrary statement in `Impact' in XSA-52.) VULNERABLE SYSTEMS ================== Xen versions 4.0 and onwards are vulnerable. Any kind of guest can exploit the vulnerability. The vulnerability is exposed only on AMD x86 systems. Intel and ARM systems do not expose this vulnerability. Both PV and HVM guests are affected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On Xen versions 4.3 and earlier, turning off XSAVE support via the "no-xsave" hypervisor command line option will avoid the vulnerability. On Xen versions 4.4 and onwards there is no other known mitigation. CREDITS ======= This issue was discovered by Jan Beulich from SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa172.patch xen-unstable, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x xsa172-4.3.patch Xen 4.3.x $ sha256sum xsa172* f18282fcb794b8772bc3af51d56860050071bd62a5a909b8f2fc2018e2958154 xsa172.patch 6aac179620afcdbdab041163239019bc35b0e243f3bd16673caaec7d5a4d97ec xsa172-4.3.patch $ NOTE REGARDING CVE ================== CVE-2016-3158 is for the code change which is required for all versions (but which is sufficient only on Xen 4.3.x, and insufficient on later versions). Ie for the second hunk in xsa172.patch (the only hunk in xsa172-4.3.patch), which patches the function xrstor. CVE-2016-3159 is for the code change which is applicable for later versions only, but which must always be combined with the code change for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which patches the function fpu_fxrstor. DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH or the TRUSTED KERNEL MITIGATION (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the "no-xsave" MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because such a host configuration change would be guest-visible which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJW9BUjAAoJEIP+FMlX6CvZh0sH/RMRw5mKOjz4IPUFVlxXvJYr 4BYbJyitDX6uX6Hdp8XosqrMfTqpDWNYzTPS4UMOmSZq0JSSSeRDB5esM3otQSzl Vnq8toyl2IeDZAZ7KhLTOUGF1libSGyE32MCLP32XOwbAaWRD01ld71M4P2+Cmuz JFqgfRQxgqzcrfZP74CqfbAdU9sxIq5Py6BHBdSOlKuZMF7RPZbIpy2KwdAmIUZJ IXnwlWvXvg5Uq3RfzRPJ10EaaQhIajgSxGGOViVXEVObY48jbcXFB3xTTT49CMB2 GqNK+CjUTVvfTFe2jFYu1Uscwot85tgsu09zui3Jleml1dhs6eIM4vKcLG96g1E= =ojN8 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa172.patch" Content-Disposition: attachment; filename="xsa172.patch" Content-Transfer-Encoding: base64 eDg2OiBmaXggaW5mb3JtYXRpb24gbGVhayBvbiBBTUQgQ1BVcwoKVGhlIGZp eCBmb3IgWFNBLTUyIHdhcyB3cm9uZywgYW5kIHNvIHdhcyB0aGUgY2hhbmdl IHN5bmNocm9uaXppbmcgdGhhdApuZXcgYmVoYXZpb3IgdG8gdGhlIEZYUlNU T1IgbG9naWM6IEFNRCdzIG1hbnVhbHMgZXhwbGljdGx5IHN0YXRlIHRoYXQK d3JpdGVzIHRvIHRoZSBFUyBiaXQgYXJlIGlnbm9yZWQsIGFuZCBpdCBpbnN0 ZWFkIGdldHMgY2FsY3VsYXRlZCBmcm9tCnRoZSBleGNlcHRpb24gYW5kIG1h c2sgYml0cyAoaXQgZ2V0cyBzZXQgd2hlbmV2ZXIgdGhlcmUgaXMgYW4gdW5t YXNrZWQKZXhjZXB0aW9uLCBhbmQgY2xlYXJlZCBvdGhlcndpc2UpLiBIZW5j ZSB3ZSBuZWVkIHRvIGZvbGxvdyB0aGF0IG1vZGVsCmluIG91ciB3b3JrYXJv dW5kLgoKVGhpcyBpcyBYU0EtMTcyLgoKVGhlIGZpcnN0IGh1bmsgKHhlbi9h cmNoL3g4Ni9pMzg3LmM6ZnB1X2Z4cnN0b3IpIGlzIENWRS0yMDE2LTMxNTku ClRoZSBzZWNvbmQgaHVuayAoeGVuL2FyY2gveDg2L3hzdGF0ZS5jOnhyc3Rv cikgaXMgQ1ZFLTIwMTYtMzE1OC4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBD b29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4v YXJjaC94ODYvaTM4Ny5jCisrKyBiL3hlbi9hcmNoL3g4Ni9pMzg3LmMKQEAg LTQ5LDcgKzQ5LDcgQEAgc3RhdGljIGlubGluZSB2b2lkIGZwdV9meHJzdG9y KHN0cnVjdCB2YwogICAgICAqIHNvbWV0aW1lcyBuZXcgdXNlciB2YWx1ZS4g Qm90aCBzaG91bGQgYmUgb2suIFVzZSB0aGUgRlBVIHNhdmVkCiAgICAgICog ZGF0YSBibG9jayBhcyBhIHNhZmUgYWRkcmVzcyBiZWNhdXNlIGl0IHNob3Vs ZCBiZSBpbiBMMS4KICAgICAgKi8KLSAgICBpZiAoICEoZnB1X2N0eHQtPmZz dyAmIDB4MDA4MCkgJiYKKyAgICBpZiAoICEoZnB1X2N0eHQtPmZzdyAmIH5m cHVfY3R4dC0+ZmN3ICYgMHgwMDNmKSAmJgogICAgICAgICAgYm9vdF9jcHVf ZGF0YS54ODZfdmVuZG9yID09IFg4Nl9WRU5ET1JfQU1EICkKICAgICB7CiAg ICAgICAgIGFzbSB2b2xhdGlsZSAoICJmbmNsZXhcblx0IgotLS0gYS94ZW4v YXJjaC94ODYveHN0YXRlLmMKKysrIGIveGVuL2FyY2gveDg2L3hzdGF0ZS5j CkBAIC0zNDQsNyArMzQ0LDcgQEAgdm9pZCB4cnN0b3Ioc3RydWN0IHZjcHUg KnYsIHVpbnQ2NF90IG1hcwogICAgICAqIGRhdGEgYmxvY2sgYXMgYSBzYWZl IGFkZHJlc3MgYmVjYXVzZSBpdCBzaG91bGQgYmUgaW4gTDEuCiAgICAgICov CiAgICAgaWYgKCAobWFzayAmIHB0ci0+eHNhdmVfaGRyLnhzdGF0ZV9idiAm IFhTVEFURV9GUCkgJiYKLSAgICAgICAgICEocHRyLT5mcHVfc3NlLmZzdyAm IDB4MDA4MCkgJiYKKyAgICAgICAgICEocHRyLT5mcHVfc3NlLmZzdyAmIH5w dHItPmZwdV9zc2UuZmN3ICYgMHgwMDNmKSAmJgogICAgICAgICAgYm9vdF9j cHVfZGF0YS54ODZfdmVuZG9yID09IFg4Nl9WRU5ET1JfQU1EICkKICAgICAg ICAgYXNtIHZvbGF0aWxlICggImZuY2xleFxuXHQiICAgICAgICAvKiBjbGVh ciBleGNlcHRpb25zICovCiAgICAgICAgICAgICAgICAgICAgICAgICJmZnJl ZSAlJXN0KDcpXG5cdCIgLyogY2xlYXIgc3RhY2sgdGFnICovCg== --=separator Content-Type: application/octet-stream; name="xsa172-4.3.patch" Content-Disposition: attachment; filename="xsa172-4.3.patch" Content-Transfer-Encoding: base64 eDg2OiBmaXggaW5mb3JtYXRpb24gbGVhayBvbiBBTUQgQ1BVcwoKVGhlIGZp eCBmb3IgWFNBLTUyIHdhcyB3cm9uZywgYW5kIHNvIHdhcyB0aGUgY2hhbmdl IHN5bmNocm9uaXppbmcgdGhhdApuZXcgYmVoYXZpb3IgdG8gdGhlIEZYUlNU T1IgbG9naWM6IEFNRCdzIG1hbnVhbHMgZXhwbGljdGx5IHN0YXRlIHRoYXQK d3JpdGVzIHRvIHRoZSBFUyBiaXQgYXJlIGlnbm9yZWQsIGFuZCBpdCBpbnN0 ZWFkIGdldHMgY2FsY3VsYXRlZCBmcm9tCnRoZSBleGNlcHRpb24gYW5kIG1h c2sgYml0cyAoaXQgZ2V0cyBzZXQgd2hlbmV2ZXIgdGhlcmUgaXMgYW4gdW5t YXNrZWQKZXhjZXB0aW9uLCBhbmQgY2xlYXJlZCBvdGhlcndpc2UpLiBIZW5j ZSB3ZSBuZWVkIHRvIGZvbGxvdyB0aGF0IG1vZGVsCmluIG91ciB3b3JrYXJv dW5kLgoKVGhpcyBpcyBYU0EtMTcyIC8gQ1ZFLTIwMTYtMzE1OC4KClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJp eC5jb20+CgotLS0gYS94ZW4vYXJjaC94ODYveHN0YXRlLmMKKysrIGIveGVu L2FyY2gveDg2L3hzdGF0ZS5jCkBAIC0xNTgsNyArMTU4LDcgQEAgdm9pZCB4 cnN0b3Ioc3RydWN0IHZjcHUgKnYsIHVpbnQ2NF90IG1hcwogICAgICAqIGRh dGEgYmxvY2sgYXMgYSBzYWZlIGFkZHJlc3MgYmVjYXVzZSBpdCBzaG91bGQg YmUgaW4gTDEuCiAgICAgICovCiAgICAgaWYgKCAobWFzayAmIHB0ci0+eHNh dmVfaGRyLnhzdGF0ZV9idiAmIFhTVEFURV9GUCkgJiYKLSAgICAgICAgICEo cHRyLT5mcHVfc3NlLmZzdyAmIDB4MDA4MCkgJiYKKyAgICAgICAgICEocHRy LT5mcHVfc3NlLmZzdyAmIH5wdHItPmZwdV9zc2UuZmN3ICYgMHgwMDNmKSAm JgogICAgICAgICAgYm9vdF9jcHVfZGF0YS54ODZfdmVuZG9yID09IFg4Nl9W RU5ET1JfQU1EICkKICAgICAgICAgYXNtIHZvbGF0aWxlICggImZuY2xleFxu XHQiICAgICAgICAvKiBjbGVhciBleGNlcHRpb25zICovCiAgICAgICAgICAg ICAgICAgICAgICAgICJmZnJlZSAlJXN0KDcpXG5cdCIgLyogY2xlYXIgc3Rh Y2sgdGFnICovCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMu eGVuLm9yZy94ZW4tYW5ub3VuY2U= --=separator-- From xen-announce-bounces@lists.xen.org Tue Mar 29 12:01:47 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 29 Mar 2016 12:01:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksK5-0000H5-1f; Tue, 29 Mar 2016 12:00:37 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksK3-0000Gg-VG; Tue, 29 Mar 2016 12:00:36 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id 0A/49-07120-36E6AF65; Tue, 29 Mar 2016 12:00:35 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-4.tower-21.messagelabs.com!1459252833!6345864!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 45983 invoked from network); 29 Mar 2016 12:00:34 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-4.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 29 Mar 2016 12:00:34 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aksJq-0005u3-Tl; Tue, 29 Mar 2016 12:00:22 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1aksJq-0004UH-Qn; Tue, 29 Mar 2016 12:00:22 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 29 Mar 2016 12:00:22 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-3158,CVE-2016-3159 / XSA-172 version 3 broken AMD FPU FIP/FDP/FOP leak workaround UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= There is a workaround in Xen to deal with the fact that AMD CPUs don't load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases. This is because writes to the hardware FSW.ES bit, which the current workaround is based on, are ignored; instead, the CPU calculates FSW.ES from the pending exception and exception mask bits. Xen therefore needs to do the same. Note that part of said workaround was the subject of XSA-52. This can leak register contents from one guest to another. The registers in question are the FPU instruction and data pointers and opcode. IMPACT ====== A malicious domain is able to obtain address space usage and timing information, about another domain, at a fairly low rate. The leaked address information might be used to help defeat address space randomisation in order to enable another attack. The leaked address and timing information forms a low-bandwidth covert channel which might be used to gain information about the operation of a target guest. The affected FPU facility would not normally be used by cryptographic operations, as it does not provide cryptographically-relevant SIMD functions. It appears to us very unlikely that the leak might directly compromise sensitive information such as cryptographic keys, although (without knowledge of the guest software) this cannot be ruled out. (This is notwithstanding the contrary statement in `Impact' in XSA-52.) VULNERABLE SYSTEMS ================== Xen versions 4.0 and onwards are vulnerable. Any kind of guest can exploit the vulnerability. The vulnerability is exposed only on AMD x86 systems. Intel and ARM systems do not expose this vulnerability. Both PV and HVM guests are affected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On Xen versions 4.3 and earlier, turning off XSAVE support via the "no-xsave" hypervisor command line option will avoid the vulnerability. On Xen versions 4.4 and onwards there is no other known mitigation. CREDITS ======= This issue was discovered by Jan Beulich from SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa172.patch xen-unstable, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x xsa172-4.3.patch Xen 4.3.x $ sha256sum xsa172* f18282fcb794b8772bc3af51d56860050071bd62a5a909b8f2fc2018e2958154 xsa172.patch 6aac179620afcdbdab041163239019bc35b0e243f3bd16673caaec7d5a4d97ec xsa172-4.3.patch $ NOTE REGARDING CVE ================== CVE-2016-3158 is for the code change which is required for all versions (but which is sufficient only on Xen 4.3.x, and insufficient on later versions). Ie for the second hunk in xsa172.patch (the only hunk in xsa172-4.3.patch), which patches the function xrstor. CVE-2016-3159 is for the code change which is applicable for later versions only, but which must always be combined with the code change for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which patches the function fpu_fxrstor. DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH or the TRUSTED KERNEL MITIGATION (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the "no-xsave" MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because such a host configuration change would be guest-visible which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJW9BUjAAoJEIP+FMlX6CvZh0sH/RMRw5mKOjz4IPUFVlxXvJYr 4BYbJyitDX6uX6Hdp8XosqrMfTqpDWNYzTPS4UMOmSZq0JSSSeRDB5esM3otQSzl Vnq8toyl2IeDZAZ7KhLTOUGF1libSGyE32MCLP32XOwbAaWRD01ld71M4P2+Cmuz JFqgfRQxgqzcrfZP74CqfbAdU9sxIq5Py6BHBdSOlKuZMF7RPZbIpy2KwdAmIUZJ IXnwlWvXvg5Uq3RfzRPJ10EaaQhIajgSxGGOViVXEVObY48jbcXFB3xTTT49CMB2 GqNK+CjUTVvfTFe2jFYu1Uscwot85tgsu09zui3Jleml1dhs6eIM4vKcLG96g1E= =ojN8 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa172.patch" Content-Disposition: attachment; filename="xsa172.patch" Content-Transfer-Encoding: base64 eDg2OiBmaXggaW5mb3JtYXRpb24gbGVhayBvbiBBTUQgQ1BVcwoKVGhlIGZp eCBmb3IgWFNBLTUyIHdhcyB3cm9uZywgYW5kIHNvIHdhcyB0aGUgY2hhbmdl IHN5bmNocm9uaXppbmcgdGhhdApuZXcgYmVoYXZpb3IgdG8gdGhlIEZYUlNU T1IgbG9naWM6IEFNRCdzIG1hbnVhbHMgZXhwbGljdGx5IHN0YXRlIHRoYXQK d3JpdGVzIHRvIHRoZSBFUyBiaXQgYXJlIGlnbm9yZWQsIGFuZCBpdCBpbnN0 ZWFkIGdldHMgY2FsY3VsYXRlZCBmcm9tCnRoZSBleGNlcHRpb24gYW5kIG1h c2sgYml0cyAoaXQgZ2V0cyBzZXQgd2hlbmV2ZXIgdGhlcmUgaXMgYW4gdW5t YXNrZWQKZXhjZXB0aW9uLCBhbmQgY2xlYXJlZCBvdGhlcndpc2UpLiBIZW5j ZSB3ZSBuZWVkIHRvIGZvbGxvdyB0aGF0IG1vZGVsCmluIG91ciB3b3JrYXJv dW5kLgoKVGhpcyBpcyBYU0EtMTcyLgoKVGhlIGZpcnN0IGh1bmsgKHhlbi9h cmNoL3g4Ni9pMzg3LmM6ZnB1X2Z4cnN0b3IpIGlzIENWRS0yMDE2LTMxNTku ClRoZSBzZWNvbmQgaHVuayAoeGVuL2FyY2gveDg2L3hzdGF0ZS5jOnhyc3Rv cikgaXMgQ1ZFLTIwMTYtMzE1OC4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBD b29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4v YXJjaC94ODYvaTM4Ny5jCisrKyBiL3hlbi9hcmNoL3g4Ni9pMzg3LmMKQEAg LTQ5LDcgKzQ5LDcgQEAgc3RhdGljIGlubGluZSB2b2lkIGZwdV9meHJzdG9y KHN0cnVjdCB2YwogICAgICAqIHNvbWV0aW1lcyBuZXcgdXNlciB2YWx1ZS4g Qm90aCBzaG91bGQgYmUgb2suIFVzZSB0aGUgRlBVIHNhdmVkCiAgICAgICog ZGF0YSBibG9jayBhcyBhIHNhZmUgYWRkcmVzcyBiZWNhdXNlIGl0IHNob3Vs ZCBiZSBpbiBMMS4KICAgICAgKi8KLSAgICBpZiAoICEoZnB1X2N0eHQtPmZz dyAmIDB4MDA4MCkgJiYKKyAgICBpZiAoICEoZnB1X2N0eHQtPmZzdyAmIH5m cHVfY3R4dC0+ZmN3ICYgMHgwMDNmKSAmJgogICAgICAgICAgYm9vdF9jcHVf ZGF0YS54ODZfdmVuZG9yID09IFg4Nl9WRU5ET1JfQU1EICkKICAgICB7CiAg ICAgICAgIGFzbSB2b2xhdGlsZSAoICJmbmNsZXhcblx0IgotLS0gYS94ZW4v YXJjaC94ODYveHN0YXRlLmMKKysrIGIveGVuL2FyY2gveDg2L3hzdGF0ZS5j CkBAIC0zNDQsNyArMzQ0LDcgQEAgdm9pZCB4cnN0b3Ioc3RydWN0IHZjcHUg KnYsIHVpbnQ2NF90IG1hcwogICAgICAqIGRhdGEgYmxvY2sgYXMgYSBzYWZl IGFkZHJlc3MgYmVjYXVzZSBpdCBzaG91bGQgYmUgaW4gTDEuCiAgICAgICov CiAgICAgaWYgKCAobWFzayAmIHB0ci0+eHNhdmVfaGRyLnhzdGF0ZV9idiAm IFhTVEFURV9GUCkgJiYKLSAgICAgICAgICEocHRyLT5mcHVfc3NlLmZzdyAm IDB4MDA4MCkgJiYKKyAgICAgICAgICEocHRyLT5mcHVfc3NlLmZzdyAmIH5w dHItPmZwdV9zc2UuZmN3ICYgMHgwMDNmKSAmJgogICAgICAgICAgYm9vdF9j cHVfZGF0YS54ODZfdmVuZG9yID09IFg4Nl9WRU5ET1JfQU1EICkKICAgICAg ICAgYXNtIHZvbGF0aWxlICggImZuY2xleFxuXHQiICAgICAgICAvKiBjbGVh ciBleGNlcHRpb25zICovCiAgICAgICAgICAgICAgICAgICAgICAgICJmZnJl ZSAlJXN0KDcpXG5cdCIgLyogY2xlYXIgc3RhY2sgdGFnICovCg== --=separator Content-Type: application/octet-stream; name="xsa172-4.3.patch" Content-Disposition: attachment; filename="xsa172-4.3.patch" Content-Transfer-Encoding: base64 eDg2OiBmaXggaW5mb3JtYXRpb24gbGVhayBvbiBBTUQgQ1BVcwoKVGhlIGZp eCBmb3IgWFNBLTUyIHdhcyB3cm9uZywgYW5kIHNvIHdhcyB0aGUgY2hhbmdl IHN5bmNocm9uaXppbmcgdGhhdApuZXcgYmVoYXZpb3IgdG8gdGhlIEZYUlNU T1IgbG9naWM6IEFNRCdzIG1hbnVhbHMgZXhwbGljdGx5IHN0YXRlIHRoYXQK d3JpdGVzIHRvIHRoZSBFUyBiaXQgYXJlIGlnbm9yZWQsIGFuZCBpdCBpbnN0 ZWFkIGdldHMgY2FsY3VsYXRlZCBmcm9tCnRoZSBleGNlcHRpb24gYW5kIG1h c2sgYml0cyAoaXQgZ2V0cyBzZXQgd2hlbmV2ZXIgdGhlcmUgaXMgYW4gdW5t YXNrZWQKZXhjZXB0aW9uLCBhbmQgY2xlYXJlZCBvdGhlcndpc2UpLiBIZW5j ZSB3ZSBuZWVkIHRvIGZvbGxvdyB0aGF0IG1vZGVsCmluIG91ciB3b3JrYXJv dW5kLgoKVGhpcyBpcyBYU0EtMTcyIC8gQ1ZFLTIwMTYtMzE1OC4KClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJp eC5jb20+CgotLS0gYS94ZW4vYXJjaC94ODYveHN0YXRlLmMKKysrIGIveGVu L2FyY2gveDg2L3hzdGF0ZS5jCkBAIC0xNTgsNyArMTU4LDcgQEAgdm9pZCB4 cnN0b3Ioc3RydWN0IHZjcHUgKnYsIHVpbnQ2NF90IG1hcwogICAgICAqIGRh dGEgYmxvY2sgYXMgYSBzYWZlIGFkZHJlc3MgYmVjYXVzZSBpdCBzaG91bGQg YmUgaW4gTDEuCiAgICAgICovCiAgICAgaWYgKCAobWFzayAmIHB0ci0+eHNh dmVfaGRyLnhzdGF0ZV9idiAmIFhTVEFURV9GUCkgJiYKLSAgICAgICAgICEo cHRyLT5mcHVfc3NlLmZzdyAmIDB4MDA4MCkgJiYKKyAgICAgICAgICEocHRy LT5mcHVfc3NlLmZzdyAmIH5wdHItPmZwdV9zc2UuZmN3ICYgMHgwMDNmKSAm JgogICAgICAgICAgYm9vdF9jcHVfZGF0YS54ODZfdmVuZG9yID09IFg4Nl9W RU5ET1JfQU1EICkKICAgICAgICAgYXNtIHZvbGF0aWxlICggImZuY2xleFxu XHQiICAgICAgICAvKiBjbGVhciBleGNlcHRpb25zICovCiAgICAgICAgICAg ICAgICAgICAgICAgICJmZnJlZSAlJXN0KDcpXG5cdCIgLyogY2xlYXIgc3Rh Y2sgdGFnICovCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMu eGVuLm9yZy94ZW4tYW5ub3VuY2U= --=separator-- From xen-announce-bounces@lists.xen.org Wed Mar 30 13:16:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 30 Mar 2016 13:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFxR-0002jl-AV; Wed, 30 Mar 2016 13:14:49 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFx0-0002ip-C1 for xen-announce@lists.xenproject.org; Wed, 30 Mar 2016 13:14:22 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id 79/64-07120-D21DBF65; Wed, 30 Mar 2016 13:14:21 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-12.tower-21.messagelabs.com!1459343660!6721322!1 X-Originating-IP: [74.125.82.47] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 43361 invoked from network); 30 Mar 2016 13:14:20 -0000 Received: from mail-wm0-f47.google.com (HELO mail-wm0-f47.google.com) (74.125.82.47) by server-12.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 30 Mar 2016 13:14:20 -0000 Received: by mail-wm0-f47.google.com with SMTP id 127so97166959wmu.1 for ; Wed, 30 Mar 2016 06:14:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-transfer-encoding:subject:date:references:to :message-id:mime-version; bh=KQCgTIdcyBXXccL20B1wC5SE6PgHRvJ0YbVilR/dxW0=; b=Rb3FnhiJVjHY7XpSv+gwSYbUnXM5J2iR2ki0PcJY7Xo0WkUMlxeQiCbldr3gpTINjw SZiBh+YyWq2Azeb/BHt3lhpth4Gx507BC0R0mZ+aQk+lwWkW73g6eS9kQRGMmUTYV8zJ 82BGW0cbcTKnfLd38F6Yr7kqZajw976UEb9vtdFOEM4VyHYb9I3cDx618nD7wXUEkSVb 04zX4dy/KUM7KRrVHdSbPQ4+zdhxXf+7kMK+zLY3y3jYWB4Nl5V1d0HUedwlLpJnRM3x YkjVJ5j9bbKYweni4Phm25HDRmqA0wJ3nMgY0G30MgC1b22bAEccrCk+URnlviRi/NZM dOhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject:date :references:to:message-id:mime-version; bh=KQCgTIdcyBXXccL20B1wC5SE6PgHRvJ0YbVilR/dxW0=; b=iN0xfGENKTv+xa+rmUICD3TpTJfawjyCoDfIogxJyYVszwHWoHgSD4Ngy3U8rfDp0i YSftaDD2P2vtAr+XtVKxN6rXe9/cZJw818cVQ7guQUprxX5DHqUWPZ40nVlGQeYCnaZ+ Fcj3bAgG4J271/gKcDSzEDdoq0l6mGnA06VsEMvBqR9FaF5otcfLqN4MLspZf9RabwlI dCL1gbAaoqvDALE1Hqd0MhZG7vJD1+jxzeDjNrkNHnnLN6ebxN563HQKPrO4FPQnkplP /TmhZSX+iTs4uS0I8E5G+sJLUXtK3XNUR7NNJZdriN1ef8wF9TfQpP1GjMegwIqvK4UR X0Dg== X-Gm-Message-State: AD7BkJKsILsEq8XyPIkXc82hR3F/QrqQ+LWK5fcDaUuklPplDZQposLpsTvp8iSFyn0VwA== X-Received: by 10.194.94.229 with SMTP id df5mr10563301wjb.133.1459343657272; Wed, 30 Mar 2016 06:14:17 -0700 (PDT) Received: from [192.168.0.9] (97e66e35.skybroadband.com. [151.230.110.53]) by smtp.gmail.com with ESMTPSA id t3sm3942560wjz.11.2016.03.30.06.14.14 for (version=TLSv1/SSLv3 cipher=OTHER); Wed, 30 Mar 2016 06:14:15 -0700 (PDT) From: Lars Kurth Date: Wed, 30 Mar 2016 14:14:13 +0100 References: <56FBD3CF02000078000E13FE@prv-mh.provo.novell.com> To: xen-announce Message-Id: <973D31A8-9812-47F3-AC1E-31D77616EE48@gmail.com> Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-Mailman-Approved-At: Wed, 30 Mar 2016 13:14:48 +0000 Subject: [Xen-announce] Xen 4.5.3 released X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" Cgo+IEJlZ2luIGZvcndhcmRlZCBtZXNzYWdlOgo+IAo+IEZyb206ICJKYW4gQmV1bGljaCIgPEpC ZXVsaWNoQHN1c2UuY29tPgo+IFN1YmplY3Q6IFtYZW4tZGV2ZWxdIFhlbiA0LjUuMyByZWxlYXNl ZAo+IERhdGU6IDMwIE1hcmNoIDIwMTYgMTI6MjU6MzUgQlNUCj4gVG86IDx4ZW4tYW5ub3VuY2VA bGlzdHMueGVucHJvamVjdC5vcmc+Cj4gQ2M6IHhlbi1kZXZlbCA8eGVuLWRldmVsQGxpc3RzLnhl bnByb2plY3Qub3JnPgo+IAo+IEFsbCwKPiAKPiBJIGFtIHBsZWFzZWQgdG8gYW5ub3VuY2UgdGhl IHJlbGVhc2Ugb2YgWGVuIDQuNS4zLiBUaGlzIGlzCj4gYXZhaWxhYmxlIGltbWVkaWF0ZWx5IGZy b20gaXRzIGdpdCByZXBvc2l0b3J5Cj4gaHR0cDovL3hlbmJpdHMueGVuLm9yZy9naXR3ZWIvP3A9 eGVuLmdpdDthPXNob3J0bG9nO2g9cmVmcy9oZWFkcy9zdGFibGUtNC41Cj4gKHRhZyBSRUxFQVNF LTQuNS4zKSBvciBmcm9tIHRoZSBYZW5Qcm9qZWN0IGRvd25sb2FkIHBhZ2UKPiBodHRwOi8vd3d3 LnhlbnByb2plY3Qub3JnL2Rvd25sb2Fkcy94ZW4tYXJjaGl2ZXMveGVuLTQ1LXNlcmllcy94ZW4t NDUzLmh0bWwKPiAod2hlcmUgYSBsaXN0IG9mIGNoYW5nZXMgY2FuIGFsc28gYmUgZm91bmQpLgo+ IAo+IFdlIHJlY29tbWVuZCBhbGwgdXNlcnMgb2YgdGhlIDQuNSBzdGFibGUgc2VyaWVzIHRvIHVw ZGF0ZSB0byB0aGlzCj4gbGF0ZXN0IHBvaW50IHJlbGVhc2UuCj4gCj4gUmVnYXJkcywgSmFuCj4g Cj4gCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPiBY ZW4tZGV2ZWwgbWFpbGluZyBsaXN0Cj4gWGVuLWRldmVsQGxpc3RzLnhlbi5vcmcKPiBodHRwOi8v bGlzdHMueGVuLm9yZy94ZW4tZGV2ZWwKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5jZUBs aXN0cy54ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1hbm5vdW5jZQ== From xen-announce-bounces@lists.xen.org Wed Mar 30 13:16:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 30 Mar 2016 13:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFxR-0002ja-2c; Wed, 30 Mar 2016 13:14:49 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aimUP-0000O9-Mw; Wed, 23 Mar 2016 17:22:37 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id C1/1F-07120-AD0D2F65; Wed, 23 Mar 2016 17:22:34 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-4.tower-21.messagelabs.com!1458753753!5542006!1 X-Originating-IP: [74.125.82.47] X-SpamReason: No, hits=0.0 required=7.0 tests=ML_RADAR_SPEW_LINKS_8, spamassassin: X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29139 invoked from network); 23 Mar 2016 17:22:34 -0000 Received: from mail-wm0-f47.google.com (HELO mail-wm0-f47.google.com) (74.125.82.47) by server-4.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 23 Mar 2016 17:22:34 -0000 Received: by mail-wm0-f47.google.com with SMTP id r129so145549121wmr.1; Wed, 23 Mar 2016 10:22:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2SO8jfaM7qvsd3dbDGApQ6DGPUKZ1HURd1mX2RLxVkw=; b=J7LI6Yvno2U5+rKxtOA/Az0Qa7bJrZlehavgAO3lEPeiV68qTpy50MzBUJJauJVRx6 S8ssYrMZui01C4gAnAtGkRpKoFdB/RccK1l7kvOHePXRdAqtQj82CKbNxx4LJKF9marv 0r8r6O4haYujCdMDHzu1kNFmRo5PyNRAqZWz6YXGGGU1/nrQadVBeRZhl4IxUIcD2Gyf snys7mIL0FVgrhcjls9fWfBNJsbHTvsSoBn7NIDnhh7Fvu5SLjmReHDbDAhvsL9oeSN1 hgxPZi71FbjeHaDXxFhLch7aHK1mFcSYUEmytVMwDmWB28a11VYNw3pmtoWi404oLyGw mDjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2SO8jfaM7qvsd3dbDGApQ6DGPUKZ1HURd1mX2RLxVkw=; b=ZTD+7bPQkVmjxkRPuMjogLlY66DGEeBV0qKUd6fznQ6cys2NBupPKmc6+2Zsv8BGLy wtVu3h0Eljm8rrtzxUsDgrqcREppNx6GAAOgW2BwUKbYlLv3kbtg2u9F3u4DV/1MzySM 3w6x6RxVcoPOySBJZrUzKy8ZfP/kZa1XqZaz/4wJWWXRnZL++/8dQZrQeJoQw1MWX/Rx P+vzzNTSBlQTpeZnw56QtSBv7O8siAaCYFTA72daen5fw67LyQU3xREogFrDrtI0VttQ hZZIMwizujkvEdhwdWHiMlki32thP76HxFK1jAq5Oqa9k4w54KKasSpm8o3m3AKKF1jw O+Cg== X-Gm-Message-State: AD7BkJImhV0iiJxFeCKr/7U/ks+g9G8BfO9tT6EpC+QDC+SCp2NwkFgn7hAFwesLCzPpiw== X-Received: by 10.28.99.6 with SMTP id x6mr29239927wmb.46.1458753752741; Wed, 23 Mar 2016 10:22:32 -0700 (PDT) Received: from [192.168.0.9] (97e551ba.skybroadband.com. [151.229.81.186]) by smtp.gmail.com with ESMTPSA id w203sm3915800wmg.14.2016.03.23.10.22.30 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 23 Mar 2016 10:22:30 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: <884EC716-0ED5-4D36-886A-4752AAC6C913@gmail.com> Date: Wed, 23 Mar 2016 17:22:29 +0000 Message-Id: <2A12170B-8614-459D-A835-05AA12212983@gmail.com> References: <884EC716-0ED5-4D36-886A-4752AAC6C913@gmail.com> To: xen-devel , xen-announce X-Mailer: Apple Mail (2.2104) X-Mailman-Approved-At: Wed, 30 Mar 2016 13:14:48 +0000 Cc: Keir Fraser , Ian Campbell , xen-api , Tim Deegan , minios-devel , embedded-pv-devel , mirageos-devel , win-pv-devel Subject: Re: [Xen-announce] Call for nominations for new Hypervisor subproject maintainers and committers X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" SGkgZXZlcnlvbmUsCgpJIGp1c3Qgd2FudGVkIHRvIGxldCB5b3Uga25vdyB0aGF0IHRoaXMgaGFz bid0IGRyb3BwZWQgb2ZmIG15IHJhZGFyLiBXZSBkbyBoYXZlIGEgc2hvcnRsaXN0IG9mIHBlb3Bs ZSBub3csIGFuZCBJIHdpbGwgbmVlZCB0byByZWFjaCBvdXQgdG8gcGVvcGxlIHdobyB3ZXJlIG5v bWluYXRlZCAoYW5kIG1heSBub3Qga25vdyB0aGV5IHdlcmUpLiBIb3dldmVyIGR1ZSB0byBFYXN0 ZXIsIHRoZSB0aW1lLWZyYW1lIG1heSBzbGlwIGJ5IGEgd2Vlay4KCgo+IE9uIDI0IEZlYiAyMDE2 LCBhdCAxODo1MSwgTGFycyBLdXJ0aCA8bGFycy5rdXJ0aC54ZW5AZ21haWwuY29tPiB3cm90ZToK PiAKPiBEZWFyIENvbW11bml0eSBtZW1iZXJzLAo+IAo+IEkgd2FudGVkIHRvIGluZm9ybSB5b3Ug dGhhdCBib3RoIEtlaXIgRnJhc2VyIGFuZCBUaW0gRGVlZ2FuLCBoYXZlIAo+IGZvcm1hbGx5IHN0 ZXBwZWQgZG93biBpbiB0aGVpciByb2xlcyBhcyBjb21taXR0ZXJzIGZyb20gdGhlIEh5cGVydmlz b3IgCj4gdGVhbS4gSW4gYWRkaXRpb24sIHlvdSBtYXkgaGF2ZSBzZWVuIHRoYXQgSWFuIENhbXBi ZWxsIHJlY2VudGx5IAo+IHRyYW5zZmVycmVkIG1haW50YWluZXItc2hpcCBmb3IgbWFueSBjb21w b25lbnRzIHRvIG90aGVyIGNvbW11bml0eSAKPiBtZW1iZXJzIChzZWUgaHR0cDovL2JpdC5seS8x Um5NOEpQKS4gVGhpcyBtZWFucyB0aGF0IElhbiB3aWxsIHRha2UgYSBtdWNoIAo+IGxlc3MgYWN0 aXZlIHJvbGUgd2l0aGluIHRoZSBwcm9qZWN0IGluIHRoZSBmdXR1cmUuIAo+IAo+IEZpcnN0IGFu ZCBmb3JlbW9zdCwgdGhlIHJlbWFpbmluZyBjb21taXR0ZXJzIGFuZCB0aGUgWGVuIFByb2plY3Qg Cj4gQWR2aXNvcnkgQm9hcmQgd291bGQgbGlrZSB0byB0aGFuayBLZWlyLCBUaW0gYW5kIElhbiBm b3Igc2VydmluZyB0aGUKPiBYZW4gUHJvamVjdCBjb21tdW5pdHkgYW5kIHRoZWlyIG1hbnlmb2xk IGFuZCBkaXZlcnNlIGNvbnRyaWJ1dGlvbnMuCj4gCj4gR2l2ZW4sIHRoYXQgYXMgYSBwcm9qZWN0 LCB3ZSBoYXZlIGZvdW5kIGl0IGRpZmZpY3VsdCB0byBwcm9tb3RlIAo+IGNvbnRyaWJ1dG9ycyB0 byBtYWludGFpbmVyIGFuZCBjb21taXR0ZXIgcm9sZXMgaW4gdGhlIHBhc3QsIHRoZSByZW1haW5p bmcgCj4gZ3JvdXAgb2YgY29tbWl0dGVycyBmZWx0IHRoYXQgd2Ugc2hvdWxkIHVzZSBhIG1vcmUg Zm9ybWFsIGFwcG9pbnRtZW50IAo+IHByb2Nlc3MgdG8gc3VjY2Vzc2lvbnMgYW5kIHN1Y2Nlc3Np b24gcGxhbm5pbmcgYW5kIGhhdmUgYXNrZWQgbWUgdG8gCj4gb3JnYW5pc2UgdGhpcyBwcm9jZXNz LiBUYWtpbmcgYSBsb25nZXIgdGVybSB2aWV3LCB0aGUgY29tbWl0dGVycyBhbHNvIAo+IGZlbHQg dGhhdCB3ZSBzaG91bGQgbm90IHJlc3RyaWN0IHRoZSBhcHBvaW50bWVudCBwcm9jZXNzIHRvIHJl cGxhY2luZwo+IGNvbW1pdHRlciBwb3NpdGlvbnMgb25seSwgYnV0IHRvIGNvbnNpZGVyIGFkZGl0 aW9uYWwgY29tbWl0dGVyIHBvc2l0aW9ucyAKPiBiYXNlZCBvbiBtZXJpdCBhbmQgdG8gYWxzbyBp bmNsdWRlIG5ldyBtYWludGFpbmVyIG5vbWluYXRpb25zLgo+IAo+IFRodXMsIHRvIGZpbGwgdGhl c2UgcG9zaXRpb25zLCB3ZSBhcmUgc29saWNpdGluZyBub21pbmF0aW9ucy4gVG8gbm9taW5hdGUK PiB5b3Vyc2VsZiBvciBzb21lb25lIGVsc2Ugd2l0aGluIHRoZSBjb21tdW5pdHksIHBsZWFzZSBz ZW5kIGUtbWFpbCB0byAKPiBhcHBvaW50bWVudHNAeGVucHJvamVjdC5vcmcgd2l0aCBvbmUgb2Yg dGhlIGZvbGxvd2luZyBzdWJqZWN0IGxpbmVzOiAKPiAtICJNYWludGFpbmVyIE5vbWluYXRpb24g b2YgW25hbWVdIgo+IC0gIkNvbW1pdHRlciBOb21pbmF0aW9uIG9mIFtuYW1lXSIKPiAKPiBOb21p bmVlcyB3aWxsIG9mIGNvdXJzZSBiZSBhc2tlZCwgcHJpdmF0ZWx5LCB3aGV0aGVyIHRoZXkgd291 bGQgYmUgCj4gd2lsbGluZyB0byBzZXJ2ZSwgaWYgdGhleSBoYXZlIGJlZW4gbm9taW5hdGVkIGJ5 IHNvbWVvbmUgZWxzZS4KPiAKPiBQbGVhc2UgcHJvdmlkZSBjb250YWN0IGRldGFpbHMgKGF0IGxl YXN0IHRoZSBmdWxsIG5hbWUgYW5kIGUtbWFpbCBhZGRyZXNzIAo+IG9mIG5vbWluZWUpIGluIHRo ZSBib2R5IG9mIHRoZSBlLW1haWwgYW5kIGRlc2NyaWJlIHdoeSB0aGUgbm9taW5lZSB3b3VsZCAK PiBiZSBhIGdvb2QgZml0IGEgbWFpbnRhaW5lciBhbmQvb3IgY29tbWl0dGVyLiBUaGUgYm9keSBv ZiB0aGUgbm9taW5hdGlvbiAKPiBzaG91bGQgbGlzdCB0ZWNobmljYWwga25vd2xlZGdlIHRoYXQg aXMgbmVlZGVkIHRvIGJlIGEgbWFpbnRhaW5lciBhbmQvb3IgCj4gY29tbWl0dGVyIGFuZCBoaWdo bGlnaHQgY29yZSBhcmVhcyBvZiBleHBlcnRpc2UuIEluIGFkZGl0aW9uLCB3ZSBhcmUgYWxzbyAK PiBpbnRlcmVzdGVkIGluIHNwZWNpZmljIGluc3RhbmNlcywgd2hlcmUgdGhlIG5vbWluZWUgc2hv d2VkIGNvbW11bmljYXRpb24gCj4gYW5kIG9wZW4gc291cmNlIGxlYWRlcnNoaXAgcXVhbGl0aWVz LiAKPiAKPiBGb3IgZXhhbXBsZToKPiAqIFdhcyBhYmxlIHRvIGhlbHAgcmVzb2x2ZSBkaXNhZ3Jl ZW1lbnRzLCBib3RoIHRlY2huaWNhbCBhbmQgbm9uLQo+ICB0ZWNobmljYWwsIHdoaWNoIHlvdSB3 ZXJlIGEgcGFydHkgdG8gb3Igb2JzZXJ2ZXIgb2YuCj4gKiBXYXMgYWJsZSB0byBjb250cmlidXRl IHRvIGltcHJvdmUgcXVhbGl0eSBhbmQgYXJjaGl0ZWN0dXJhbCBjb25zaXN0ZW5jeSAKPiAgYWNy b3NzIHNldmVyYWwgY29tcG9uZW50cyB3aXRoaW4gdGhlIEh5cGVydmlzb3IKPiAqIEhhcyBiZWVu IGludm9sdmVkIGluIGNvb3JkaW5hdGluZyB0aGUgYWN0aXZpdGllcyBvZiBzZXZlcmFsIGNvbW11 bml0eSAKPiAgbWVtYmVycyAKPiAqIEhhcyBsZWQgb3IgZHJpdmVuIHRlY2huaWNhbCBpbml0aWF0 aXZlcyBvciBsYXJnZXIgc2NhbGUgZmVhdHVyZSAKPiAgZGV2ZWxvcG1lbnQgd2l0aGluIHRoZSBj b21tdW5pdHkgCj4gKiBIYXMgbWVudG9yZWQgYW5kIGVuY291cmFnZWQgbmV3Y29tZXJzIHRvIHRo ZSBjb21tdW5pdHkKPiAqIEhhcyByZXByZXNlbnRlZCB0aGUgcHJvamVjdCBvciBhc3BlY3RzIG9m IGl0IChlLmcuIHZpYSB0YWxrcywgYmxvZyAKPiAgcG9zdHMsIC4uLikKPiAqIEhhcyBzaG93biBv dGhlciBjb21tdW5pY2F0aW9uIGFuZCBvcGVuIHNvdXJjZSBsZWFkZXJzaGlwIHF1YWxpdGllcwo+ IAo+IEJlaW5nIGEgbWFpbnRhaW5lciBhbmQvb3IgY29tbWl0dGVyIGRvZXMgcmVxdWlyZSBhIHRp bWUgY29tbWl0bWVudC4gCj4gTm9taW5lZXMgc2hvdWxkIGJlIGFibGUgdG8gZm9sbG93IGUtbWFp bCBkaXNjdXNzaW9ucyBvbiB4ZW4tZGV2ZWxAIG9uIGFuIAo+IG9uZ29pbmcgYmFzaXMgYW5kIHJl c3BvbmQgd2l0aGluIGEgY291cGxlIG9mIGRheXMgc28gdGhhdCBkaXNjdXNzaW9ucyAKPiBwcm9n cmVzcy4gQ29tbWl0dGVycyBzaG91bGQgaWRlYWxseSBiZSBhYmxlIHRvIHNwZW5kIGEgbWluaW11 bSBvZiA0LTUgCj4gZGF5cyB3b3JraW5nIG9uIHRoZSBwcm9qZWN0IHBlciBtb250aC4gRm9yIG1h aW50YWluZXJzLCB0aGUgdGltZSAKPiByZXF1aXJlbWVudCBpcyBsaWtlbHkgbGVzcy4gCj4gCj4g V2UgYW50aWNpcGF0ZSBzdGFydGluZyBvdXIgc2VsZWN0aW9uIHByb2Nlc3MgYWNjb3JkaW5nIHRv IHRoZSBmb2xsb3dpbmcgCj4gcm91Z2ggdGltZS10YWJsZS4gCj4gCj4gVG9kYXk6ICAgIFB1Ymxp YyBjYWxsIGZvciBub21pbmF0aW9ucyBmb3IgbmV3IGNvbW1pdHRlcnMgYW5kIG1haW50YWluZXJz IAo+ICAgICAgICAgIChzZWxmLW5vbWluYXRpb25zIGFuZCAzcmQtcGFydHkgbm9taW5hdGlvbnMg Ym90aCB3ZWxjb21lKQo+IAo+IE1hcmNoIDExOiBDbG9zaW5nIGRhdGUgZm9yIG5vbWluYXRpb25z Cj4gCgpXZSBhcmUgaGVyZSBhbmQgbm93IGhhdmUgYSBzaG9ydC1saXN0LiAKCj4gdXAgdG8KPiBN YXJjaCAzMDogV2UgZW1haWwgbm9uLXNlbGYtbm9taW5hdGVkIG5vbWluZWVzIGluIHByaXZhdGUg dG8gYXNrIHRoZW0gCj4gICAgICAgICAgdG8gY29uZmlybSB3aGV0aGVyIHRoZXkgYXJlIHdpbGxp bmcgdG8gYWN0IGFzIG5vbWluZWVzLiAKPiAgICAgICAgICBXZSB3aWxsIGFsc28gZGlzY3VzcyB3 aXRoIGFsbCBub21pbmVlcywgdGltZSBjb21taXRtZW50IGFuZCAKPiAgICAgICAgICBvdGhlciBw b3NzaWJsZSBxdWVzdGlvbnMgKGZyb20gYm90aCBub21pbmVlcyBhbmQgZXhpc3RpbmcKPiAgICAg ICAgICBjb21taXR0ZXJzKSwgcmVsYXRlZCB0byB0aGUgcHJvcG9zZWQgbm9taW5hdGlvbnMuCgpJ IHdpbGwgc3RhcnQgdGhpcyBhZnRlciBFYXN0ZXIgTW9uZGF5LgoKPiBNYXJjaCAzMDogV2UgY29u ZHVjdCBhIGZvcm1hbCB2b3RlIHRvIHJhdGlmeSBub21pbmF0aW9ucwo+IAo+IEFwcmlsIDY6ICBX ZSBwdWJsaXNoIHRoZSBuZXcgbWFpbnRhaW5lcnMgYW5kIGNvbW1pdHRlcnMKPiAgICAgICAgICAo d2UgbWF5IGRvIHRoaXMgZWFybGllcikKCkkgZXhwZWN0IHRoYXQgdGhpcyB3aWxsIHNsaXAgYnkg YSB3ZWVrLCBhcyBzb21lIHBlb3BsZSB3aWxsIGJlIG9uIHZhY2F0aW9uIGR1ZSB0byBFYXN0ZXIu CgpCZXN0IFJlZ2FyZHMKTGFycwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5jZUBsaXN0cy54 ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1hbm5vdW5jZQ== From xen-announce-bounces@lists.xen.org Wed Mar 30 13:16:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 30 Mar 2016 13:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFxR-0002jl-AV; Wed, 30 Mar 2016 13:14:49 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFx0-0002ip-C1 for xen-announce@lists.xenproject.org; Wed, 30 Mar 2016 13:14:22 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id 79/64-07120-D21DBF65; Wed, 30 Mar 2016 13:14:21 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-12.tower-21.messagelabs.com!1459343660!6721322!1 X-Originating-IP: [74.125.82.47] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 43361 invoked from network); 30 Mar 2016 13:14:20 -0000 Received: from mail-wm0-f47.google.com (HELO mail-wm0-f47.google.com) (74.125.82.47) by server-12.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 30 Mar 2016 13:14:20 -0000 Received: by mail-wm0-f47.google.com with SMTP id 127so97166959wmu.1 for ; Wed, 30 Mar 2016 06:14:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-transfer-encoding:subject:date:references:to :message-id:mime-version; bh=KQCgTIdcyBXXccL20B1wC5SE6PgHRvJ0YbVilR/dxW0=; b=Rb3FnhiJVjHY7XpSv+gwSYbUnXM5J2iR2ki0PcJY7Xo0WkUMlxeQiCbldr3gpTINjw SZiBh+YyWq2Azeb/BHt3lhpth4Gx507BC0R0mZ+aQk+lwWkW73g6eS9kQRGMmUTYV8zJ 82BGW0cbcTKnfLd38F6Yr7kqZajw976UEb9vtdFOEM4VyHYb9I3cDx618nD7wXUEkSVb 04zX4dy/KUM7KRrVHdSbPQ4+zdhxXf+7kMK+zLY3y3jYWB4Nl5V1d0HUedwlLpJnRM3x YkjVJ5j9bbKYweni4Phm25HDRmqA0wJ3nMgY0G30MgC1b22bAEccrCk+URnlviRi/NZM dOhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject:date :references:to:message-id:mime-version; bh=KQCgTIdcyBXXccL20B1wC5SE6PgHRvJ0YbVilR/dxW0=; b=iN0xfGENKTv+xa+rmUICD3TpTJfawjyCoDfIogxJyYVszwHWoHgSD4Ngy3U8rfDp0i YSftaDD2P2vtAr+XtVKxN6rXe9/cZJw818cVQ7guQUprxX5DHqUWPZ40nVlGQeYCnaZ+ Fcj3bAgG4J271/gKcDSzEDdoq0l6mGnA06VsEMvBqR9FaF5otcfLqN4MLspZf9RabwlI dCL1gbAaoqvDALE1Hqd0MhZG7vJD1+jxzeDjNrkNHnnLN6ebxN563HQKPrO4FPQnkplP /TmhZSX+iTs4uS0I8E5G+sJLUXtK3XNUR7NNJZdriN1ef8wF9TfQpP1GjMegwIqvK4UR X0Dg== X-Gm-Message-State: AD7BkJKsILsEq8XyPIkXc82hR3F/QrqQ+LWK5fcDaUuklPplDZQposLpsTvp8iSFyn0VwA== X-Received: by 10.194.94.229 with SMTP id df5mr10563301wjb.133.1459343657272; Wed, 30 Mar 2016 06:14:17 -0700 (PDT) Received: from [192.168.0.9] (97e66e35.skybroadband.com. [151.230.110.53]) by smtp.gmail.com with ESMTPSA id t3sm3942560wjz.11.2016.03.30.06.14.14 for (version=TLSv1/SSLv3 cipher=OTHER); Wed, 30 Mar 2016 06:14:15 -0700 (PDT) From: Lars Kurth Date: Wed, 30 Mar 2016 14:14:13 +0100 References: <56FBD3CF02000078000E13FE@prv-mh.provo.novell.com> To: xen-announce Message-Id: <973D31A8-9812-47F3-AC1E-31D77616EE48@gmail.com> Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-Mailman-Approved-At: Wed, 30 Mar 2016 13:14:48 +0000 Subject: [Xen-announce] Xen 4.5.3 released X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" Cgo+IEJlZ2luIGZvcndhcmRlZCBtZXNzYWdlOgo+IAo+IEZyb206ICJKYW4gQmV1bGljaCIgPEpC ZXVsaWNoQHN1c2UuY29tPgo+IFN1YmplY3Q6IFtYZW4tZGV2ZWxdIFhlbiA0LjUuMyByZWxlYXNl ZAo+IERhdGU6IDMwIE1hcmNoIDIwMTYgMTI6MjU6MzUgQlNUCj4gVG86IDx4ZW4tYW5ub3VuY2VA bGlzdHMueGVucHJvamVjdC5vcmc+Cj4gQ2M6IHhlbi1kZXZlbCA8eGVuLWRldmVsQGxpc3RzLnhl bnByb2plY3Qub3JnPgo+IAo+IEFsbCwKPiAKPiBJIGFtIHBsZWFzZWQgdG8gYW5ub3VuY2UgdGhl IHJlbGVhc2Ugb2YgWGVuIDQuNS4zLiBUaGlzIGlzCj4gYXZhaWxhYmxlIGltbWVkaWF0ZWx5IGZy b20gaXRzIGdpdCByZXBvc2l0b3J5Cj4gaHR0cDovL3hlbmJpdHMueGVuLm9yZy9naXR3ZWIvP3A9 eGVuLmdpdDthPXNob3J0bG9nO2g9cmVmcy9oZWFkcy9zdGFibGUtNC41Cj4gKHRhZyBSRUxFQVNF LTQuNS4zKSBvciBmcm9tIHRoZSBYZW5Qcm9qZWN0IGRvd25sb2FkIHBhZ2UKPiBodHRwOi8vd3d3 LnhlbnByb2plY3Qub3JnL2Rvd25sb2Fkcy94ZW4tYXJjaGl2ZXMveGVuLTQ1LXNlcmllcy94ZW4t NDUzLmh0bWwKPiAod2hlcmUgYSBsaXN0IG9mIGNoYW5nZXMgY2FuIGFsc28gYmUgZm91bmQpLgo+ IAo+IFdlIHJlY29tbWVuZCBhbGwgdXNlcnMgb2YgdGhlIDQuNSBzdGFibGUgc2VyaWVzIHRvIHVw ZGF0ZSB0byB0aGlzCj4gbGF0ZXN0IHBvaW50IHJlbGVhc2UuCj4gCj4gUmVnYXJkcywgSmFuCj4g Cj4gCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPiBY ZW4tZGV2ZWwgbWFpbGluZyBsaXN0Cj4gWGVuLWRldmVsQGxpc3RzLnhlbi5vcmcKPiBodHRwOi8v bGlzdHMueGVuLm9yZy94ZW4tZGV2ZWwKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5jZUBs aXN0cy54ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1hbm5vdW5jZQ== From xen-announce-bounces@lists.xen.org Wed Mar 30 13:16:06 2016 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 30 Mar 2016 13:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1alFxR-0002ja-2c; Wed, 30 Mar 2016 13:14:49 +0000 Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aimUP-0000O9-Mw; Wed, 23 Mar 2016 17:22:37 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id C1/1F-07120-AD0D2F65; Wed, 23 Mar 2016 17:22:34 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-4.tower-21.messagelabs.com!1458753753!5542006!1 X-Originating-IP: [74.125.82.47] X-SpamReason: No, hits=0.0 required=7.0 tests=ML_RADAR_SPEW_LINKS_8, spamassassin: X-StarScan-Received: X-StarScan-Version: 8.11; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29139 invoked from network); 23 Mar 2016 17:22:34 -0000 Received: from mail-wm0-f47.google.com (HELO mail-wm0-f47.google.com) (74.125.82.47) by server-4.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 23 Mar 2016 17:22:34 -0000 Received: by mail-wm0-f47.google.com with SMTP id r129so145549121wmr.1; Wed, 23 Mar 2016 10:22:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2SO8jfaM7qvsd3dbDGApQ6DGPUKZ1HURd1mX2RLxVkw=; b=J7LI6Yvno2U5+rKxtOA/Az0Qa7bJrZlehavgAO3lEPeiV68qTpy50MzBUJJauJVRx6 S8ssYrMZui01C4gAnAtGkRpKoFdB/RccK1l7kvOHePXRdAqtQj82CKbNxx4LJKF9marv 0r8r6O4haYujCdMDHzu1kNFmRo5PyNRAqZWz6YXGGGU1/nrQadVBeRZhl4IxUIcD2Gyf snys7mIL0FVgrhcjls9fWfBNJsbHTvsSoBn7NIDnhh7Fvu5SLjmReHDbDAhvsL9oeSN1 hgxPZi71FbjeHaDXxFhLch7aHK1mFcSYUEmytVMwDmWB28a11VYNw3pmtoWi404oLyGw mDjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2SO8jfaM7qvsd3dbDGApQ6DGPUKZ1HURd1mX2RLxVkw=; b=ZTD+7bPQkVmjxkRPuMjogLlY66DGEeBV0qKUd6fznQ6cys2NBupPKmc6+2Zsv8BGLy wtVu3h0Eljm8rrtzxUsDgrqcREppNx6GAAOgW2BwUKbYlLv3kbtg2u9F3u4DV/1MzySM 3w6x6RxVcoPOySBJZrUzKy8ZfP/kZa1XqZaz/4wJWWXRnZL++/8dQZrQeJoQw1MWX/Rx P+vzzNTSBlQTpeZnw56QtSBv7O8siAaCYFTA72daen5fw67LyQU3xREogFrDrtI0VttQ hZZIMwizujkvEdhwdWHiMlki32thP76HxFK1jAq5Oqa9k4w54KKasSpm8o3m3AKKF1jw O+Cg== X-Gm-Message-State: AD7BkJImhV0iiJxFeCKr/7U/ks+g9G8BfO9tT6EpC+QDC+SCp2NwkFgn7hAFwesLCzPpiw== X-Received: by 10.28.99.6 with SMTP id x6mr29239927wmb.46.1458753752741; Wed, 23 Mar 2016 10:22:32 -0700 (PDT) Received: from [192.168.0.9] (97e551ba.skybroadband.com. [151.229.81.186]) by smtp.gmail.com with ESMTPSA id w203sm3915800wmg.14.2016.03.23.10.22.30 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 23 Mar 2016 10:22:30 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: <884EC716-0ED5-4D36-886A-4752AAC6C913@gmail.com> Date: Wed, 23 Mar 2016 17:22:29 +0000 Message-Id: <2A12170B-8614-459D-A835-05AA12212983@gmail.com> References: <884EC716-0ED5-4D36-886A-4752AAC6C913@gmail.com> To: xen-devel , xen-announce X-Mailer: Apple Mail (2.2104) X-Mailman-Approved-At: Wed, 30 Mar 2016 13:14:48 +0000 Cc: Keir Fraser , Ian Campbell , xen-api , Tim Deegan , minios-devel , embedded-pv-devel , mirageos-devel , win-pv-devel Subject: Re: [Xen-announce] Call for nominations for new Hypervisor subproject maintainers and committers X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" SGkgZXZlcnlvbmUsCgpJIGp1c3Qgd2FudGVkIHRvIGxldCB5b3Uga25vdyB0aGF0IHRoaXMgaGFz bid0IGRyb3BwZWQgb2ZmIG15IHJhZGFyLiBXZSBkbyBoYXZlIGEgc2hvcnRsaXN0IG9mIHBlb3Bs ZSBub3csIGFuZCBJIHdpbGwgbmVlZCB0byByZWFjaCBvdXQgdG8gcGVvcGxlIHdobyB3ZXJlIG5v bWluYXRlZCAoYW5kIG1heSBub3Qga25vdyB0aGV5IHdlcmUpLiBIb3dldmVyIGR1ZSB0byBFYXN0 ZXIsIHRoZSB0aW1lLWZyYW1lIG1heSBzbGlwIGJ5IGEgd2Vlay4KCgo+IE9uIDI0IEZlYiAyMDE2 LCBhdCAxODo1MSwgTGFycyBLdXJ0aCA8bGFycy5rdXJ0aC54ZW5AZ21haWwuY29tPiB3cm90ZToK PiAKPiBEZWFyIENvbW11bml0eSBtZW1iZXJzLAo+IAo+IEkgd2FudGVkIHRvIGluZm9ybSB5b3Ug dGhhdCBib3RoIEtlaXIgRnJhc2VyIGFuZCBUaW0gRGVlZ2FuLCBoYXZlIAo+IGZvcm1hbGx5IHN0 ZXBwZWQgZG93biBpbiB0aGVpciByb2xlcyBhcyBjb21taXR0ZXJzIGZyb20gdGhlIEh5cGVydmlz b3IgCj4gdGVhbS4gSW4gYWRkaXRpb24sIHlvdSBtYXkgaGF2ZSBzZWVuIHRoYXQgSWFuIENhbXBi ZWxsIHJlY2VudGx5IAo+IHRyYW5zZmVycmVkIG1haW50YWluZXItc2hpcCBmb3IgbWFueSBjb21w b25lbnRzIHRvIG90aGVyIGNvbW11bml0eSAKPiBtZW1iZXJzIChzZWUgaHR0cDovL2JpdC5seS8x Um5NOEpQKS4gVGhpcyBtZWFucyB0aGF0IElhbiB3aWxsIHRha2UgYSBtdWNoIAo+IGxlc3MgYWN0 aXZlIHJvbGUgd2l0aGluIHRoZSBwcm9qZWN0IGluIHRoZSBmdXR1cmUuIAo+IAo+IEZpcnN0IGFu ZCBmb3JlbW9zdCwgdGhlIHJlbWFpbmluZyBjb21taXR0ZXJzIGFuZCB0aGUgWGVuIFByb2plY3Qg Cj4gQWR2aXNvcnkgQm9hcmQgd291bGQgbGlrZSB0byB0aGFuayBLZWlyLCBUaW0gYW5kIElhbiBm b3Igc2VydmluZyB0aGUKPiBYZW4gUHJvamVjdCBjb21tdW5pdHkgYW5kIHRoZWlyIG1hbnlmb2xk IGFuZCBkaXZlcnNlIGNvbnRyaWJ1dGlvbnMuCj4gCj4gR2l2ZW4sIHRoYXQgYXMgYSBwcm9qZWN0 LCB3ZSBoYXZlIGZvdW5kIGl0IGRpZmZpY3VsdCB0byBwcm9tb3RlIAo+IGNvbnRyaWJ1dG9ycyB0 byBtYWludGFpbmVyIGFuZCBjb21taXR0ZXIgcm9sZXMgaW4gdGhlIHBhc3QsIHRoZSByZW1haW5p bmcgCj4gZ3JvdXAgb2YgY29tbWl0dGVycyBmZWx0IHRoYXQgd2Ugc2hvdWxkIHVzZSBhIG1vcmUg Zm9ybWFsIGFwcG9pbnRtZW50IAo+IHByb2Nlc3MgdG8gc3VjY2Vzc2lvbnMgYW5kIHN1Y2Nlc3Np b24gcGxhbm5pbmcgYW5kIGhhdmUgYXNrZWQgbWUgdG8gCj4gb3JnYW5pc2UgdGhpcyBwcm9jZXNz LiBUYWtpbmcgYSBsb25nZXIgdGVybSB2aWV3LCB0aGUgY29tbWl0dGVycyBhbHNvIAo+IGZlbHQg dGhhdCB3ZSBzaG91bGQgbm90IHJlc3RyaWN0IHRoZSBhcHBvaW50bWVudCBwcm9jZXNzIHRvIHJl cGxhY2luZwo+IGNvbW1pdHRlciBwb3NpdGlvbnMgb25seSwgYnV0IHRvIGNvbnNpZGVyIGFkZGl0 aW9uYWwgY29tbWl0dGVyIHBvc2l0aW9ucyAKPiBiYXNlZCBvbiBtZXJpdCBhbmQgdG8gYWxzbyBp bmNsdWRlIG5ldyBtYWludGFpbmVyIG5vbWluYXRpb25zLgo+IAo+IFRodXMsIHRvIGZpbGwgdGhl c2UgcG9zaXRpb25zLCB3ZSBhcmUgc29saWNpdGluZyBub21pbmF0aW9ucy4gVG8gbm9taW5hdGUK PiB5b3Vyc2VsZiBvciBzb21lb25lIGVsc2Ugd2l0aGluIHRoZSBjb21tdW5pdHksIHBsZWFzZSBz ZW5kIGUtbWFpbCB0byAKPiBhcHBvaW50bWVudHNAeGVucHJvamVjdC5vcmcgd2l0aCBvbmUgb2Yg dGhlIGZvbGxvd2luZyBzdWJqZWN0IGxpbmVzOiAKPiAtICJNYWludGFpbmVyIE5vbWluYXRpb24g b2YgW25hbWVdIgo+IC0gIkNvbW1pdHRlciBOb21pbmF0aW9uIG9mIFtuYW1lXSIKPiAKPiBOb21p bmVlcyB3aWxsIG9mIGNvdXJzZSBiZSBhc2tlZCwgcHJpdmF0ZWx5LCB3aGV0aGVyIHRoZXkgd291 bGQgYmUgCj4gd2lsbGluZyB0byBzZXJ2ZSwgaWYgdGhleSBoYXZlIGJlZW4gbm9taW5hdGVkIGJ5 IHNvbWVvbmUgZWxzZS4KPiAKPiBQbGVhc2UgcHJvdmlkZSBjb250YWN0IGRldGFpbHMgKGF0IGxl YXN0IHRoZSBmdWxsIG5hbWUgYW5kIGUtbWFpbCBhZGRyZXNzIAo+IG9mIG5vbWluZWUpIGluIHRo ZSBib2R5IG9mIHRoZSBlLW1haWwgYW5kIGRlc2NyaWJlIHdoeSB0aGUgbm9taW5lZSB3b3VsZCAK PiBiZSBhIGdvb2QgZml0IGEgbWFpbnRhaW5lciBhbmQvb3IgY29tbWl0dGVyLiBUaGUgYm9keSBv ZiB0aGUgbm9taW5hdGlvbiAKPiBzaG91bGQgbGlzdCB0ZWNobmljYWwga25vd2xlZGdlIHRoYXQg aXMgbmVlZGVkIHRvIGJlIGEgbWFpbnRhaW5lciBhbmQvb3IgCj4gY29tbWl0dGVyIGFuZCBoaWdo bGlnaHQgY29yZSBhcmVhcyBvZiBleHBlcnRpc2UuIEluIGFkZGl0aW9uLCB3ZSBhcmUgYWxzbyAK PiBpbnRlcmVzdGVkIGluIHNwZWNpZmljIGluc3RhbmNlcywgd2hlcmUgdGhlIG5vbWluZWUgc2hv d2VkIGNvbW11bmljYXRpb24gCj4gYW5kIG9wZW4gc291cmNlIGxlYWRlcnNoaXAgcXVhbGl0aWVz LiAKPiAKPiBGb3IgZXhhbXBsZToKPiAqIFdhcyBhYmxlIHRvIGhlbHAgcmVzb2x2ZSBkaXNhZ3Jl ZW1lbnRzLCBib3RoIHRlY2huaWNhbCBhbmQgbm9uLQo+ICB0ZWNobmljYWwsIHdoaWNoIHlvdSB3 ZXJlIGEgcGFydHkgdG8gb3Igb2JzZXJ2ZXIgb2YuCj4gKiBXYXMgYWJsZSB0byBjb250cmlidXRl IHRvIGltcHJvdmUgcXVhbGl0eSBhbmQgYXJjaGl0ZWN0dXJhbCBjb25zaXN0ZW5jeSAKPiAgYWNy b3NzIHNldmVyYWwgY29tcG9uZW50cyB3aXRoaW4gdGhlIEh5cGVydmlzb3IKPiAqIEhhcyBiZWVu IGludm9sdmVkIGluIGNvb3JkaW5hdGluZyB0aGUgYWN0aXZpdGllcyBvZiBzZXZlcmFsIGNvbW11 bml0eSAKPiAgbWVtYmVycyAKPiAqIEhhcyBsZWQgb3IgZHJpdmVuIHRlY2huaWNhbCBpbml0aWF0 aXZlcyBvciBsYXJnZXIgc2NhbGUgZmVhdHVyZSAKPiAgZGV2ZWxvcG1lbnQgd2l0aGluIHRoZSBj b21tdW5pdHkgCj4gKiBIYXMgbWVudG9yZWQgYW5kIGVuY291cmFnZWQgbmV3Y29tZXJzIHRvIHRo ZSBjb21tdW5pdHkKPiAqIEhhcyByZXByZXNlbnRlZCB0aGUgcHJvamVjdCBvciBhc3BlY3RzIG9m IGl0IChlLmcuIHZpYSB0YWxrcywgYmxvZyAKPiAgcG9zdHMsIC4uLikKPiAqIEhhcyBzaG93biBv dGhlciBjb21tdW5pY2F0aW9uIGFuZCBvcGVuIHNvdXJjZSBsZWFkZXJzaGlwIHF1YWxpdGllcwo+ IAo+IEJlaW5nIGEgbWFpbnRhaW5lciBhbmQvb3IgY29tbWl0dGVyIGRvZXMgcmVxdWlyZSBhIHRp bWUgY29tbWl0bWVudC4gCj4gTm9taW5lZXMgc2hvdWxkIGJlIGFibGUgdG8gZm9sbG93IGUtbWFp bCBkaXNjdXNzaW9ucyBvbiB4ZW4tZGV2ZWxAIG9uIGFuIAo+IG9uZ29pbmcgYmFzaXMgYW5kIHJl c3BvbmQgd2l0aGluIGEgY291cGxlIG9mIGRheXMgc28gdGhhdCBkaXNjdXNzaW9ucyAKPiBwcm9n cmVzcy4gQ29tbWl0dGVycyBzaG91bGQgaWRlYWxseSBiZSBhYmxlIHRvIHNwZW5kIGEgbWluaW11 bSBvZiA0LTUgCj4gZGF5cyB3b3JraW5nIG9uIHRoZSBwcm9qZWN0IHBlciBtb250aC4gRm9yIG1h aW50YWluZXJzLCB0aGUgdGltZSAKPiByZXF1aXJlbWVudCBpcyBsaWtlbHkgbGVzcy4gCj4gCj4g V2UgYW50aWNpcGF0ZSBzdGFydGluZyBvdXIgc2VsZWN0aW9uIHByb2Nlc3MgYWNjb3JkaW5nIHRv IHRoZSBmb2xsb3dpbmcgCj4gcm91Z2ggdGltZS10YWJsZS4gCj4gCj4gVG9kYXk6ICAgIFB1Ymxp YyBjYWxsIGZvciBub21pbmF0aW9ucyBmb3IgbmV3IGNvbW1pdHRlcnMgYW5kIG1haW50YWluZXJz IAo+ICAgICAgICAgIChzZWxmLW5vbWluYXRpb25zIGFuZCAzcmQtcGFydHkgbm9taW5hdGlvbnMg Ym90aCB3ZWxjb21lKQo+IAo+IE1hcmNoIDExOiBDbG9zaW5nIGRhdGUgZm9yIG5vbWluYXRpb25z Cj4gCgpXZSBhcmUgaGVyZSBhbmQgbm93IGhhdmUgYSBzaG9ydC1saXN0LiAKCj4gdXAgdG8KPiBN YXJjaCAzMDogV2UgZW1haWwgbm9uLXNlbGYtbm9taW5hdGVkIG5vbWluZWVzIGluIHByaXZhdGUg dG8gYXNrIHRoZW0gCj4gICAgICAgICAgdG8gY29uZmlybSB3aGV0aGVyIHRoZXkgYXJlIHdpbGxp bmcgdG8gYWN0IGFzIG5vbWluZWVzLiAKPiAgICAgICAgICBXZSB3aWxsIGFsc28gZGlzY3VzcyB3 aXRoIGFsbCBub21pbmVlcywgdGltZSBjb21taXRtZW50IGFuZCAKPiAgICAgICAgICBvdGhlciBw b3NzaWJsZSBxdWVzdGlvbnMgKGZyb20gYm90aCBub21pbmVlcyBhbmQgZXhpc3RpbmcKPiAgICAg ICAgICBjb21taXR0ZXJzKSwgcmVsYXRlZCB0byB0aGUgcHJvcG9zZWQgbm9taW5hdGlvbnMuCgpJ IHdpbGwgc3RhcnQgdGhpcyBhZnRlciBFYXN0ZXIgTW9uZGF5LgoKPiBNYXJjaCAzMDogV2UgY29u ZHVjdCBhIGZvcm1hbCB2b3RlIHRvIHJhdGlmeSBub21pbmF0aW9ucwo+IAo+IEFwcmlsIDY6ICBX ZSBwdWJsaXNoIHRoZSBuZXcgbWFpbnRhaW5lcnMgYW5kIGNvbW1pdHRlcnMKPiAgICAgICAgICAo d2UgbWF5IGRvIHRoaXMgZWFybGllcikKCkkgZXhwZWN0IHRoYXQgdGhpcyB3aWxsIHNsaXAgYnkg YSB3ZWVrLCBhcyBzb21lIHBlb3BsZSB3aWxsIGJlIG9uIHZhY2F0aW9uIGR1ZSB0byBFYXN0ZXIu CgpCZXN0IFJlZ2FyZHMKTGFycwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5jZUBsaXN0cy54 ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1hbm5vdW5jZQ==